On my platform, the u-boot environment variables can always be modified. Currently, I'm changing the value of force_ro
to '1', which sets the permission mode to read-only. This change is reflected in the output of the lsblk
command. However, even after rebooting my device, I can still write values to my boot partition, and the changes persist.
Here are the results of my test:
$ cat /sys/block/mmcblk0boot1/force_ro
1
$ fw_setenv primary 2
$ fw_printenv primary
2
Here are some details about my platform:
fw_setenv
and fw_printenv
package version in Yocto: libubootenv_0.3.2Hardware details:
Could anyone suggest a solution to make my boot partition read-only based on the value of force_ro
?
I checked all the u-boot configuration, attempted multiple tests
This issue reason was the libubootenv commit: https://github.com/sbabic/libubootenv/commit/92949816720d7af2ac722016e7a5b9a85ff141bc. which bypasses the force_ro protection to write. So for my platform, I am going to edit the source code of libubootenv
/dev/mmcblk0boot1
as [dd if=/xx/<uboot>.img of=/dev/mmcblk0boot1 conv=notrunc seek=xx bs=1k
]cat /etc/fw_env.config
has the entry as /dev/mmcblk0boot1 xx xx
openat(AT_FDCWD, "/dev/mmcblk0boot1",enter code here
Anyway, the issue's root cause was found and resolved.
Thanks