This option delays loading of the environment until later, so that only the default environment will be available to U-Boot. This can address the security risk of untrusted data being used during boot. Any time you load untrusted data you expose yourself to a bug in the code. The attacker gets to choose the data so can sometimes carefully craft it to exploit a bug. We try to avoid touching user-controlled data during a verified boot unless strictly necessary. Since the default environment is good enough in this case (or you would just change it), this gets around the problem by just not loading the environment. When CONFIG_DELAY_ENVIRONMENT is defined, it is convenient to have a run-time way of enabling loading of the environment. Add this to the fdt as /config/delay-environment. Note: This patch depends on http://patchwork.ozlabs.org/patch/194342/ Signed-off-by: Doug Anderson <dianders@chromium.org> Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Doug Anderson <dianders@chromium.org>master
parent
eae78c3406
commit
06fd853890
Loading…
Reference in new issue