Dear Heinrich,
Thank for your comments.
How about CONFIG_EFI_SECURE_BOOT? Should this also disable the default?
I think yes. I will update the relation to "default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT", and add "!EFI_SECURE_BOOT" into LEGACY_IMAGE_FORMAT.
It is enabled by default for backward compatibility, unlessBackwards relative to UEFI?
No.
This description is from CONFIG_LEGACY_IMAGE_FORMAT.
``` config LEGACY_IMAGE_FORMAT bool "Enable support for the legacy image format" default y if !FIT_SIGNATURE help This option enables the legacy image format. It is enabled by default for backward compatibility, unless FIT_SIGNATURE is set where it is disabled so that unsigned images cannot be loaded. If a board needs the legacy image format support in this case, enable it here. ```
In my understand, this backward compatibility is to support both secure boot and non-secure boot when necessary.
This focuses very much on default values. How about:
"The booti command is used for launching unsigned AArch64 and RISC-V Linux kernel images. If you want to have secure boot either via signed FIT images or via signed UEFI images, this option should be disabled."
I agree, this description is more comprehensive.
So that I want to update the commit title to "boot: don't enable the non-secure boot commands by default if secure boot enabled"
Why AArch64 and not RISC-V?
The help information of CMD_BOOTI only mentions AArch64, so I followed it.
Should I update as following? ```diff - Boot an AArch64 Linux Kernel image from memory. + Boot an AArch64/RISC-V Linux Kernel image from memory. ```
Best regards, Rover
At 2021-11-04 02:24:34, "Heinrich Schuchardt" xypron.glpk@gmx.de wrote:
On 11/3/21 08:44, Rover Mo wrote:
To prevent boot unsigned images, same as CONFIG_LEGACY_IMAGE_FORMAT,
nits: %s/boot/booting/
don't enable CONFIG_CMD_BOOTI and CONFIG_CMD_BOOTI by default if CONFIG_FIT_SIGNATURE is enabled.
Disabling the booti and the bootz command does not stop you from booting unsigned images, e.g. using the bootefi command.
Signed-off-by: Yuezhang.Mo myzmzz@126.com
cmd/Kconfig | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/cmd/Kconfig b/cmd/Kconfig index 5b30b13e43..5f9dd91928 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -203,15 +203,24 @@ config BOOTM_EFI
config CMD_BOOTZ bool "bootz"
default y if !FIT_SIGNATURE help Boot the Linux zImage
It is enabled by default for backward compatibility, unlessFIT_SIGNATURE is set where it is disabled so that unsigned imagescannot be loaded. If a board needs to boot a Linux zImage in thiscase, enable it here.config CMD_BOOTI bool "booti" depends on ARM64 || RISCV
- default y
- default y if !FIT_SIGNATURE
How about CONFIG_EFI_SECURE_BOOT? Should this also disable the default?
help Boot an AArch64 Linux Kernel image from memory.
It is enabled by default for backward compatibility, unlessBackwards relative to UEFI?
This focuses very much on default values. How about:
"The booti command is used for launching unsigned AArch64 and RISC-V Linux kernel images. If you want to have secure boot either via signed FIT images or via signed UEFI images, this option should be disabled."
FIT_SIGNATURE is set where it is disabled so that unsigned imagescannot be loaded. If a board needs to boot an AArch64 Linux KernelWhy AArch64 and not RISC-V?
Who needs all those lines.
Best regards
Heinrich
image in this case, enable it here.config BOOTM_LINUX bool "Support booting Linux OS images"