U-Boot environment management from userspace

Thomaiyar, Richard Marian richard.marian.thomaiyar at linux.intel.com
Thu May 30 01:26:47 AEST 2019


Vernon,

I just started a daemon for the same as i needed it for RestrictionMode 
(provisioning) . At this point of time, the daemon uses the fw_setenv & 
printenv internally, but atleast application will access the same in D-Bus

Regards,

Richard

On 5/29/2019 12:10 AM, Vernon Mauery wrote:
> Reading U-Boot environment variables from userspace is not difficult, 
> but to do it in a standard way, (fw_printenv), it requires a fork and 
> exec. We don't have any permissions problems because reading from the 
> MTD partition is not restricted. It might be nice, however to have 
> these variables exported on D-Bus so that a fork/exec is not 
> necessary, just a property fetch.
>
> But writing is a different story. That requires root privileges. To 
> architect with a separation of privileges mechanism, this should 
> probably be running as a daemon or service that could be spawned via 
> D-Bus or something so that ipmid doesn't need root permission to set a 
> U-Boot variable.
>
> I see a couple of options:
> 1) Shoehorn U-Boot variables into the settings daemon so they just 
> show up as settings. I am not sure on the details of how this would be 
> done, but it might work.
>
> 2) Create yet another daemon that would provide a R/W interface 
> (probably just using the D-Bus properties interface) that would act as 
> a manager of U-Boot environment variables. It might even be able to 
> place an inotify watch to get notified when an external process 
> (fw_setenv) modifies the environment (like from a script or something) 
> so the D-Bus properties could send out a PropertiesChanged notification.
>
> 3) Use a one-shot service that parses the 'instance' to extract a 
> variable name and variable value. Then the variable could be activated 
> by launching ubootenv at foo=bar.service. This would require some fancy 
> parameter encoding to make it all work correctly to avoid string 
> injections.
> Am I the only one that has a need for this or is there a wider 
> audience that would benefit?
>
> Does anyone else already have a solution for this or an opinion on 
> what path might be the best?
>
> --Vernon


More information about the openbmc mailing list