[U-Boot] [Patch v2] configs: SECURE_BOOT: Enable CONFIG_CMD_EXT4_WRITE
Sumit Garg
sumit.garg at nxp.com
Thu Sep 7 16:09:11 UTC 2017
> -----Original Message-----
> From: York Sun
> Sent: Thursday, September 07, 2017 9:01 PM
> To: Sumit Garg <sumit.garg at nxp.com>; u-boot at lists.denx.de
> Cc: Ruchika Gupta <ruchika.gupta at nxp.com>; Prabhakar Kushwaha
> <prabhakar.kushwaha at nxp.com>; trini at konsulko.com
> Subject: Re: [Patch v2] configs: SECURE_BOOT: Enable
> CONFIG_CMD_EXT4_WRITE
>
> On 09/06/2017 09:10 PM, Sumit Garg wrote:
> >> -----Original Message-----
> >> From: York Sun
> >> Sent: Wednesday, September 06, 2017 9:47 PM
> >> To: Sumit Garg <sumit.garg at nxp.com>; u-boot at lists.denx.de
> >> Cc: Ruchika Gupta <ruchika.gupta at nxp.com>; Prabhakar Kushwaha
> >> <prabhakar.kushwaha at nxp.com>; trini at konsulko.com
> >> Subject: Re: [Patch v2] configs: SECURE_BOOT: Enable
> >> CONFIG_CMD_EXT4_WRITE
> >>
> >> On 08/25/2017 03:03 AM, Sumit Garg wrote:
> >>> As part of chain of trust with confidentiality along with distro
> >>> boot, linux kernel image needs to be stored in encrypted form on
> >>> ext4 boot partition. So enable CONFIG_CMD_EXT4_WRITE in case of
> >>> Secure boot.
> >>>
> >>> Signed-off-by: Sumit Garg <sumit.garg at nxp.com>
> >>> ---
> >>>
> >>> Changes in v2:
> >>> Instead of adding CMD_EXT4_WRITE option in each defconfig, added
> >>> this option in Kconfig.
> >>>
> >>> board/freescale/common/Kconfig | 2 ++
> >>> 1 file changed, 2 insertions(+)
> >>>
> >>> diff --git a/board/freescale/common/Kconfig
> >>> b/board/freescale/common/Kconfig index 53b606e..3496eed 100644
> >>> --- a/board/freescale/common/Kconfig
> >>> +++ b/board/freescale/common/Kconfig
> >>> @@ -6,6 +6,8 @@ config CHAIN_OF_TRUST
> >>> select SPL_BOARD_INIT if (ARM && SPL)
> >>> select SHA_HW_ACCEL
> >>> select SHA_PROG_HW_ACCEL
> >>> + select CMD_EXT4
> >>> + select CMD_EXT4_WRITE
> >>> bool
> >>> default y
> >>
> >> Are you going to need this for all PowerPC platforms? This changes
> >> increases 3K in text section.
> >>
> >> Will Ruchika confirm?
> >>
> >> York
> >
> > We don't need this option on PowerPC platforms as we currently don't
> > support distro boot on PowerPC platforms. So we can enable this option for
> ARM platforms only.
>
> Please update the patch to enable these options selectively.
>
> York
Sure I will send this change in v3.
Sumit
More information about the U-Boot
mailing list