| Message ID | 53153039.1c7b.180df673dae.Coremail.myzmzz@126.com |
|---|---|
| State | Rejected |
| Delegated to: | Tom Rini |
| Headers | show |
| Series | boot: don't enable the non-secure boot commands by default if secure boot enabled | expand |
Am 20. Mai 2022 04:58:46 MESZ schrieb Rover Mo <myzmzz@126.com>: >To prevent booting unsigned images, don't enable the non-secure boot >commands(booti, bootz .etc) by default if secure boot enabled. > >Signed-off-by: Rover Mo <myzmzz@126.com> >--- > boot/Kconfig | 2 +- > cmd/Kconfig | 11 +++++++++-- > 2 files changed, 10 insertions(+), 3 deletions(-) > >diff --git a/boot/Kconfig b/boot/Kconfig >index dff4d23b88..cebe4e24fe 100644 >--- a/boot/Kconfig >+++ b/boot/Kconfig >@@ -407,7 +407,7 @@ endif > > config LEGACY_IMAGE_FORMAT > bool "Enable support for the legacy image format" >- default y if !FIT_SIGNATURE && !TI_SECURE_DEVICE >+ default y if !FIT_SIGNATURE && !TI_SECURE_DEVICE && !EFI_SECURE_BOOT Having EFI_SECURE_BOOT=y is not enough to use secure boot. You must also supply variables PK, KEK, db, dbx. Furthermore you would have to disable a whole lot more commands to secure the device. Currently we have patches in review to provide a bootmenu with optionally no access to the console. This is a better approach. Best regards Heinrich > help > This option enables the legacy image format. It is enabled by > default for backward compatibility, unless FIT_SIGNATURE is >diff --git a/cmd/Kconfig b/cmd/Kconfig >index 69c1814d24..6baa85bfdd 100644 >--- a/cmd/Kconfig >+++ b/cmd/Kconfig >@@ -259,15 +259,22 @@ config BOOTM_EFI > > config CMD_BOOTZ > bool "bootz" >+ default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT > help > Boot the Linux zImage >+ The booti command is used for launching unsigned Linux zImage. >+ If you want to have secure boot either via signed FIT images or via >+ signed UEFI images, this option should be disabled. > > config CMD_BOOTI > bool "booti" > depends on ARM64 || RISCV >- default y >+ default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT > help >- Boot an AArch64 Linux Kernel image from memory. >+ Boot an AArch64/RISC-V Linux Kernel image from memory. >+ The booti command is used for launching unsigned AArch64 and RISC-V >+ Linux kernel images. If you want to have secure boot either via signed >+ FIT images or via signed UEFI images, this option should be disabled. > > config BOOTM_LINUX > bool "Support booting Linux OS images" >-- >2.25.1
At 2022-05-20 14:34:18, "Heinrich Schuchardt" <xypron.glpk@gmx.de> wrote: >Am 20. Mai 2022 04:58:46 MESZ schrieb Rover Mo <myzmzz@126.com>: > >Having EFI_SECURE_BOOT=y is not enough to use secure boot. You must also supply variables PK, KEK, db, dbx. > >Furthermore you would have to disable a whole lot more commands to secure the device. > >Currently we have patches in review to provide a bootmenu with optionally no access to the console. This is a better approach. Thank you for your explanation. Please forget my patches. Best regards, Rover Mo
diff --git a/boot/Kconfig b/boot/Kconfig index dff4d23b88..cebe4e24fe 100644 --- a/boot/Kconfig +++ b/boot/Kconfig @@ -407,7 +407,7 @@ endif config LEGACY_IMAGE_FORMAT bool "Enable support for the legacy image format" - default y if !FIT_SIGNATURE && !TI_SECURE_DEVICE + default y if !FIT_SIGNATURE && !TI_SECURE_DEVICE && !EFI_SECURE_BOOT help This option enables the legacy image format. It is enabled by default for backward compatibility, unless FIT_SIGNATURE is diff --git a/cmd/Kconfig b/cmd/Kconfig index 69c1814d24..6baa85bfdd 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -259,15 +259,22 @@ config BOOTM_EFI config CMD_BOOTZ bool "bootz" + default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT help Boot the Linux zImage + The booti command is used for launching unsigned Linux zImage. + If you want to have secure boot either via signed FIT images or via + signed UEFI images, this option should be disabled. config CMD_BOOTI bool "booti" depends on ARM64 || RISCV - default y + default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT help - Boot an AArch64 Linux Kernel image from memory. + Boot an AArch64/RISC-V Linux Kernel image from memory. + The booti command is used for launching unsigned AArch64 and RISC-V + Linux kernel images. If you want to have secure boot either via signed + FIT images or via signed UEFI images, this option should be disabled. config BOOTM_LINUX bool "Support booting Linux OS images"
To prevent booting unsigned images, don't enable the non-secure boot commands(booti, bootz .etc) by default if secure boot enabled. Signed-off-by: Rover Mo <myzmzz@126.com> --- boot/Kconfig | 2 +- cmd/Kconfig | 11 +++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-)