[U-Boot] [Patch v2] configs: SECURE_BOOT: Enable CONFIG_CMD_EXT4_WRITE
York Sun
york.sun at nxp.com
Thu Sep 7 15:30:48 UTC 2017
On 09/06/2017 09:10 PM, Sumit Garg wrote:
>> -----Original Message-----
>> From: York Sun
>> Sent: Wednesday, September 06, 2017 9:47 PM
>> To: Sumit Garg <sumit.garg at nxp.com>; u-boot at lists.denx.de
>> Cc: Ruchika Gupta <ruchika.gupta at nxp.com>; Prabhakar Kushwaha
>> <prabhakar.kushwaha at nxp.com>; trini at konsulko.com
>> Subject: Re: [Patch v2] configs: SECURE_BOOT: Enable
>> CONFIG_CMD_EXT4_WRITE
>>
>> On 08/25/2017 03:03 AM, Sumit Garg wrote:
>>> As part of chain of trust with confidentiality along with distro boot,
>>> linux kernel image needs to be stored in encrypted form on
>>> ext4 boot partition. So enable CONFIG_CMD_EXT4_WRITE in case of Secure
>>> boot.
>>>
>>> Signed-off-by: Sumit Garg <sumit.garg at nxp.com>
>>> ---
>>>
>>> Changes in v2:
>>> Instead of adding CMD_EXT4_WRITE option in each defconfig, added this
>>> option in Kconfig.
>>>
>>> board/freescale/common/Kconfig | 2 ++
>>> 1 file changed, 2 insertions(+)
>>>
>>> diff --git a/board/freescale/common/Kconfig
>>> b/board/freescale/common/Kconfig index 53b606e..3496eed 100644
>>> --- a/board/freescale/common/Kconfig
>>> +++ b/board/freescale/common/Kconfig
>>> @@ -6,6 +6,8 @@ config CHAIN_OF_TRUST
>>> select SPL_BOARD_INIT if (ARM && SPL)
>>> select SHA_HW_ACCEL
>>> select SHA_PROG_HW_ACCEL
>>> + select CMD_EXT4
>>> + select CMD_EXT4_WRITE
>>> bool
>>> default y
>>
>> Are you going to need this for all PowerPC platforms? This changes increases 3K
>> in text section.
>>
>> Will Ruchika confirm?
>>
>> York
>
> We don't need this option on PowerPC platforms as we currently don't support distro
> boot on PowerPC platforms. So we can enable this option for ARM platforms only.
Please update the patch to enable these options selectively.
York
More information about the U-Boot
mailing list