* [PATCH v2] boot: don't enable the non-secure boot commands by default if secure boot enabled
@ 2021-11-09 7:21 Rover Mo
2021-11-09 7:30 ` Rover Mo
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Rover Mo @ 2021-11-09 7:21 UTC (permalink / raw)
To: u-boot; +Cc: sjg, xypron.glpk, michal.simek, patrick.delaunay, bmeng.cn
To prevent booting unsigned images, don't enable the non-secure boot
commands(booti, bootz .etc) by default if secure boot enabled.
Signed-off-by: Rover Mo <myzmzz@126.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Simon Glass <sjg@chromium.org>
---
Changes for v2:
- Don't enable the non-secure boot commands too if !EFI_SECURE_BOOT
- Update the help information
- Changed commit title
cmd/Kconfig | 11 +++++++++--
common/Kconfig.boot | 2 +-
2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/cmd/Kconfig b/cmd/Kconfig
index 5b30b13e43..98c588e638 100644
--- a/cmd/Kconfig
+++ b/cmd/Kconfig
@@ -203,15 +203,22 @@ config BOOTM_EFI
config CMD_BOOTZ
bool "bootz"
+ default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT
help
Boot the Linux zImage
+ The bootz command is used for launching unsigned Linux zImage.
+ If you want to have secure boot either via signed FIT images or via
+ signed UEFI images, this option should be disabled.
config CMD_BOOTI
bool "booti"
depends on ARM64 || RISCV
- default y
+ default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT
help
- Boot an AArch64 Linux Kernel image from memory.
+ Boot an AArch64/RISC-V Linux Kernel image from memory.
+ The booti command is used for launching unsigned AArch64 and RISC-V
+ Linux kernel images. If you want to have secure boot either via signed
+ FIT images or via signed UEFI images, this option should be disabled.
config BOOTM_LINUX
bool "Support booting Linux OS images"
diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index a8d4be23a9..574f35b42e 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -283,7 +283,7 @@ endif # FIT
config LEGACY_IMAGE_FORMAT
bool "Enable support for the legacy image format"
- default y if !FIT_SIGNATURE
+ default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT
help
This option enables the legacy image format. It is enabled by
default for backward compatibility, unless FIT_SIGNATURE is
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re:[PATCH v2] boot: don't enable the non-secure boot commands by default if secure boot enabled
2021-11-09 7:21 [PATCH v2] boot: don't enable the non-secure boot commands by default if secure boot enabled Rover Mo
@ 2021-11-09 7:30 ` Rover Mo
2021-11-09 8:54 ` [PATCH " Heinrich Schuchardt
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Rover Mo @ 2021-11-09 7:30 UTC (permalink / raw)
To: sjg; +Cc: u-boot
[-- Attachment #1: Type: text/plain, Size: 2338 bytes --]
Dear Simon Glass,
> Also please do check tests (make qcheck) since sandbox enables more
> options than most boards.
All tests passed, please check the detailed log in the attachment.
Best regards,
Rover Mo
At 2021-11-09 15:21:43, "Rover Mo" <myzmzz@126.com> wrote:
>To prevent booting unsigned images, don't enable the non-secure boot
>commands(booti, bootz .etc) by default if secure boot enabled.
>
>Signed-off-by: Rover Mo <myzmzz@126.com>
>Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
>Cc: Simon Glass <sjg@chromium.org>
>
>---
>
>Changes for v2:
> - Don't enable the non-secure boot commands too if !EFI_SECURE_BOOT
> - Update the help information
> - Changed commit title
>
> cmd/Kconfig | 11 +++++++++--
> common/Kconfig.boot | 2 +-
> 2 files changed, 10 insertions(+), 3 deletions(-)
>
>diff --git a/cmd/Kconfig b/cmd/Kconfig
>index 5b30b13e43..98c588e638 100644
>--- a/cmd/Kconfig
>+++ b/cmd/Kconfig
>@@ -203,15 +203,22 @@ config BOOTM_EFI
>
> config CMD_BOOTZ
> bool "bootz"
>+ default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT
> help
> Boot the Linux zImage
>+ The bootz command is used for launching unsigned Linux zImage.
>+ If you want to have secure boot either via signed FIT images or via
>+ signed UEFI images, this option should be disabled.
>
> config CMD_BOOTI
> bool "booti"
> depends on ARM64 || RISCV
>- default y
>+ default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT
> help
>- Boot an AArch64 Linux Kernel image from memory.
>+ Boot an AArch64/RISC-V Linux Kernel image from memory.
>+ The booti command is used for launching unsigned AArch64 and RISC-V
>+ Linux kernel images. If you want to have secure boot either via signed
>+ FIT images or via signed UEFI images, this option should be disabled.
