[PATCH v3 1/2] boot: don't enable the non-secure boot commands by default if secure boot enabled
Rover Mo
myzmzz at 126.com
Fri May 20 10:44:42 CEST 2022
At 2022-05-20 14:34:18, "Heinrich Schuchardt" <xypron.glpk at gmx.de> wrote:
>Am 20. Mai 2022 04:58:46 MESZ schrieb Rover Mo <myzmzz at 126.com>:
>
>Having EFI_SECURE_BOOT=y is not enough to use secure boot. You must also supply variables PK, KEK, db, dbx.
>
>Furthermore you would have to disable a whole lot more commands to secure the device.
>
>Currently we have patches in review to provide a bootmenu with optionally no access to the console. This is a better approach.
Thank you for your explanation.
Please forget my patches.
Best regards,
Rover Mo
More information about the U-Boot
mailing list