Hi Ahmad, On 25-01-23, Ahmad Fatoum wrote: > As things are, secure booting systems are expected to disable > CONFIG_ENV_HANDLING to avoid their behavior changing due to a barebox > environment loaded at runtime. > > Still, some users may want to keep CONFIG_ENV_HANDLING enabled, but > activated only selectively. For those users, barebox autoprobing block > devices for a GPT partition with the matching UUID is undesirable. Good catch! > Therefore, allow disabling this autoprobe behavior via a globalvar. > To balance convenience against security, the default for the globalvar > will depend on whether the CONFIG_INSECURE option is set. A global INSECURE option like OP-TEE does seems reasonable to avoid flooding the Kconfig. > Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx> Reviewed-by: Marco Felsch <m.felsch@xxxxxxxxxxxxxx>
