From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: Marco Felsch <m.felsch@pengutronix.de>
Cc: barebox@lists.infradead.org, Fabian Pflug <fpg@pengutronix.de>
Subject: Re: [PATCH v2 3/3] environment: allow board code to suppress external env loading
Date: Fri, 12 Dec 2025 10:30:08 +0100 [thread overview]
Message-ID: <428143c4-b65d-4ae3-94e0-3b2746ae0ea0@pengutronix.de> (raw)
In-Reply-To: <20251212092421.qyhrhy5ax7is3cip@pengutronix.de>
Hi,
On 12/12/25 10:24 AM, Marco Felsch wrote:
> Hi Ahmad,
>
> On 25-12-11, Ahmad Fatoum wrote:
>> It can be useful for board code to deny loading an environment without
>> disabling it altogether, e.g. to disable load of the environment when
>> entering a recovery mode. Add a function for that.
>
> out of curiosity, why can't we use the security profile handling for
> this as well? Why is the ext. env handling so special compared to the
> other use-cases which make use of the security profiles?
There was some discussions initially (triggered by Fabian) whether
security policies should just be policies and be usable for configuring
other things as well.
My opinion then and now is that an explicit goal of security policies is
that there are no implicit defaults and that every question you are
asked has actual security implications for you. Other configuration
should remain as before as magic variables.
In the case here, the new option only prevents loading the default
environment initially, but it doesn't preclude loading one manually
later and saving it. This is different than what the security policy
does, which wholesale disables the feature.
Cheers,
Ahmad
>
> Regards,
> Marco
>
>>
>> Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
>> ---
>> common/startup.c | 14 ++++++++++++--
>> include/envfs.h | 5 +++++
>> 2 files changed, 17 insertions(+), 2 deletions(-)
>>
>> diff --git a/common/startup.c b/common/startup.c
>> index b6f8a49bb94b..73cf4a495b9c 100644
>> --- a/common/startup.c
>> +++ b/common/startup.c
>> @@ -85,6 +85,15 @@ static int mount_root(void)
>> fs_initcall(mount_root);
>> #endif
>>
>> +static bool may_autoload_external_env = IS_ENABLED(CONFIG_ENV_HANDLING);
>> +
>> +#ifdef CONFIG_ENV_HANDLING
>> +void autoload_external_env(bool endis)
>> +{
>> + may_autoload_external_env = endis;
>> +}
>> +#endif
>> +
>> static int load_environment(void)
>> {
>> const char *default_environment_path;
>> @@ -99,10 +108,11 @@ static int load_environment(void)
>> ERR_PTR(ret));
>> }
>>
>> - if (IS_ENABLED(CONFIG_ENV_HANDLING))
>> + if (may_autoload_external_env)
>> envfs_load(default_environment_path, "/env", 0);
>> else if (IS_ENABLED(CONFIG_DEFAULT_ENVIRONMENT))
>> - pr_info("external environment support disabled. Using default environment\n");
>> + pr_info("external environment support %s. Using default environment\n",
>> + IS_ENABLED(CONFIG_ENV_HANDLING) ? "disallowed" : "disabled");
>>
>> nvvar_load();
>>
>> diff --git a/include/envfs.h b/include/envfs.h
>> index e21f2b52368a..0c6b2e681515 100644
>> --- a/include/envfs.h
>> +++ b/include/envfs.h
>> @@ -105,6 +105,7 @@ int envfs_load_from_buf(void *buf, int len, const char *dir, unsigned flags);
>> #ifdef CONFIG_ENV_HANDLING
>> void default_environment_path_set(const char *path);
>> const char *default_environment_path_get(void);
>> +void autoload_external_env(bool endis);
>> #else
>> static inline void default_environment_path_set(const char *path)
>> {
>> @@ -114,6 +115,10 @@ static inline const char *default_environment_path_get(void)
>> {
>> return NULL;
>> }
>> +
>> +static inline void autoload_external_env(bool endis)
>> +{
>> +}
>> #endif
>>
>> #ifdef CONFIG_OF_BAREBOX_DRIVERS
>> --
>> 2.47.3
>>
>>
>>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
prev parent reply other threads:[~2025-12-12 9:30 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-11 20:48 [PATCH v2 0/3] " Ahmad Fatoum
2025-12-11 20:48 ` [PATCH v2 1/3] globalvar: suppress nvvar_save when no external environment was loaded Ahmad Fatoum
2025-12-12 9:37 ` Sascha Hauer
2025-12-12 13:25 ` Ahmad Fatoum
2025-12-12 14:04 ` Sascha Hauer
2025-12-11 20:48 ` [PATCH v2 2/3] startup: bump down log message about lack of persistent environment Ahmad Fatoum
2025-12-11 20:48 ` [PATCH v2 3/3] environment: allow board code to suppress external env loading Ahmad Fatoum
2025-12-12 9:24 ` Marco Felsch
2025-12-12 9:30 ` Ahmad Fatoum [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=428143c4-b65d-4ae3-94e0-3b2746ae0ea0@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=fpg@pengutronix.de \
--cc=m.felsch@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox