What I'm trying to do:
I want to close the u-boot shell access to a normal user. I want that a user if need to change something in env has to modify it directly in the source code of u-boot.
Now I'm starting from sd, and I had previously loaded u-boot with a modified envionment (I added a random string try = XYZ) and I saved it.
Now in u-boot I added
Without undef command I cant build the image.
With this configuration now I when stop u-boot I can still read old values like "try = XYZ". I'm not able to delete or edit previously stored variables.
What is my problem: I don't want to see old variables, because this mean that someone can take my sd change only the environment and load it's new variables. This for example can break the first command executed because u-boot seems to me not to overwrite it's default values if it's already defined.
Someone has a valid method to suggest?
with: "env default -a" i can load default env, but again if I set this as first command to be executed, I can't be sure someone else will change it.
As a sub question I'm also interested to understand if it's possible to authenticate and/or encrypt the environment? (also a yes/no answer is well accepted) (in environment.h I found CONFIG_ENV_AES, but I can't find an explanation about this)
Thanks in advance