AnsweredAssumed Answered

use only u-boot default environment

Question asked by Giulio Dominutti on Sep 21, 2017
Latest reply on Jan 11, 2018 by Carlos_Musich

What I'm trying to do:

I want to close the u-boot shell access to a normal user. I want that a user if need to change something in env has to modify it directly in the source code of u-boot.

Now I'm starting from sd, and I had previously loaded u-boot with a modified envionment (I added a random string try = XYZ) and I saved it.

Now in u-boot I added

#define CONFIG_ENV_IS_NOWHERE

#undef CONFIG_ENV_IS_IN_MMC

Without undef command I cant build the image.

With this configuration now I when stop u-boot I can still read old values like "try = XYZ". I'm not able to delete or edit previously stored variables.

What is my problem: I don't want to see old variables, because this mean that someone can take my sd change only the environment and load it's new variables. This for example can break the first command executed because u-boot seems to me not to overwrite it's default values if it's already defined.

Someone has a valid method to suggest?

with: "env default -a" i can load default env, but again if I set this as first command to be executed, I can't be sure someone else will change it.

 

As a sub question I'm also interested to understand if it's possible to authenticate and/or encrypt the environment? (also a yes/no answer is well accepted) (in environment.h I found CONFIG_ENV_AES, but  I can't find an explanation about this)

Thanks in advance

Outcomes