I hope everyone is doing well and safe.
We have a security concern and planning to make the U-boot environment as read-only!
Hence, I would like to understand, how U-boot env variables for mender (such as current boot partition, altboot configuration etc) will work with the readonly env settings.
Let me put my current understanding below:
Once, the board booted, then mender will change the env only during the
mender - installand
Hence, if we can enable the write mode to
fw_setenvbefore this operation, then mender will work. Once the settings are done, then will remove the write mode to the
This might require a code change in the mender source since,
-commitare performing from the mender source, not from the Yocto patches.
This also need a correct
fw_configsetting to take the env from the read-only location.
Could anyone confirm my understanding is correct? Should I taken care of any other procedure/step?
Also, I would like to know anyone already tried this kind of setup earlier