[PATCH v2] boot: don't enable the non-secure boot commands by default if secure boot enabled
To prevent booting unsigned images, don't enable the non-secure boot commands(booti, bootz .etc) by default if secure boot enabled.
Signed-off-by: Rover Mo myzmzz@126.com Cc: Heinrich Schuchardt xypron.glpk@gmx.de Cc: Simon Glass sjg@chromium.org
---
Changes for v2: - Don't enable the non-secure boot commands too if !EFI_SECURE_BOOT - Update the help information - Changed commit title
cmd/Kconfig | 11 +++++++++-- common/Kconfig.boot | 2 +- 2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/cmd/Kconfig b/cmd/Kconfig index 5b30b13e43..98c588e638 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -203,15 +203,22 @@ config BOOTM_EFI
config CMD_BOOTZ bool "bootz" + default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT help Boot the Linux zImage + The bootz command is used for launching unsigned Linux zImage. + If you want to have secure boot either via signed FIT images or via + signed UEFI images, this option should be disabled.
config CMD_BOOTI bool "booti" depends on ARM64 || RISCV - default y + default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT help - Boot an AArch64 Linux Kernel image from memory. + Boot an AArch64/RISC-V Linux Kernel image from memory. + The booti command is used for launching unsigned AArch64 and RISC-V + Linux kernel images. If you want to have secure boot either via signed + FIT images or via signed UEFI images, this option should be disabled.
config BOOTM_LINUX bool "Support booting Linux OS images" diff --git a/common/Kconfig.boot b/common/Kconfig.boot index a8d4be23a9..574f35b42e 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -283,7 +283,7 @@ endif # FIT
config LEGACY_IMAGE_FORMAT bool "Enable support for the legacy image format" - default y if !FIT_SIGNATURE + default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT help This option enables the legacy image format. It is enabled by default for backward compatibility, unless FIT_SIGNATURE is
Dear Simon Glass,
Also please do check tests (make qcheck) since sandbox enables more options than most boards.
All tests passed, please check the detailed log in the attachment.
Best regards, Rover Mo
At 2021-11-09 15:21:43, "Rover Mo" myzmzz@126.com wrote:
To prevent booting unsigned images, don't enable the non-secure boot commands(booti, bootz .etc) by default if secure boot enabled.
Signed-off-by: Rover Mo myzmzz@126.com Cc: Heinrich Schuchardt xypron.glpk@gmx.de Cc: Simon Glass sjg@chromium.org
Changes for v2:
- Don't enable the non-secure boot commands too if !EFI_SECURE_BOOT
- Update the help information
- Changed commit title
cmd/Kconfig | 11 +++++++++-- common/Kconfig.boot | 2 +- 2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/cmd/Kconfig b/cmd/Kconfig index 5b30b13e43..98c588e638 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -203,15 +203,22 @@ config BOOTM_EFI
config CMD_BOOTZ bool "bootz"
- default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT help Boot the Linux zImage
The bootz command is used for launching unsigned Linux zImage.If you want to have secure boot either via signed FIT images or viasigned UEFI images, this option should be disabled.config CMD_BOOTI bool "booti" depends on ARM64 || RISCV
- default y
- default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT help
Boot an AArch64 Linux Kernel image from memory.
Boot an AArch64/RISC-V Linux Kernel image from memory.The booti command is used for launching unsigned AArch64 and RISC-VLinux kernel images. If you want to have secure boot either via signedFIT images or via signed UEFI images, this option should be disabled.config BOOTM_LINUX bool "Support booting Linux OS images" diff --git a/common/Kconfig.boot b/common/Kconfig.boot index a8d4be23a9..574f35b42e 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -283,7 +283,7 @@ endif # FIT
config LEGACY_IMAGE_FORMAT bool "Enable support for the legacy image format"
- default y if !FIT_SIGNATURE
- default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT help This option enables the legacy image format. It is enabled by default for backward compatibility, unless FIT_SIGNATURE is
-- 2.25.1
On 11/9/21 08:21, Rover Mo wrote:
To prevent booting unsigned images, don't enable the non-secure boot commands(booti, bootz .etc) by default if secure boot enabled.
Signed-off-by: Rover Mo myzmzz@126.com Cc: Heinrich Schuchardt xypron.glpk@gmx.de Cc: Simon Glass sjg@chromium.org
Reviewed-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
On Tue, 9 Nov 2021 at 00:23, Rover Mo myzmzz@126.com wrote:
To prevent booting unsigned images, don't enable the non-secure boot commands(booti, bootz .etc) by default if secure boot enabled.
Signed-off-by: Rover Mo myzmzz@126.com Cc: Heinrich Schuchardt xypron.glpk@gmx.de Cc: Simon Glass sjg@chromium.org
Changes for v2: - Don't enable the non-secure boot commands too if !EFI_SECURE_BOOT - Update the help information - Changed commit title
cmd/Kconfig | 11 +++++++++-- common/Kconfig.boot | 2 +- 2 files changed, 10 insertions(+), 3 deletions(-)
Reviewed-by: Simon Glass sjg@chromium.org Tested-on: coral, sandbox Tested-by: Simon Glass sjg@chromium.org
On Tue, Nov 09, 2021 at 03:21:43PM +0800, Rover Mo wrote:
To prevent booting unsigned images, don't enable the non-secure boot commands(booti, bootz .etc) by default if secure boot enabled.
Signed-off-by: Rover Mo myzmzz@126.com Cc: Heinrich Schuchardt xypron.glpk@gmx.de Cc: Simon Glass sjg@chromium.org Reviewed-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com Reviewed-by: Simon Glass sjg@chromium.org Tested-by: Simon Glass sjg@chromium.org
This breaks building on iot_devkit, please test, fix and resubmit, thanks.
participants (4)
-
Heinrich Schuchardt -
Rover Mo -
Simon Glass -
Tom Rini