Dear Heinrich,
Thank for your comments. >How about CONFIG_EFI_SECURE_BOOT? Should this also disable the default? I think yes. I will update the relation to "default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT", and add "!EFI_SECURE_BOOT" into LEGACY_IMAGE_FORMAT. >> + It is enabled by default for backward compatibility, unless > >Backwards relative to UEFI? No. This description is from CONFIG_LEGACY_IMAGE_FORMAT. ``` config LEGACY_IMAGE_FORMAT bool "Enable support for the legacy image format" default y if !FIT_SIGNATURE help This option enables the legacy image format. It is enabled by default for backward compatibility, unless FIT_SIGNATURE is set where it is disabled so that unsigned images cannot be loaded. If a board needs the legacy image format support in this case, enable it here. ``` In my understand, this backward compatibility is to support both secure boot and non-secure boot when necessary. >This focuses very much on default values. How about: > >"The booti command is used for launching unsigned AArch64 and RISC-V >Linux kernel images. If you want to have secure boot either via signed >FIT images or via signed UEFI images, this option should be disabled." I agree, this description is more comprehensive. So that I want to update the commit title to "boot: don't enable the non-secure boot commands by default if secure boot enabled" >Why AArch64 and not RISC-V? The help information of CMD_BOOTI only mentions AArch64, so I followed it. Should I update as following? ```diff - Boot an AArch64 Linux Kernel image from memory. + Boot an AArch64/RISC-V Linux Kernel image from memory. ``` Best regards, Rover At 2021-11-04 02:24:34, "Heinrich Schuchardt" <xypron.g...@gmx.de> wrote: >On 11/3/21 08:44, Rover Mo wrote: >> To prevent boot unsigned images, same as CONFIG_LEGACY_IMAGE_FORMAT, > >nits: >%s/boot/booting/ > >> don't enable CONFIG_CMD_BOOTI and CONFIG_CMD_BOOTI by default if >> CONFIG_FIT_SIGNATURE is enabled. > >Disabling the booti and the bootz command does not stop you from booting >unsigned images, e.g. using the bootefi command. > >> >> Signed-off-by: Yuezhang.Mo <myz...@126.com> >> --- >> cmd/Kconfig | 11 ++++++++++- >> 1 file changed, 10 insertions(+), 1 deletion(-) >> >> diff --git a/cmd/Kconfig b/cmd/Kconfig >> index 5b30b13e43..5f9dd91928 100644 >> --- a/cmd/Kconfig >> +++ b/cmd/Kconfig >> @@ -203,15 +203,24 @@ config BOOTM_EFI >> >> config CMD_BOOTZ >> bool "bootz" >> + default y if !FIT_SIGNATURE >> help >> Boot the Linux zImage >> + It is enabled by default for backward compatibility, unless >> + FIT_SIGNATURE is set where it is disabled so that unsigned images >> + cannot be loaded. If a board needs to boot a Linux zImage in this >> + case, enable it here. >> >> config CMD_BOOTI >> bool "booti" >> depends on ARM64 || RISCV >> - default y >> + default y if !FIT_SIGNATURE > >How about CONFIG_EFI_SECURE_BOOT? Should this also disable the default? > >> help >> Boot an AArch64 Linux Kernel image from memory. >> + It is enabled by default for backward compatibility, unless > >Backwards relative to UEFI? > >This focuses very much on default values. How about: > >"The booti command is used for launching unsigned AArch64 and RISC-V >Linux kernel images. If you want to have secure boot either via signed >FIT images or via signed UEFI images, this option should be disabled." > >> + FIT_SIGNATURE is set where it is disabled so that unsigned images >> + cannot be loaded. If a board needs to boot an AArch64 Linux Kernel > >Why AArch64 and not RISC-V? > >Who needs all those lines. > >Best regards > >Heinrich > >> + image in this case, enable it here. >> >> config BOOTM_LINUX >> bool "Support booting Linux OS images" >>