env: Add support for explicit write access list This option marks any U-Boot variable which does not have explicit 'w' writeable flag set as read-only. This way the environment can be locked down and only variables explicitly configured to be writeable can ever be changed by either 'env import', 'env set' or loading user environment from environment storage. Signed-off-by: Marek Vasut <marex@denx.de> Reviewed-by: Tom Rini <trini@konsulko.com>

commit: 803549f5706a52c4307451b438dc8780c58cf63a [log] [tgz]
author: Marek Vasut <marex@denx.de> Tue Jul 07 20:51:39 2020 +0200
committer: Tom Rini <trini@konsulko.com> Fri Jul 31 10:13:00 2020 -0400
tree: 1ce79c821d8045d76694786bfabb37aaf1bc12ea
parent: a7b8267c1d3401b307fb5cbec99aa5e2fe14c9a4 [diff]
diff --git a/include/env_flags.h b/include/env_flags.h
index 725841a..313cb8c 100644
--- a/include/env_flags.h
+++ b/include/env_flags.h

@@ -24,6 +24,9 @@
 	env_flags_varaccess_readonly,
 	env_flags_varaccess_writeonce,
 	env_flags_varaccess_changedefault,
+#ifdef CONFIG_ENV_WRITEABLE_LIST
+	env_flags_varaccess_writeable,
+#endif
 	env_flags_varaccess_end
 };
 
@@ -173,6 +176,7 @@
 #define ENV_FLAGS_VARACCESS_PREVENT_CREATE		0x00000010
 #define ENV_FLAGS_VARACCESS_PREVENT_OVERWR		0x00000020
 #define ENV_FLAGS_VARACCESS_PREVENT_NONDEF_OVERWR	0x00000040
-#define ENV_FLAGS_VARACCESS_BIN_MASK			0x00000078
+#define ENV_FLAGS_VARACCESS_WRITEABLE			0x00000080
+#define ENV_FLAGS_VARACCESS_BIN_MASK			0x000000f8
 
 #endif /* __ENV_FLAGS_H__ */
commit	803549f5706a52c4307451b438dc8780c58cf63a	[log] [tgz]
author	Marek Vasut <marex@denx.de>	Tue Jul 07 20:51:39 2020 +0200
committer	Tom Rini <trini@konsulko.com>	Fri Jul 31 10:13:00 2020 -0400
tree	1ce79c821d8045d76694786bfabb37aaf1bc12ea
parent	a7b8267c1d3401b307fb5cbec99aa5e2fe14c9a4 [diff]