[U-Boot] [Patch v2] configs: SECURE_BOOT: Enable CONFIG_CMD_EXT4_WRITE
Sumit Garg
sumit.garg at nxp.com
Thu Sep 7 04:10:24 UTC 2017
> -----Original Message-----
> From: York Sun
> Sent: Wednesday, September 06, 2017 9:47 PM
> To: Sumit Garg <sumit.garg at nxp.com>; u-boot at lists.denx.de
> Cc: Ruchika Gupta <ruchika.gupta at nxp.com>; Prabhakar Kushwaha
> <prabhakar.kushwaha at nxp.com>; trini at konsulko.com
> Subject: Re: [Patch v2] configs: SECURE_BOOT: Enable
> CONFIG_CMD_EXT4_WRITE
>
> On 08/25/2017 03:03 AM, Sumit Garg wrote:
> > As part of chain of trust with confidentiality along with distro boot,
> > linux kernel image needs to be stored in encrypted form on
> > ext4 boot partition. So enable CONFIG_CMD_EXT4_WRITE in case of Secure
> > boot.
> >
> > Signed-off-by: Sumit Garg <sumit.garg at nxp.com>
> > ---
> >
> > Changes in v2:
> > Instead of adding CMD_EXT4_WRITE option in each defconfig, added this
> > option in Kconfig.
> >
> > board/freescale/common/Kconfig | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/board/freescale/common/Kconfig
> > b/board/freescale/common/Kconfig index 53b606e..3496eed 100644
> > --- a/board/freescale/common/Kconfig
> > +++ b/board/freescale/common/Kconfig
> > @@ -6,6 +6,8 @@ config CHAIN_OF_TRUST
> > select SPL_BOARD_INIT if (ARM && SPL)
> > select SHA_HW_ACCEL
> > select SHA_PROG_HW_ACCEL
> > + select CMD_EXT4
> > + select CMD_EXT4_WRITE
> > bool
> > default y
>
> Are you going to need this for all PowerPC platforms? This changes increases 3K
> in text section.
>
> Will Ruchika confirm?
>
> York
We don't need this option on PowerPC platforms as we currently don't support distro
boot on PowerPC platforms. So we can enable this option for ARM platforms only.
Sumit
More information about the U-Boot
mailing list