[PATCH v3 1/2] boot: don't enable the non-secure boot commands by default if secure boot enabled

Rover Mo myzmzz at 126.com
Fri May 20 10:44:42 CEST 2022


At 2022-05-20 14:34:18, "Heinrich Schuchardt" <xypron.glpk at gmx.de> wrote:
>Am 20. Mai 2022 04:58:46 MESZ schrieb Rover Mo <myzmzz at 126.com>:

>
>Having EFI_SECURE_BOOT=y is not enough to use secure boot. You must also supply variables PK, KEK, db, dbx.
>
>Furthermore you would have to disable a whole lot more commands to secure the device.
>
>Currently we have patches in review to provide a bootmenu with optionally no access to the console. This is a better approach.
Thank you for your explanation.


Please forget my patches.


Best regards,
Rover Mo


More information about the U-Boot mailing list