[U-Boot] [RFC 06/15] secure boot: rename CONFIG_SECURE_BOOT

Tom Rini trini at konsulko.com
Thu Sep 19 15:02:36 UTC 2019 

On Wed, Sep 18, 2019 at 10:26:34AM +0900, AKASHI Takahiro wrote:

> The configuration, CONFIG_SECURE_BOOT, was scattered among different
> architecture directories for different implementation. This will prevent
> UEFI secure boot from being added later.
> 
> So let's rename them, giving each implementation to different
> configuration option. CONFIG_SECURE_BOOT still remains not to break
> existing implicit dependency.
> 
> Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
> ---
>  Kconfig                                   | 7 +++++++
>  arch/arm/cpu/armv7/ls102xa/Kconfig        | 3 ++-
>  arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 3 ++-
>  arch/arm/mach-imx/Kconfig                 | 3 ++-
>  arch/powerpc/cpu/mpc85xx/Kconfig          | 3 ++-
>  5 files changed, 15 insertions(+), 4 deletions(-)
> 
> diff --git a/Kconfig b/Kconfig
> index 1f0904f7045e..c11fc102a7d4 100644
> --- a/Kconfig
> +++ b/Kconfig
> @@ -282,6 +282,13 @@ config SYS_LDSCRIPT
>  
>  endmenu		# General setup
>  
> +config SECURE_BOOT
> +	bool "Secure Boot"
> +	imply SHA256
> +	help
> +	  Enable Secure Boot feature. The actual behavior may vary
> +	  from architecture to architecture.
> +
>  menu "Boot images"
>  
>  config ANDROID_BOOT_IMAGE
> diff --git a/arch/arm/cpu/armv7/ls102xa/Kconfig b/arch/arm/cpu/armv7/ls102xa/Kconfig
> index 94fa68250ddf..ce1bc580d23d 100644
> --- a/arch/arm/cpu/armv7/ls102xa/Kconfig
> +++ b/arch/arm/cpu/armv7/ls102xa/Kconfig
> @@ -50,8 +50,9 @@ config MAX_CPUS
>  	  cores, count the reserved ports. This will allocate enough memory
>  	  in spin table to properly handle all cores.
>  
> -config SECURE_BOOT
> +config FSL_ARMV7_ENABLE_SECURE_BOOT
>  	bool	"Secure Boot"
> +	depends on SECURE_BOOT
>  	help
>  		Enable Freescale Secure Boot feature. Normally selected
>  		by defconfig. If unsure, do not change.
> diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> index 42d31fdab0a0..d4cfe31f8ebf 100644
> --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> @@ -383,8 +383,9 @@ config EMC2305
>  	 Enable the EMC2305 fan controller for configuration of fan
>  	 speed.
>  
> -config SECURE_BOOT
> +config FSI_ARMV8_ENABLE_SECURE_BOOT
>  	bool "Secure Boot"
> +	depends on SECURE_BOOT
>  	help
>  		Enable Freescale Secure Boot feature
>  
> diff --git a/arch/arm/mach-imx/Kconfig b/arch/arm/mach-imx/Kconfig
> index aeb54934888d..e1602fd5f0e8 100644
> --- a/arch/arm/mach-imx/Kconfig
> +++ b/arch/arm/mach-imx/Kconfig
> @@ -34,8 +34,9 @@ config USE_IMXIMG_PLUGIN
>  	  i.MX6/7 supports DCD and Plugin. Enable this configuration
>  	  to use Plugin, otherwise DCD will be used.
>  
> -config SECURE_BOOT
> +config FSL_IMX_ENABLE_SECURE_BOOT
>  	bool "Support i.MX HAB features"
> +	depends on SECURE_BOOT
>  	depends on ARCH_MX7 || ARCH_MX6 || ARCH_MX5
>  	select FSL_CAAM if HAS_CAAM
>  	imply CMD_DEKBLOB
> diff --git a/arch/powerpc/cpu/mpc85xx/Kconfig b/arch/powerpc/cpu/mpc85xx/Kconfig
> index c038a6ddb0f4..9cf6ebbfe3ce 100644
> --- a/arch/powerpc/cpu/mpc85xx/Kconfig
> +++ b/arch/powerpc/cpu/mpc85xx/Kconfig
> @@ -1208,8 +1208,9 @@ config FSL_LAW
>  	help
>  		Use Freescale common code for Local Access Window
>  
> -config SECURE_BOOT
> +config FSL_MPC_ENABLE_SECURE_BOOT
>  	bool	"Secure Boot"
> +	depends on SECURE_BOOT
>  	help
>  		Enable Freescale Secure Boot feature. Normally selected
>  		by defconfig. If unsure, do not change.

I've added Priyanka Jain to the thread as the custodian for PowerPC and
NXP stuff and Stefano Babic as the custodian for i.MX stuff.  I don't
want to see "CONFIG_SECURE_BOOT" continue on as a config option, it's
too broad.  Can we please rename and update the existing NXP CONFIG
option (and I assume split it into a few ones to reflect better where
things really changed fundamentally from one SoC/arch to the next) and
update the help text?  Thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20190919/2861475d/attachment.sig>

More information about the U-Boot mailing list