[PATCH] disable VBE by default
Ilias Apalodimas
ilias.apalodimas at linaro.org
Tue Jun 17 08:39:25 CEST 2025
On Sun Jun 15, 2025 at 12:33 PM EEST, Peter Robinson wrote:
> The VBE protocol needs explicit device support and as
> such isn't particularly useful by itself without that,
> it also adds size and the potential of an attack vector
> so devices that wish to use this protocol should
> explicitly opt in to it like all other large features
> in U-Boot.
>
> Signed-off-by: Peter Robinson <pbrobinson at gmail.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> ---
> boot/Kconfig | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/boot/Kconfig b/boot/Kconfig
> index 30eb5b328d7..e8c3fbcb11d 100644
> --- a/boot/Kconfig
> +++ b/boot/Kconfig
> @@ -635,7 +635,6 @@ config BOOTMETH_QFW
> config BOOTMETH_VBE
> bool "Bootdev support for Verified Boot for Embedded"
> depends on FIT
> - default y
> select BOOTMETH_GLOBAL
> select EVENT
> help
More information about the U-Boot
mailing list