env: Add support for explicit write access list This option marks any U-Boot variable which does not have explicit 'w' writeable flag set as read-only. This way the environment can be locked down and only variables explicitly configured to be writeable can ever be changed by either 'env import', 'env set' or loading user environment from environment storage. Signed-off-by: Marek Vasut <marex@denx.de> Reviewed-by: Tom Rini <trini@konsulko.com>

commit: d045cbacf2529266bb312add023e12c0d400bf67 [log] [tgz]
author: Marek Vasut <marex@denx.de> Tue Jul 07 20:51:39 2020 +0200
committer: Tom Rini <trini@konsulko.com> Fri Jul 31 10:13:00 2020 -0400
tree: 1ce79c821d8045d76694786bfabb37aaf1bc12ea
parent: 47f3b1f243acfe755340753c5d467ba781618fa6 [diff] [blame]
diff --git a/env/Kconfig b/env/Kconfig
index 1cae1ed..5d0a8ec 100644
--- a/env/Kconfig
+++ b/env/Kconfig

@@ -623,6 +623,14 @@
 	  with newly imported data. This may be used in combination with static
 	  flags to e.g. to protect variables which must not be modified.
 
+config ENV_WRITEABLE_LIST
+	bool "Permit write access only to listed variables"
+	default n
+	help
+	  If defined, only environment variables which explicitly set the 'w'
+	  writeable flag can be written and modified at runtime. No variables
+	  can be otherwise created, written or imported into the environment.
+
 config ENV_ACCESS_IGNORE_FORCE
 	bool "Block forced environment operations"
 	default n
commit	d045cbacf2529266bb312add023e12c0d400bf67	[log] [tgz]
author	Marek Vasut <marex@denx.de>	Tue Jul 07 20:51:39 2020 +0200
committer	Tom Rini <trini@konsulko.com>	Fri Jul 31 10:13:00 2020 -0400
tree	1ce79c821d8045d76694786bfabb37aaf1bc12ea
parent	47f3b1f243acfe755340753c5d467ba781618fa6 [diff] [blame]