[U-Boot] [PATCH 1/4] bootm: allow to disable legacy image format
Heiko Schocher
hs at denx.de
Fri May 9 07:12:24 CEST 2014
Hello Mike,
Am 08.05.2014 15:02, schrieb mike:
> Hi Heiko,
>
> Did you see my last email? The one that bounced with a mime header and where I attached a patch file.
Seems I missed this EMail ...
> I just wonder if its not better to switch the define to be
>
> if (CONFIG_SIGNATURE_VERIFICATION_WITH_LEGACY_SIDE_DOOR). It can become mutually exclusive with the existing signature verification define.
The define length seems a little long, but this is also an option.
I just prepared my patch after Simons comment, see:
http://lists.denx.de/pipermail/u-boot/2014-May/179139.html
> That way the legacy stuff is removed automatically upon requesting verification unless defined otherwise. When you fail to boot an unsigned legacy kernel then its kind of obvious that you have to solve something but if you implement verified boot and
> forget this new variable then you leave a security hole.
>
> In my last email I also discussed my confusion regard the 'required' variable. Similar argument to the above plus some other thoughts.
Was this EMail on the U-Boot ML? I could not find it...
Can you send a link?
bye,
Heiko
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
More information about the U-Boot
mailing list