[PATCH] boot: don't enable booti/bootz by default if FIT_SIGNATURE is set
Heinrich Schuchardt
xypron.glpk at gmx.de
Thu Nov 4 12:23:08 CET 2021
On 11/4/21 04:11, Rover Mo wrote:
> Dear Heinrich,
>
>
> Thank for your comments.
>
>
> >How about CONFIG_EFI_SECURE_BOOT? Should this also disable the default?
>
> I think yes.
> I will update the relation to "default y if !FIT_SIGNATURE &&
> !EFI_SECURE_BOOT",
> and add "!EFI_SECURE_BOOT" into LEGACY_IMAGE_FORMAT.
>
>>> + It is enabled by default for backward compatibility, unless
>>
>>Backwards relative to UEFI?
>
> No.
>
> This description is from CONFIG_LEGACY_IMAGE_FORMAT.
>
> ```
> config LEGACY_IMAGE_FORMAT
> bool "Enable support for the legacy image format"
> default y if !FIT_SIGNATURE
> help
> This option enables the legacy image format. It is enabled by
> default for backward compatibility, unless FIT_SIGNATURE is
> set where it is disabled so that unsigned images cannot be
> loaded. If a board needs the legacy image format support in this
> case, enable it here.
> ```
>
> In my understand,this backward compatibility is to support both secure boot and
> non-secure boot when necessary.
>
>>This focuses very much on default values. How about:
>>
>>"The booti command is used for launching unsigned AArch64 and RISC-V
>>Linux kernel images. If you want to have secure boot either via signed
>>FIT images or via signed UEFI images, this option should be disabled."
>
> I agree, this description is more comprehensive.
>
> So that I want to update the commit title to "boot: don't enable thenon-secure boot commands by default ifsecure boot enabled"
>
>>Why AArch64 and not RISC-V?
>
> The help information of CMD_BOOTI only mentions AArch64, so I followed it.
>
> Should I update as following?
> ```diff
> - Boot an AArch64 Linux Kernel image from memory.
> + Boot an AArch64/RISC-V Linux Kernel image from memory.
Yes, please.
Best regards
Heinrich
> ```
>
> Best regards,
> Rover
>
> At 2021-11-04 02:24:34, "Heinrich Schuchardt" <xypron.glpk at gmx.de> wrote:
>>On 11/3/21 08:44, Rover Mo wrote:
>>> To prevent boot unsigned images, same as CONFIG_LEGACY_IMAGE_FORMAT,
>>
>>nits:
>>%s/boot/booting/
>>
>>> don't enable CONFIG_CMD_BOOTI and CONFIG_CMD_BOOTI by default if
>>> CONFIG_FIT_SIGNATURE is enabled.
>>
>>Disabling the booti and the bootz command does not stop you from booting
>>unsigned images, e.g. using the bootefi command.
>>
>>>
>>> Signed-off-by: Yuezhang.Mo <myzmzz at 126.com>
>>> ---
>>> cmd/Kconfig | 11 ++++++++++-
>>> 1 file changed, 10 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/cmd/Kconfig b/cmd/Kconfig
>>> index 5b30b13e43..5f9dd91928 100644
>>> --- a/cmd/Kconfig
>>> +++ b/cmd/Kconfig
>>> @@ -203,15 +203,24 @@ config BOOTM_EFI
>>>
>>> config CMD_BOOTZ
>>> bool "bootz"
>>> + default y if !FIT_SIGNATURE
>>> help
>>> Boot the Linux zImage
>>> + It is enabled by default for backward compatibility, unless
>>> + FIT_SIGNATURE is set where it is disabled so that unsigned images
>>> + cannot be loaded. If a board needs to boot a Linux zImage in this
>>> + case, enable it here.
>>>
>>> config CMD_BOOTI
>>> bool "booti"
>>> depends on ARM64 || RISCV
>>> - default y
>>> + default y if !FIT_SIGNATURE
>>
>>How about CONFIG_EFI_SECURE_BOOT? Should this also disable the default?
>>
>>> help
>>> Boot an AArch64 Linux Kernel image from memory.
>>> + It is enabled by default for backward compatibility, unless
>>
>>Backwards relative to UEFI?
>>
>>This focuses very much on default values. How about:
>>
>>"The booti command is used for launching unsigned AArch64 and RISC-V
>>Linux kernel images. If you want to have secure boot either via signed
>>FIT images or via signed UEFI images, this option should be disabled."
>>
>>> + FIT_SIGNATURE is set where it is disabled so that unsigned images
>>> + cannot be loaded. If a board needs to boot an AArch64 Linux Kernel
>>
>>Why AArch64 and not RISC-V?
>>
>>Who needs all those lines.
>>
>>Best regards
>>
>>Heinrich
>>
>>> + image in this case, enable it here.
>>>
>>> config BOOTM_LINUX
>>> bool "Support booting Linux OS images"
>>>
>
>
>
More information about the U-Boot
mailing list