[U-Boot] [Patch v2] configs: SECURE_BOOT: Enable CONFIG_CMD_EXT4_WRITE
As part of chain of trust with confidentiality along with distro boot, linux kernel image needs to be stored in encrypted form on ext4 boot partition. So enable CONFIG_CMD_EXT4_WRITE in case of Secure boot.
Signed-off-by: Sumit Garg sumit.garg@nxp.com ---
Changes in v2: Instead of adding CMD_EXT4_WRITE option in each defconfig, added this option in Kconfig.
board/freescale/common/Kconfig | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/board/freescale/common/Kconfig b/board/freescale/common/Kconfig index 53b606e..3496eed 100644 --- a/board/freescale/common/Kconfig +++ b/board/freescale/common/Kconfig @@ -6,6 +6,8 @@ config CHAIN_OF_TRUST select SPL_BOARD_INIT if (ARM && SPL) select SHA_HW_ACCEL select SHA_PROG_HW_ACCEL + select CMD_EXT4 + select CMD_EXT4_WRITE bool default y
On Fri, Aug 25, 2017 at 03:33:10PM +0530, Sumit Garg wrote:
As part of chain of trust with confidentiality along with distro boot, linux kernel image needs to be stored in encrypted form on ext4 boot partition. So enable CONFIG_CMD_EXT4_WRITE in case of Secure boot.
Signed-off-by: Sumit Garg sumit.garg@nxp.com
Reviewed-by: Tom Rini trini@konsulko.com
On 08/25/2017 03:03 AM, Sumit Garg wrote:
As part of chain of trust with confidentiality along with distro boot, linux kernel image needs to be stored in encrypted form on ext4 boot partition. So enable CONFIG_CMD_EXT4_WRITE in case of Secure boot.
Signed-off-by: Sumit Garg sumit.garg@nxp.com
Changes in v2: Instead of adding CMD_EXT4_WRITE option in each defconfig, added this option in Kconfig.
board/freescale/common/Kconfig | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/board/freescale/common/Kconfig b/board/freescale/common/Kconfig index 53b606e..3496eed 100644 --- a/board/freescale/common/Kconfig +++ b/board/freescale/common/Kconfig @@ -6,6 +6,8 @@ config CHAIN_OF_TRUST select SPL_BOARD_INIT if (ARM && SPL) select SHA_HW_ACCEL select SHA_PROG_HW_ACCEL
- select CMD_EXT4
- select CMD_EXT4_WRITE bool default y
Are you going to need this for all PowerPC platforms? This changes increases 3K in text section.
Will Ruchika confirm?
York
-----Original Message----- From: York Sun Sent: Wednesday, September 06, 2017 9:47 PM To: Sumit Garg sumit.garg@nxp.com; u-boot@lists.denx.de Cc: Ruchika Gupta ruchika.gupta@nxp.com; Prabhakar Kushwaha prabhakar.kushwaha@nxp.com; trini@konsulko.com Subject: Re: [Patch v2] configs: SECURE_BOOT: Enable CONFIG_CMD_EXT4_WRITE
On 08/25/2017 03:03 AM, Sumit Garg wrote:
As part of chain of trust with confidentiality along with distro boot, linux kernel image needs to be stored in encrypted form on ext4 boot partition. So enable CONFIG_CMD_EXT4_WRITE in case of Secure boot.
Signed-off-by: Sumit Garg sumit.garg@nxp.com
Changes in v2: Instead of adding CMD_EXT4_WRITE option in each defconfig, added this option in Kconfig.
board/freescale/common/Kconfig | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/board/freescale/common/Kconfig b/board/freescale/common/Kconfig index 53b606e..3496eed 100644 --- a/board/freescale/common/Kconfig +++ b/board/freescale/common/Kconfig @@ -6,6 +6,8 @@ config CHAIN_OF_TRUST select SPL_BOARD_INIT if (ARM && SPL) select SHA_HW_ACCEL select SHA_PROG_HW_ACCEL
- select CMD_EXT4
- select CMD_EXT4_WRITE bool default y
Are you going to need this for all PowerPC platforms? This changes increases 3K in text section.
Will Ruchika confirm?
York
We don't need this option on PowerPC platforms as we currently don't support distro boot on PowerPC platforms. So we can enable this option for ARM platforms only.
