Re: [PATCH v2] environment: add explicit option to allow searching for environment devices

[Ahmad Fatoum <a.fatoum@pengutronix.de>]

On 5/8/26 12:58 PM, Sascha Hauer wrote:
> Add an explicit Kconfig option to allow searching the environment storage
> path based on the barebox environment partition GUID.
> 
> So far this depended on CONFIG_INSECURE being set, but that's not the whole
> picture. Loading an unsigned environment is inherently insecure, allowing
> to find the partition by partition UUID just adds one point to the top:
> With it we potentially allow loading the environment from external storage
> devices like SD card slots that could be plugged without opening a device.
> 
> So instead of implying that partition UUID is insecure, or no partition UUID
> is secure, just add a specific option to let the user decide on this option.
> 
> The new Kconfig option defaults to the setting of CONFIG_INSECURE. This makes
> sure that users which previously had CONFIG_INSECURE disabled the new option
> doesn't leak in unnoticed on a barebox update. Also it preserves the behaviour
> of in-tree defconfigs which all have CONFIG_INSECURE enabled.
> 
> This also removes the globalvar global.env.autoprobe. It turned out that this
> option doesn't work: The content of that variable is evaluated before the
> default environment is loaded, so we never actually had a chance to set it
> from the environment.
> 
> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

Reviewed-by: Ahmad Fatoum <a.fatoum@pengutronix.de>


> ---
>  .../migration-guides/migration-master.rst          |  7 +++++++
>  common/Kconfig                                     | 14 ++++++++++++++
>  common/environment.c                               | 14 +-------------
>  3 files changed, 22 insertions(+), 13 deletions(-)
> 
> Changes since v1:
> - Change reasoning for the patch
> - remove non functional global.env.autoprobe
> - add note to migration guide
> 
> diff --git a/Documentation/migration-guides/migration-master.rst b/Documentation/migration-guides/migration-master.rst
> index 026dbe8588..b5435f4e0c 100644
> --- a/Documentation/migration-guides/migration-master.rst
> +++ b/Documentation/migration-guides/migration-master.rst
> @@ -1,2 +1,9 @@
>  :orphan:
>  
> +Removal of global.env.autoprobe
> +===============================
> +
> +The global.env.autoprobe variable introduced with v2025.02.0 is removed and
> +now replaced with CONFIG_ENV_HANDLING_AUTOPROBE. It has never worked. If you
> +want to load a barebox environment based on its partition UUID enable
> +CONFIG_ENV_HANDLING_AUTOPROBE.
> \ No newline at end of file
> diff --git a/common/Kconfig b/common/Kconfig
> index cd002865f7..6c190c6c5e 100644
> --- a/common/Kconfig
> +++ b/common/Kconfig
> @@ -979,6 +979,20 @@ config ENV_HANDLING
>  	  A safe use of the mutable environment may be possible if board code only
>  	  mounts it after verifying a JSON Web Token that enables a debug mode.
>  
> +config ENV_HANDLING_AUTOPROBE
> +	depends on ENV_HANDLING
> +	bool "Autoprobe for environment devices"
> +	default CONFIG_INSECURE
> +	help
> +	  There are two ways for specifying where the barebox environment is. The first one
> +	  specifies the path explicitly in the device tree or board code. The other one is
> +	  to automatically search it on block devices which is enabled with this option.
> +	  Here a partition with the barebox environment GUID is searched. If this option
> +	  is enabled and no environment is chosen by device tree or board code then a block
> +	  device containing a partition with the barebox environment GUID is used for the
> +	  environment. A block device barebox has booted from is preferred over other block
> +	  devices.
> +
>  config DEFAULT_ENVIRONMENT
>  	select CRC32
>  	bool
> diff --git a/common/environment.c b/common/environment.c
> index ec14d0629a..9d3607a70e 100644
> --- a/common/environment.c
> +++ b/common/environment.c
> @@ -53,7 +53,6 @@ struct action_data {
>  
>  #define TMPDIR "/.defaultenv"
>  
> -static int global_env_autoprobe = IS_ENABLED(CONFIG_INSECURE);
>  static char *default_environment_path;
>  
>  void default_environment_path_set(const char *path)
> @@ -83,7 +82,7 @@ static struct cdev *default_environment_path_search(void)
>  	struct cdev *env_cdev = NULL;
>  	struct block_device *blk;
>  
> -	if (!IS_ENABLED(CONFIG_BLOCK) || !global_env_autoprobe)
> +	if (!IS_ENABLED(CONFIG_BLOCK) || !IS_ENABLED(CONFIG_ENV_HANDLING_AUTOPROBE))
>  		return NULL;
>  
>  	boot_node = bootsource_of_node_get(NULL);
> @@ -544,14 +543,3 @@ int envfs_load(const char *filename, const char *dir, unsigned flags)
>  
>  	return ret;
>  }
> -
> -#ifdef __BAREBOX__
> -static int register_env_vars(void)
> -{
> -	globalvar_add_simple_bool("env.autoprobe", &global_env_autoprobe);
> -	return 0;
> -}
> -postcore_initcall(register_env_vars);
> -BAREBOX_MAGICVAR(global.env.autoprobe,
> -                 "Automatically probe known block devices for environment");
> -#endif

-- 
Pengutronix e.K.                  |                             |
Steuerwalder Str. 21              | http://www.pengutronix.de/  |
31137 Hildesheim, Germany         | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686  | Fax:   +49-5121-206917-5555 |