On Fri, May 09, 2014 at 12:47:44PM -0600, Simon Glass wrote: > Hi Wolfgang, > > On 9 May 2014 07:35, Wolfgang Denk <w...@denx.de> wrote: > > Dear Simon, > > > > In message > > <CAPnjgZ1_Cf-eu592YqF0=th7mt1da6gh7pv1lxaf79kv8lw...@mail.gmail.com> you > > wrote: > >> > >> I agree that it might be dangerous to allow legacy boot when signature > >> verification is used. It would be nice to fix that. > > > > I think there is general agreement on this point. > > > >> This means that legacy is on by default, unless signature verification > >> is enabled, in which case the default flips. But I worry that it might > >> only confuse people. This seems like a Wolfgang / Tom question :-) > > > > OK, here is my 0.02€ to it: > > > > I think, no matter how we implement it, this should exactly the > > behaviour. Average users tend to avoid reading documentation, so if > > they enable signature verification the most likely want a secure > > system, so we should give them just that. Only if someone really > > knows what he is doing he should be able to enable support for > > (insecure) legacy images. > > > > As for the implementation - yes, the > > #ifdef CONFIG_FIT_SIGNATURE_VERIFICATION > > approach indeed does not look very nice, but then, it appears to be > > the straightforward implementation of what we want to do? > > OK, well in that case, let's do it that way.
Agreed, then we can look for clever ways to refactor the code after. -- Tom
signature.asc
Description: Digital signature
_______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