Sumit
On 09/06/2017 09:10 PM, Sumit Garg wrote:
-----Original Message----- From: York Sun Sent: Wednesday, September 06, 2017 9:47 PM To: Sumit Garg sumit.garg@nxp.com; u-boot@lists.denx.de Cc: Ruchika Gupta ruchika.gupta@nxp.com; Prabhakar Kushwaha prabhakar.kushwaha@nxp.com; trini@konsulko.com Subject: Re: [Patch v2] configs: SECURE_BOOT: Enable CONFIG_CMD_EXT4_WRITE
On 08/25/2017 03:03 AM, Sumit Garg wrote:
As part of chain of trust with confidentiality along with distro boot, linux kernel image needs to be stored in encrypted form on ext4 boot partition. So enable CONFIG_CMD_EXT4_WRITE in case of Secure boot.
Signed-off-by: Sumit Garg sumit.garg@nxp.com
Changes in v2: Instead of adding CMD_EXT4_WRITE option in each defconfig, added this option in Kconfig.
board/freescale/common/Kconfig | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/board/freescale/common/Kconfig b/board/freescale/common/Kconfig index 53b606e..3496eed 100644 --- a/board/freescale/common/Kconfig +++ b/board/freescale/common/Kconfig @@ -6,6 +6,8 @@ config CHAIN_OF_TRUST select SPL_BOARD_INIT if (ARM && SPL) select SHA_HW_ACCEL select SHA_PROG_HW_ACCEL
- select CMD_EXT4
- select CMD_EXT4_WRITE bool default y
Are you going to need this for all PowerPC platforms? This changes increases 3K in text section.
Will Ruchika confirm?
York
We don't need this option on PowerPC platforms as we currently don't support distro boot on PowerPC platforms. So we can enable this option for ARM platforms only.
Please update the patch to enable these options selectively.
York
-----Original Message----- From: York Sun Sent: Thursday, September 07, 2017 9:01 PM To: Sumit Garg sumit.garg@nxp.com; u-boot@lists.denx.de Cc: Ruchika Gupta ruchika.gupta@nxp.com; Prabhakar Kushwaha prabhakar.kushwaha@nxp.com; trini@konsulko.com Subject: Re: [Patch v2] configs: SECURE_BOOT: Enable CONFIG_CMD_EXT4_WRITE
On 09/06/2017 09:10 PM, Sumit Garg wrote:
-----Original Message----- From: York Sun Sent: Wednesday, September 06, 2017 9:47 PM To: Sumit Garg sumit.garg@nxp.com; u-boot@lists.denx.de Cc: Ruchika Gupta ruchika.gupta@nxp.com; Prabhakar Kushwaha prabhakar.kushwaha@nxp.com; trini@konsulko.com Subject: Re: [Patch v2] configs: SECURE_BOOT: Enable CONFIG_CMD_EXT4_WRITE
On 08/25/2017 03:03 AM, Sumit Garg wrote:
As part of chain of trust with confidentiality along with distro boot, linux kernel image needs to be stored in encrypted form on ext4 boot partition. So enable CONFIG_CMD_EXT4_WRITE in case of Secure boot.
Signed-off-by: Sumit Garg sumit.garg@nxp.com
Changes in v2: Instead of adding CMD_EXT4_WRITE option in each defconfig, added this option in Kconfig.
board/freescale/common/Kconfig | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/board/freescale/common/Kconfig b/board/freescale/common/Kconfig index 53b606e..3496eed 100644 --- a/board/freescale/common/Kconfig +++ b/board/freescale/common/Kconfig @@ -6,6 +6,8 @@ config CHAIN_OF_TRUST select SPL_BOARD_INIT if (ARM && SPL) select SHA_HW_ACCEL select SHA_PROG_HW_ACCEL
- select CMD_EXT4
- select CMD_EXT4_WRITE bool default y
Are you going to need this for all PowerPC platforms? This changes increases 3K in text section.
Will Ruchika confirm?
York
We don't need this option on PowerPC platforms as we currently don't support distro boot on PowerPC platforms. So we can enable this option for
ARM platforms only.
Please update the patch to enable these options selectively.
York
Sure I will send this change in v3.
Sumit
participants (3)
-
Sumit Garg -
Tom Rini -
York Sun