[PATCH] boot: don't enable booti/bootz by default if FIT_SIGNATURE is set
Rover Mo
myzmzz at 126.com
Wed Nov 3 08:44:32 CET 2021
To prevent boot unsigned images, same as CONFIG_LEGACY_IMAGE_FORMAT,
don't enable CONFIG_CMD_BOOTI and CONFIG_CMD_BOOTI by default if
CONFIG_FIT_SIGNATURE is enabled.
Signed-off-by: Yuezhang.Mo <myzmzz at 126.com>
---
cmd/Kconfig | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/cmd/Kconfig b/cmd/Kconfig
index 5b30b13e43..5f9dd91928 100644
--- a/cmd/Kconfig
+++ b/cmd/Kconfig
@@ -203,15 +203,24 @@ config BOOTM_EFI
config CMD_BOOTZ
bool "bootz"
+ default y if !FIT_SIGNATURE
help
Boot the Linux zImage
+ It is enabled by default for backward compatibility, unless
+ FIT_SIGNATURE is set where it is disabled so that unsigned images
+ cannot be loaded. If a board needs to boot a Linux zImage in this
+ case, enable it here.
config CMD_BOOTI
bool "booti"
depends on ARM64 || RISCV
- default y
+ default y if !FIT_SIGNATURE
help
Boot an AArch64 Linux Kernel image from memory.
+ It is enabled by default for backward compatibility, unless
+ FIT_SIGNATURE is set where it is disabled so that unsigned images
+ cannot be loaded. If a board needs to boot an AArch64 Linux Kernel
+ image in this case, enable it here.
config BOOTM_LINUX
bool "Support booting Linux OS images"
--
2.25.1
More information about the U-Boot
mailing list