ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

u-boot environement writing is always enabled regardless of force_ro value

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 
解決済み
ソリューションへジャンプ

u-boot environement writing is always enabled regardless of force_ro value

ソリューションへジャンプ
‎09-11-2023 02:18 AM
605件の閲覧回数
zahir
Contributor I

On my platform, the u-boot environment variables can always be modified. Currently, I'm changing the value of `force_ro` to '1', which sets the permission mode to read-only. This change is reflected in the output of the `lsblk` command. However, even after rebooting my device, I can still write values to my boot partition, and the changes persist.

Here are the results of my test:

$ cat /sys/block/mmcblk0boot1/force_ro
1
$ fw_setenv primary 2
$ fw_printenv primary
2


Here are some details about my platform:

  •  Cross Compiler: Yocto EL40(Kirkstone)
  •  Bootloader: u-boot
  •  U-boot Source: git://github.com/nxp-imx/uboot-imx.git;protocol=https
  •  U-boot Source Branch: lf_v2022.04
  •  `fw_setenv` and `fw_printenv` package version in Yocto: libubootenv_0.3.2

Hardware details:

  •  System Architecture: arm
  •  CPU: armv8
  •  SoC: imx8m

Could anyone suggest a solution to make my boot partition read-only based on the value of `force_ro`?

ラベル(3)
ラベル
0 件の賞賛
返信
1 解決策

ソリューションへジャンプ
‎09-12-2023 12:21 AM
549件の閲覧回数
Sanket_Parekh
NXP TechSupport
NXP TechSupport
Hi @zahir,
 
I hope you are doing well.
 
From looking at the source code of libubootenv (source code of fw_printenv & fw_setenv), It seems that the force_ro flag doesn't really protect the boot partition write from fw_setenv. 
 
Please refer to file_write() function in libubootenv/src/uboot_env.c, which will call fileprotect(dev, false) to enable write access(by writing '0' to force_ro) and fileprotect(dev, true) at end to disable write access again.
 
I hope it helps!
 
Could anyone suggest a solution to make my boot partition read-only based on the value of `force_ro`?
If this is truly required then one needs to make changes in the source code of libubootenv.
 
Thanks & Regards,
Sanket Parekh

元の投稿で解決策を見る

返信
2 返答(返信)

ソリューションへジャンプ
‎09-12-2023 12:21 AM
550件の閲覧回数
Sanket_Parekh
NXP TechSupport
NXP TechSupport
Hi @zahir,
 
I hope you are doing well.
 
From looking at the source code of libubootenv (source code of fw_printenv & fw_setenv), It seems that the force_ro flag doesn't really protect the boot partition write from fw_setenv. 
 
Please refer to file_write() function in libubootenv/src/uboot_env.c, which will call fileprotect(dev, false) to enable write access(by writing '0' to force_ro) and fileprotect(dev, true) at end to disable write access again.
 
I hope it helps!
 
Could anyone suggest a solution to make my boot partition read-only based on the value of `force_ro`?
If this is truly required then one needs to make changes in the source code of libubootenv.
 
Thanks & Regards,
Sanket Parekh
返信

ソリューションへジャンプ
‎09-12-2023 04:42 AM
523件の閲覧回数
zahir
Contributor I

@Sanket_Parekh Yes you are right about the libubootenv , which bypasses the force_ro write protection by the mentioned commit. So for my platform, I have to modify the source code 

 

Thanks for your quick replay and valid root cause trace

0 件の賞賛
返信