U-Boot boot.scr.cmd developer warning

Forums Reference, Evaluation, and Development Boards U-Boot boot.scr.cmd developer warning

Viewing 1 reply thread
  • Author
    Posts
    • #12504
      Carlos Perezcoloradocarlos
      Participant

        The ST meta layers and Octavo SDK’s ship with a boot.scr.cmd with an interesting warning to the developer:

        https://github.com/octavosystems/osd32mp1-build-tools/blob/master/files/ssbl/boot.scr.cmd

        I have reviewed the script and of course it runs correctly from a Yocto dunfell build. The configuration changes don’t make any sense and am ready to disregard the warning. I assume the message is for U-Boot loaders that support multiple boards such as “osd32mp1-red” and “osd32mp1-brk” where the board / target is set dynamically. What is ST asking for us to change?

      • #12514
        Neeraj Kumar Reddy DantuNeeraj Dantu
        Moderator

          Carlos,

          I think the warning is more about security rather than functionality. The features in the script can be used to inject malicious code such as a device tree overlay that should not be applied on a production level product. The suggestion is to use hard coded paths in u-boot bootcmd to setup boot.

          Best,
          Neeraj

      Viewing 1 reply thread
      • You must be logged in to reply to this topic.