env: Add option to only ever append environment
Add configuration option which prevents the environment hash table to be
ever cleared and reloaded with different content. This is useful in case
the first environment loaded into the hash table contains e.g. sensitive
content which must not be dropped or reloaded.
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
diff --git a/env/Kconfig b/env/Kconfig
index dcc525d..1cae1ed 100644
--- a/env/Kconfig
+++ b/env/Kconfig
@@ -614,6 +614,15 @@
later by U-Boot code. With CONFIG_OF_CONTROL this is instead
controlled by the value of /config/load-environment.
+config ENV_APPEND
+ bool "Always append the environment with new data"
+ default n
+ help
+ If defined, the environment hash table is only ever appended with new
+ data, but the existing hash table can never be dropped and reloaded
+ with newly imported data. This may be used in combination with static
+ flags to e.g. to protect variables which must not be modified.
+
config ENV_ACCESS_IGNORE_FORCE
bool "Block forced environment operations"
default n
diff --git a/env/env.c b/env/env.c
index 2af2fae..42c7d81 100644
--- a/env/env.c
+++ b/env/env.c
@@ -201,7 +201,9 @@
printf("OK\n");
gd->env_load_prio = prio;
+#if !CONFIG_IS_ENABLED(ENV_APPEND)
return 0;
+#endif
} else if (ret == -ENOMSG) {
/* Handle "bad CRC" case */
if (best_prio == -1)
diff --git a/lib/hashtable.c b/lib/hashtable.c
index 7b6781b..ef834ba 100644
--- a/lib/hashtable.c
+++ b/lib/hashtable.c
@@ -826,6 +826,10 @@
if (nvars)
memcpy(localvars, vars, sizeof(vars[0]) * nvars);
+#if CONFIG_IS_ENABLED(ENV_APPEND)
+ flag |= H_NOCLEAR;
+#endif
+
if ((flag & H_NOCLEAR) == 0 && !nvars) {
/* Destroy old hash table if one exists */
debug("Destroy Hash Table: %p table = %p\n", htab,