Dear Simon, In message <CAPnjgZ1_Cf-eu592YqF0=th7mt1da6gh7pv1lxaf79kv8lw...@mail.gmail.com> you wrote: > > I agree that it might be dangerous to allow legacy boot when signature > verification is used. It would be nice to fix that.
I think there is general agreement on this point. > This means that legacy is on by default, unless signature verification > is enabled, in which case the default flips. But I worry that it might > only confuse people. This seems like a Wolfgang / Tom question :-) OK, here is my 0.02€ to it: I think, no matter how we implement it, this should exactly the behaviour. Average users tend to avoid reading documentation, so if they enable signature verification the most likely want a secure system, so we should give them just that. Only if someone really knows what he is doing he should be able to enable support for (insecure) legacy images. As for the implementation - yes, the #ifdef CONFIG_FIT_SIGNATURE_VERIFICATION approach indeed does not look very nice, but then, it appears to be the straightforward implementation of what we want to do? Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de Time is an illusion perpetrated by the manufacturers of space. _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot