[PATCH] boot: don't enable booti/bootz by default if FIT_SIGNATURE is set
Simon Glass
sjg at chromium.org
Thu Nov 4 16:11:54 CET 2021
Hi,
On Thu, 4 Nov 2021 at 05:23, Heinrich Schuchardt <xypron.glpk at gmx.de> wrote:
>
>
>
> On 11/4/21 04:11, Rover Mo wrote:
> > Dear Heinrich,
> >
> >
> > Thank for your comments.
> >
> >
> > >How about CONFIG_EFI_SECURE_BOOT? Should this also disable the default?
> >
> > I think yes.
> > I will update the relation to "default y if !FIT_SIGNATURE &&
> > !EFI_SECURE_BOOT",
> > and add "!EFI_SECURE_BOOT" into LEGACY_IMAGE_FORMAT.
> >
> >>> + It is enabled by default for backward compatibility, unless
> >>
> >>Backwards relative to UEFI?
> >
> > No.
> >
> > This description is from CONFIG_LEGACY_IMAGE_FORMAT.
> >
> > ```
> > config LEGACY_IMAGE_FORMAT
> > bool "Enable support for the legacy image format"
> > default y if !FIT_SIGNATURE
> > help
> > This option enables the legacy image format. It is enabled by
> > default for backward compatibility, unless FIT_SIGNATURE is
> > set where it is disabled so that unsigned images cannot be
> > loaded. If a board needs the legacy image format support in this
> > case, enable it here.
> > ```
> >
> > In my understand,this backward compatibility is to support both secure boot and
> > non-secure boot when necessary.
> >
> >>This focuses very much on default values. How about:
> >>
> >>"The booti command is used for launching unsigned AArch64 and RISC-V
> >>Linux kernel images. If you want to have secure boot either via signed
> >>FIT images or via signed UEFI images, this option should be disabled."
> >
> > I agree, this description is more comprehensive.
> >
> > So that I want to update the commit title to "boot: don't enable thenon-secure boot commands by default ifsecure boot enabled"
> >
> >>Why AArch64 and not RISC-V?
> >
> > The help information of CMD_BOOTI only mentions AArch64, so I followed it.
> >
> > Should I update as following?
> > ```diff
> > - Boot an AArch64 Linux Kernel image from memory.
> > + Boot an AArch64/RISC-V Linux Kernel image from memory.
>
> Yes, please.
Also please do check tests (make qcheck) since sandbox enables more
options than most boards.
- Simon
>
> Best regards
>
> Heinrich
>
> > ```
> >
> > Best regards,
> > Rover
> >
> > At 2021-11-04 02:24:34, "Heinrich Schuchardt" <xypron.glpk at gmx.de> wrote:
> >>On 11/3/21 08:44, Rover Mo wrote:
> >>> To prevent boot unsigned images, same as CONFIG_LEGACY_IMAGE_FORMAT,
> >>
> >>nits:
> >>%s/boot/booting/
> >>
> >>> don't enable CONFIG_CMD_BOOTI and CONFIG_CMD_BOOTI by default if
> >>> CONFIG_FIT_SIGNATURE is enabled.
> >>
> >>Disabling the booti and the bootz command does not stop you from booting
> >>unsigned images, e.g. using the bootefi command.
> >>
> >>>
> >>> Signed-off-by: Yuezhang.Mo <myzmzz at 126.com>
> >>> ---
> >>> cmd/Kconfig | 11 ++++++++++-
> >>> 1 file changed, 10 insertions(+), 1 deletion(-)
> >>>
> >>> diff --git a/cmd/Kconfig b/cmd/Kconfig
> >>> index 5b30b13e43..5f9dd91928 100644
> >>> --- a/cmd/Kconfig
> >>> +++ b/cmd/Kconfig
> >>> @@ -203,15 +203,24 @@ config BOOTM_EFI
> >>>
> >>> config CMD_BOOTZ
> >>> bool "bootz"
> >>> + default y if !FIT_SIGNATURE
> >>> help
> >>> Boot the Linux zImage
> >>> + It is enabled by default for backward compatibility, unless
> >>> + FIT_SIGNATURE is set where it is disabled so that unsigned images
> >>> + cannot be loaded. If a board needs to boot a Linux zImage in this
> >>> + case, enable it here.
> >>>
> >>> config CMD_BOOTI
> >>> bool "booti"
> >>> depends on ARM64 || RISCV
> >>> - default y
> >>> + default y if !FIT_SIGNATURE
> >>
> >>How about CONFIG_EFI_SECURE_BOOT? Should this also disable the default?
> >>
> >>> help
> >>> Boot an AArch64 Linux Kernel image from memory.
> >>> + It is enabled by default for backward compatibility, unless
> >>
> >>Backwards relative to UEFI?
> >>
> >>This focuses very much on default values. How about:
> >>
> >>"The booti command is used for launching unsigned AArch64 and RISC-V
> >>Linux kernel images. If you want to have secure boot either via signed
> >>FIT images or via signed UEFI images, this option should be disabled."
> >>
> >>> + FIT_SIGNATURE is set where it is disabled so that unsigned images
> >>> + cannot be loaded. If a board needs to boot an AArch64 Linux Kernel
> >>
> >>Why AArch64 and not RISC-V?
> >>
> >>Who needs all those lines.
> >>
> >>Best regards
> >>
> >>Heinrich
> >>
> >>> + image in this case, enable it here.
> >>>
> >>> config BOOTM_LINUX
> >>> bool "Support booting Linux OS images"
> >>>
> >
> >
> >
More information about the U-Boot
mailing list