On 11/4/21 04:11, Rover Mo wrote:
Dear Heinrich,
Thank for your comments.
>How about CONFIG_EFI_SECURE_BOOT? Should this also disable the default?
I think yes.
I will update the relation to "default y if !FIT_SIGNATURE &&
!EFI_SECURE_BOOT",
and add "!EFI_SECURE_BOOT" into LEGACY_IMAGE_FORMAT.
+ It is enabled by default for backward compatibility, unless
Backwards relative to UEFI?
No.
This description is from CONFIG_LEGACY_IMAGE_FORMAT.
```
config LEGACY_IMAGE_FORMAT
bool "Enable support for the legacy image format"
default y if !FIT_SIGNATURE
help
This option enables the legacy image format. It is enabled by
default for backward compatibility, unless FIT_SIGNATURE is
set where it is disabled so that unsigned images cannot be
loaded. If a board needs the legacy image format support in this
case, enable it here.
```
In my understand,this backward compatibility is to support both secure boot and
non-secure boot when necessary.
This focuses very much on default values. How about:
"The booti command is used for launching unsigned AArch64 and RISC-V
Linux kernel images. If you want to have secure boot either via signed
FIT images or via signed UEFI images, this option should be disabled."
I agree, this description is more comprehensive.
So that I want to update the commit title to "boot: don't enable thenon-secure boot
commands by default ifsecure boot enabled"
Why AArch64 and not RISC-V?
The help information of CMD_BOOTI only mentions AArch64, so I followed it.
Should I update as following?
```diff
- Boot an AArch64 Linux Kernel image from memory.
+ Boot an AArch64/RISC-V Linux Kernel image from memory.
Yes, please.
Best regards
Heinrich
```
Best regards,
Rover
At 2021-11-04 02:24:34, "Heinrich Schuchardt" <xypron.g...@gmx.de> wrote:
On 11/3/21 08:44, Rover Mo wrote:
To prevent boot unsigned images, same as CONFIG_LEGACY_IMAGE_FORMAT,
nits:
%s/boot/booting/
don't enable CONFIG_CMD_BOOTI and CONFIG_CMD_BOOTI by default if
CONFIG_FIT_SIGNATURE is enabled.
Disabling the booti and the bootz command does not stop you from booting
unsigned images, e.g. using the bootefi command.
Signed-off-by: Yuezhang.Mo <myz...@126.com>
---
cmd/Kconfig | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/cmd/Kconfig b/cmd/Kconfig
index 5b30b13e43..5f9dd91928 100644
--- a/cmd/Kconfig
+++ b/cmd/Kconfig
@@ -203,15 +203,24 @@ config BOOTM_EFI
config CMD_BOOTZ
bool "bootz"
+ default y if !FIT_SIGNATURE
help
Boot the Linux zImage
+ It is enabled by default for backward compatibility, unless
+ FIT_SIGNATURE is set where it is disabled so that unsigned images
+ cannot be loaded. If a board needs to boot a Linux zImage in this
+ case, enable it here.
config CMD_BOOTI
bool "booti"
depends on ARM64 || RISCV
- default y
+ default y if !FIT_SIGNATURE
How about CONFIG_EFI_SECURE_BOOT? Should this also disable the default?
help
Boot an AArch64 Linux Kernel image from memory.
+ It is enabled by default for backward compatibility, unless
Backwards relative to UEFI?
This focuses very much on default values. How about:
"The booti command is used for launching unsigned AArch64 and RISC-V
Linux kernel images. If you want to have secure boot either via signed
FIT images or via signed UEFI images, this option should be disabled."
+ FIT_SIGNATURE is set where it is disabled so that unsigned images
+ cannot be loaded. If a board needs to boot an AArch64 Linux Kernel
Why AArch64 and not RISC-V?
Who needs all those lines.
Best regards
Heinrich
+ image in this case, enable it here.
config BOOTM_LINUX
bool "Support booting Linux OS images"
