On 11/3/21 08:44, Rover Mo wrote:
To prevent boot unsigned images, same as CONFIG_LEGACY_IMAGE_FORMAT,
nits:
%s/boot/booting/
don't enable CONFIG_CMD_BOOTI and CONFIG_CMD_BOOTI by default if
CONFIG_FIT_SIGNATURE is enabled.
Disabling the booti and the bootz command does not stop you from booting
unsigned images, e.g. using the bootefi command.
Signed-off-by: Yuezhang.Mo <myz...@126.com>
---
cmd/Kconfig | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/cmd/Kconfig b/cmd/Kconfig
index 5b30b13e43..5f9dd91928 100644
--- a/cmd/Kconfig
+++ b/cmd/Kconfig
@@ -203,15 +203,24 @@ config BOOTM_EFI
config CMD_BOOTZ
bool "bootz"
+ default y if !FIT_SIGNATURE
help
Boot the Linux zImage
+ It is enabled by default for backward compatibility, unless
+ FIT_SIGNATURE is set where it is disabled so that unsigned images
+ cannot be loaded. If a board needs to boot a Linux zImage in this
+ case, enable it here.
config CMD_BOOTI
bool "booti"
depends on ARM64 || RISCV
- default y
+ default y if !FIT_SIGNATURE
How about CONFIG_EFI_SECURE_BOOT? Should this also disable the default?
help
Boot an AArch64 Linux Kernel image from memory.
+ It is enabled by default for backward compatibility, unless
Backwards relative to UEFI?
This focuses very much on default values. How about:
"The booti command is used for launching unsigned AArch64 and RISC-V
Linux kernel images. If you want to have secure boot either via signed
FIT images or via signed UEFI images, this option should be disabled."
+ FIT_SIGNATURE is set where it is disabled so that unsigned images
+ cannot be loaded. If a board needs to boot an AArch64 Linux Kernel
Why AArch64 and not RISC-V?
Who needs all those lines.
Best regards
Heinrich
+ image in this case, enable it here.
config BOOTM_LINUX
bool "Support booting Linux OS images"
