[PATCH v3 1/2] boot: don't enable the non-secure boot commands by default if secure boot enabled
To prevent booting unsigned images, don't enable the non-secure boot commands(booti, bootz .etc) by default if secure boot enabled.
Signed-off-by: Rover Mo myzmzz@126.com --- boot/Kconfig | 2 +- cmd/Kconfig | 11 +++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/boot/Kconfig b/boot/Kconfig index dff4d23b88..cebe4e24fe 100644 --- a/boot/Kconfig +++ b/boot/Kconfig @@ -407,7 +407,7 @@ endif
config LEGACY_IMAGE_FORMAT bool "Enable support for the legacy image format" - default y if !FIT_SIGNATURE && !TI_SECURE_DEVICE + default y if !FIT_SIGNATURE && !TI_SECURE_DEVICE && !EFI_SECURE_BOOT help This option enables the legacy image format. It is enabled by default for backward compatibility, unless FIT_SIGNATURE is diff --git a/cmd/Kconfig b/cmd/Kconfig index 69c1814d24..6baa85bfdd 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -259,15 +259,22 @@ config BOOTM_EFI
config CMD_BOOTZ bool "bootz" + default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT help Boot the Linux zImage + The booti command is used for launching unsigned Linux zImage. + If you want to have secure boot either via signed FIT images or via + signed UEFI images, this option should be disabled.
config CMD_BOOTI bool "booti" depends on ARM64 || RISCV - default y + default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT help - Boot an AArch64 Linux Kernel image from memory. + Boot an AArch64/RISC-V Linux Kernel image from memory. + The booti command is used for launching unsigned AArch64 and RISC-V + Linux kernel images. If you want to have secure boot either via signed + FIT images or via signed UEFI images, this option should be disabled.
config BOOTM_LINUX bool "Support booting Linux OS images"
Am 20. Mai 2022 04:58:46 MESZ schrieb Rover Mo myzmzz@126.com:
To prevent booting unsigned images, don't enable the non-secure boot commands(booti, bootz .etc) by default if secure boot enabled.
Signed-off-by: Rover Mo myzmzz@126.com
boot/Kconfig | 2 +- cmd/Kconfig | 11 +++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/boot/Kconfig b/boot/Kconfig index dff4d23b88..cebe4e24fe 100644 --- a/boot/Kconfig +++ b/boot/Kconfig @@ -407,7 +407,7 @@ endif
config LEGACY_IMAGE_FORMAT bool "Enable support for the legacy image format"
- default y if !FIT_SIGNATURE && !TI_SECURE_DEVICE
- default y if !FIT_SIGNATURE && !TI_SECURE_DEVICE && !EFI_SECURE_BOOT
Having EFI_SECURE_BOOT=y is not enough to use secure boot. You must also supply variables PK, KEK, db, dbx.
Furthermore you would have to disable a whole lot more commands to secure the device.
Currently we have patches in review to provide a bootmenu with optionally no access to the console. This is a better approach.
Best regards
Heinrich
help This option enables the legacy image format. It is enabled by default for backward compatibility, unless FIT_SIGNATURE is diff --git a/cmd/Kconfig b/cmd/Kconfig index 69c1814d24..6baa85bfdd 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -259,15 +259,22 @@ config BOOTM_EFI
config CMD_BOOTZ bool "bootz"
- default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT help Boot the Linux zImage
The booti command is used for launching unsigned Linux zImage.If you want to have secure boot either via signed FIT images or viasigned UEFI images, this option should be disabled.config CMD_BOOTI bool "booti" depends on ARM64 || RISCV
- default y
- default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT help
Boot an AArch64 Linux Kernel image from memory.
Boot an AArch64/RISC-V Linux Kernel image from memory.The booti command is used for launching unsigned AArch64 and RISC-VLinux kernel images. If you want to have secure boot either via signedFIT images or via signed UEFI images, this option should be disabled.config BOOTM_LINUX bool "Support booting Linux OS images" -- 2.25.1
At 2022-05-20 14:34:18, "Heinrich Schuchardt" xypron.glpk@gmx.de wrote:
Am 20. Mai 2022 04:58:46 MESZ schrieb Rover Mo myzmzz@126.com:
Having EFI_SECURE_BOOT=y is not enough to use secure boot. You must also supply variables PK, KEK, db, dbx.
Furthermore you would have to disable a whole lot more commands to secure the device.
Currently we have patches in review to provide a bootmenu with optionally no access to the console. This is a better approach.
Thank you for your explanation.
Please forget my patches.
Best regards, Rover Mo
participants (2)
-
Heinrich Schuchardt -
Rover Mo