u-boot environement writing is always enabled regardless of force_ro value

Question

On my platform, the u-boot environment variables can always be modified. Currently, I'm changing the value of force_ro to '1', which sets the permission mode to read-only. This change is reflected in the output of the lsblk command. However, even after rebooting my device, I can still write values to my boot partition, and the changes persist.

Here are the results of my test:

$ cat /sys/block/mmcblk0boot1/force_ro
1
$ fw_setenv primary 2
$ fw_printenv primary
2

Here are some details about my platform:

• Cross Compiler: Yocto EL40(Kirkstone)
• Bootloader: u-boot
• U-boot Source: git://github.com/nxp-imx/uboot-imx.git;protocol=https
• U-boot Source Branch: lf_v2022.04
• fw_setenv and fw_printenv package version in Yocto: libubootenv_0.3.2

Hardware details:

• System Architecture: arm
• CPU: armv8
• SoC: imx8m

Could anyone suggest a solution to make my boot partition read-only based on the value of force_ro?

I checked all the u-boot configuration, attempted multiple tests

Answer 1

This issue reason was the libubootenv commit: https://github.com/sbabic/libubootenv/commit/92949816720d7af2ac722016e7a5b9a85ff141bc. which bypasses the force_ro protection to write. So for my platform, I am going to edit the source code of libubootenv

• And about the last replay of this thread, Yes I am sure that the environment variables are stored on /dev/mmcblk0boot1 as [dd if=/xx/<uboot>.img of=/dev/mmcblk0boot1 conv=notrunc seek=xx bs=1k]
• cat /etc/fw_env.config has the entry as /dev/mmcblk0boot1 xx xx
• strac command of fw_setenv showing as openat(AT_FDCWD, "/dev/mmcblk0boot1",enter code here

Anyway, the issue's root cause was found and resolved.

Thanks