[PATCH v2] boot: don't enable the non-secure boot commands by default if secure boot enabled
Simon Glass
sjg at chromium.org
Thu Nov 25 01:11:58 CET 2021
On Tue, 9 Nov 2021 at 00:23, Rover Mo <myzmzz at 126.com> wrote:
>
> To prevent booting unsigned images, don't enable the non-secure boot
> commands(booti, bootz .etc) by default if secure boot enabled.
>
> Signed-off-by: Rover Mo <myzmzz at 126.com>
> Cc: Heinrich Schuchardt <xypron.glpk at gmx.de>
> Cc: Simon Glass <sjg at chromium.org>
>
> ---
>
> Changes for v2:
> - Don't enable the non-secure boot commands too if !EFI_SECURE_BOOT
> - Update the help information
> - Changed commit title
>
> cmd/Kconfig | 11 +++++++++--
> common/Kconfig.boot | 2 +-
> 2 files changed, 10 insertions(+), 3 deletions(-)
Reviewed-by: Simon Glass <sjg at chromium.org>
Tested-on: coral, sandbox
Tested-by: Simon Glass <sjg at chromium.org>
More information about the U-Boot
mailing list