To prevent booting unsigned images, don't enable the non-secure boot
commands(booti, bootz .etc) by default if secure boot enabled.
Signed-off-by: Rover Mo <myz...@126.com>
Cc: Heinrich Schuchardt <xypron.g...@gmx.de>
Cc: Simon Glass <s...@chromium.org>
---
Changes for v2:
- Don't enable the non-secure boot commands too if !EFI_SECURE_BOOT
- Update the help information
- Changed commit title
cmd/Kconfig | 11 +++++++++--
common/Kconfig.boot | 2 +-
2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/cmd/Kconfig b/cmd/Kconfig
index 5b30b13e43..98c588e638 100644
--- a/cmd/Kconfig
+++ b/cmd/Kconfig
@@ -203,15 +203,22 @@ config BOOTM_EFI
config CMD_BOOTZ
bool "bootz"
+ default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT
help
Boot the Linux zImage
+ The bootz command is used for launching unsigned Linux zImage.
+ If you want to have secure boot either via signed FIT images or via
+ signed UEFI images, this option should be disabled.
config CMD_BOOTI
bool "booti"
depends on ARM64 || RISCV
- default y
+ default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT
help
- Boot an AArch64 Linux Kernel image from memory.
+ Boot an AArch64/RISC-V Linux Kernel image from memory.
+ The booti command is used for launching unsigned AArch64 and RISC-V
+ Linux kernel images. If you want to have secure boot either via signed
+ FIT images or via signed UEFI images, this option should be disabled.
config BOOTM_LINUX
bool "Support booting Linux OS images"
diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index a8d4be23a9..574f35b42e 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -283,7 +283,7 @@ endif # FIT
config LEGACY_IMAGE_FORMAT
bool "Enable support for the legacy image format"
- default y if !FIT_SIGNATURE
+ default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT
help
This option enables the legacy image format. It is enabled by
default for backward compatibility, unless FIT_SIGNATURE is
--
2.25.1
