From mboxrd@z Thu Jan  1 00:00:00 1970
From: Tim Harvey <tharvey@gateworks.com>
Date: Fri, 26 Mar 2021 11:15:21 -0700
Subject: Locking down U-Boot env with ENV_WRITEABLE_LIST
Message-ID: <CAJ+vNU2LxELscm0s0TvLZTPv9qsip3guCKxLJNuGFsDK3W58_w@mail.gmail.com>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

Greetings,

I'm trying to understand best how to lock down a U-Boot environment
using ENV_WRITEABLE_LIST=y.

My understanding is that I should define all vars that I wish to be
able to be loaded from a FLASH env in CONFIG_ENV_FLAGS_LIST_DEFAULT. I
would think this would be something in Kconfig but it's not so I
wonder if I'm misunderstanding something or if I truly need to patch a
config.h when using this feature.

What is the best way to actively see your static U-Boot env that gets
linked into U-Boot? I can see it with a hexdump but there must be a
better way by looking at an include file?

What is the best way to set the list of vars that you wish to be
allowed to be imported from a FLASH env?

Best regards,

Tim