FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

u-boot environement writing is always enabled regardless of force_ro value

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

u-boot environement writing is always enabled regardless of force_ro value

Jump to solution
‎09-11-2023 02:18 AM
585 Views
zahir
Contributor I

On my platform, the u-boot environment variables can always be modified. Currently, I'm changing the value of `force_ro` to '1', which sets the permission mode to read-only. This change is reflected in the output of the `lsblk` command. However, even after rebooting my device, I can still write values to my boot partition, and the changes persist.

Here are the results of my test:

$ cat /sys/block/mmcblk0boot1/force_ro
1
$ fw_setenv primary 2
$ fw_printenv primary
2


Here are some details about my platform:

  •  Cross Compiler: Yocto EL40(Kirkstone)
  •  Bootloader: u-boot
  •  U-boot Source: git://github.com/nxp-imx/uboot-imx.git;protocol=https
  •  U-boot Source Branch: lf_v2022.04
  •  `fw_setenv` and `fw_printenv` package version in Yocto: libubootenv_0.3.2

Hardware details:

  •  System Architecture: arm
  •  CPU: armv8
  •  SoC: imx8m

Could anyone suggest a solution to make my boot partition read-only based on the value of `force_ro`?

Labels (3)
Labels
0 Kudos
Reply
1 Solution

Jump to solution
‎09-12-2023 12:21 AM
529 Views
Sanket_Parekh
NXP TechSupport
NXP TechSupport
Hi @zahir,
 
I hope you are doing well.
 
From looking at the source code of libubootenv (source code of fw_printenv & fw_setenv), It seems that the force_ro flag doesn't really protect the boot partition write from fw_setenv. 
 
Please refer to file_write() function in libubootenv/src/uboot_env.c, which will call fileprotect(dev, false) to enable write access(by writing '0' to force_ro) and fileprotect(dev, true) at end to disable write access again.
 
I hope it helps!
 
Could anyone suggest a solution to make my boot partition read-only based on the value of `force_ro`?
If this is truly required then one needs to make changes in the source code of libubootenv.
 
Thanks & Regards,
Sanket Parekh

View solution in original post

Reply
2 Replies

Jump to solution
‎09-12-2023 12:21 AM
530 Views
Sanket_Parekh
NXP TechSupport
NXP TechSupport
Hi @zahir,
 
I hope you are doing well.
 
From looking at the source code of libubootenv (source code of fw_printenv & fw_setenv), It seems that the force_ro flag doesn't really protect the boot partition write from fw_setenv. 
 
Please refer to file_write() function in libubootenv/src/uboot_env.c, which will call fileprotect(dev, false) to enable write access(by writing '0' to force_ro) and fileprotect(dev, true) at end to disable write access again.
 
I hope it helps!
 
Could anyone suggest a solution to make my boot partition read-only based on the value of `force_ro`?
If this is truly required then one needs to make changes in the source code of libubootenv.
 
Thanks & Regards,
Sanket Parekh
Reply

Jump to solution
‎09-12-2023 04:42 AM
503 Views
zahir
Contributor I

@Sanket_Parekh Yes you are right about the libubootenv , which bypasses the force_ro write protection by the mentioned commit. So for my platform, I have to modify the source code 

 

Thanks for your quick replay and valid root cause trace

0 Kudos
Reply