To prevent boot unsigned images, same as CONFIG_LEGACY_IMAGE_FORMAT, don't enable CONFIG_CMD_BOOTI and CONFIG_CMD_BOOTI by default if CONFIG_FIT_SIGNATURE is enabled.
Signed-off-by: Yuezhang.Mo myzmzz@126.com --- cmd/Kconfig | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/cmd/Kconfig b/cmd/Kconfig index 5b30b13e43..5f9dd91928 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -203,15 +203,24 @@ config BOOTM_EFI
config CMD_BOOTZ bool "bootz" + default y if !FIT_SIGNATURE help Boot the Linux zImage + It is enabled by default for backward compatibility, unless + FIT_SIGNATURE is set where it is disabled so that unsigned images + cannot be loaded. If a board needs to boot a Linux zImage in this + case, enable it here.
config CMD_BOOTI bool "booti" depends on ARM64 || RISCV - default y + default y if !FIT_SIGNATURE help Boot an AArch64 Linux Kernel image from memory. + It is enabled by default for backward compatibility, unless + FIT_SIGNATURE is set where it is disabled so that unsigned images + cannot be loaded. If a board needs to boot an AArch64 Linux Kernel + image in this case, enable it here.
config BOOTM_LINUX bool "Support booting Linux OS images"