diff options
| author | Marek Vasut <marex@denx.de> | 2020-07-07 20:51:39 +0200 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2020-07-31 10:13:00 -0400 |
| commit | d045cbacf2529266bb312add023e12c0d400bf67 (patch) | |
| tree | 1ce79c821d8045d76694786bfabb37aaf1bc12ea /env/Kconfig | |
| parent | 47f3b1f243acfe755340753c5d467ba781618fa6 (diff) | |
| download | u-boot-d045cbacf2529266bb312add023e12c0d400bf67.zip u-boot-d045cbacf2529266bb312add023e12c0d400bf67.tar.gz u-boot-d045cbacf2529266bb312add023e12c0d400bf67.tar.bz2 | |
env: Add support for explicit write access list
This option marks any U-Boot variable which does not have explicit 'w'
writeable flag set as read-only. This way the environment can be locked
down and only variables explicitly configured to be writeable can ever
be changed by either 'env import', 'env set' or loading user environment
from environment storage.
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
Diffstat (limited to 'env/Kconfig')
| -rw-r--r-- | env/Kconfig | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/env/Kconfig b/env/Kconfig index 1cae1ed..5d0a8ec 100644 --- a/env/Kconfig +++ b/env/Kconfig @@ -623,6 +623,14 @@ config ENV_APPEND with newly imported data. This may be used in combination with static flags to e.g. to protect variables which must not be modified. +config ENV_WRITEABLE_LIST + bool "Permit write access only to listed variables" + default n + help + If defined, only environment variables which explicitly set the 'w' + writeable flag can be written and modified at runtime. No variables + can be otherwise created, written or imported into the environment. + config ENV_ACCESS_IGNORE_FORCE bool "Block forced environment operations" default n |