>
> config BOOTM_LINUX
> bool "Support booting Linux OS images"
>diff --git a/common/Kconfig.boot b/common/Kconfig.boot
>index a8d4be23a9..574f35b42e 100644
>--- a/common/Kconfig.boot
>+++ b/common/Kconfig.boot
>@@ -283,7 +283,7 @@ endif # FIT
>
> config LEGACY_IMAGE_FORMAT
> bool "Enable support for the legacy image format"
>- default y if !FIT_SIGNATURE
>+ default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT
> help
> This option enables the legacy image format. It is enabled by
> default for backward compatibility, unless FIT_SIGNATURE is
>--
>2.25.1
[-- Attachment #2: make-qcheck.log --]
[-- Type: text/plain, Size: 13078 bytes --]
/work/open-source/bootloader/u-boot$ make qcheck
./test/run quick
sandbox: +make O=/work/open-source/bootloader/u-boot/build-sandbox -s sandbox_defconfig
+make O=/work/open-source/bootloader/u-boot/build-sandbox -s -j8
================================================================= test session starts ==================================================================
platform linux -- Python 3.8.10, pytest-6.2.5, py-1.10.0, pluggy-0.13.1
rootdir: /work/open-source/bootloader/u-boot/test/py, configfile: pytest.ini
collected 854 items / 111 deselected / 743 selected
test/py/tests/test_000_version.py . [ 0%]
test/py/tests/test_bind.py .. [ 0%]
test/py/tests/test_button.py .. [ 0%]
test/py/tests/test_dfu.py s [ 0%]
test/py/tests/test_dm.py ... [ 1%]
test/py/tests/test_efi_fit.py . [ 1%]
test/py/tests/test_efi_loader.py .sss.s [ 2%]
test/py/tests/test_efi_selftest.py sssss [ 2%]
test/py/tests/test_env.py ............... [ 4%]
test/py/tests/test_extension.py . [ 4%]
test/py/tests/test_fit.py . [ 5%]
test/py/tests/test_fit_ecdsa.py . [ 5%]
test/py/tests/test_fit_hashes.py . [ 5%]
test/py/tests/test_fpga.py ssssssssssssssssssssssssssss [ 9%]
test/py/tests/test_gpio.py .. [ 9%]
test/py/tests/test_gpt.py ....... [ 10%]
test/py/tests/test_handoff.py s [ 10%]
test/py/tests/test_help.py . [ 10%]
test/py/tests/test_hush_if_test.py .................................................................... [ 19%]
test/py/tests/test_log.py s. [ 20%]
test/py/tests/test_lsblk.py . [ 20%]
test/py/tests/test_md.py .. [ 20%]
test/py/tests/test_mmc_rd.py ssss [ 20%]
test/py/tests/test_mmc_wr.py s [ 21%]
test/py/tests/test_net.py .sssss [ 21%]
test/py/tests/test_ofplatdata.py s [ 22%]
test/py/tests/test_part.py . [ 22%]
test/py/tests/test_pinmux.py ....... [ 23%]
test/py/tests/test_pstore.py ... [ 23%]
test/py/tests/test_qfw.py .. [ 23%]
test/py/tests/test_sandbox_exit.py ..s. [ 24%]
test/py/tests/test_scp03.py . [ 24%]
test/py/tests/test_sf.py ssss [ 25%]
test/py/tests/test_shell_basics.py .... [ 25%]
test/py/tests/test_sleep.py s [ 25%]
test/py/tests/test_spl.py s [ 25%]
test/py/tests/test_stackprotector.py . [ 25%]
test/py/tests/test_tpm2.py ........... [ 27%]
test/py/tests/test_ums.py s [ 27%]
test/py/tests/test_unknown_cmd.py . [ 27%]
test/py/tests/test_ut.py ....................................................................................................................... [ 43%]
................................................................................................................................................ [ 63%]
................................................................................................................................................ [ 82%]
............................................................................................................. [ 97%]
test/py/tests/test_vboot.py .......... [ 98%]
test/py/tests/test_android/test_ab.py . [ 98%]
test/py/tests/test_android/test_abootimg.py . [ 98%]
test/py/tests/test_android/test_avb.py ss..s. [ 99%]
test/py/tests/test_fs/test_fs_cmd.py . [ 99%]
test/py/tests/test_fs/test_squashfs/test_sqfs_load.py . [ 99%]
test/py/tests/test_fs/test_squashfs/test_sqfs_ls.py . [100%]
============================================== 681 passed, 62 skipped, 111 deselected in 63.16s (0:01:03) ==============================================
sandbox_spl: +make O=/work/open-source/bootloader/u-boot/build-sandbox_spl -s sandbox_spl_defconfig
+make O=/work/open-source/bootloader/u-boot/build-sandbox_spl -s -j8
================================================================= test session starts ==================================================================
platform linux -- Python 3.8.10, pytest-6.2.5, py-1.10.0, pluggy-0.13.1
rootdir: /work/open-source/bootloader/u-boot/test/py, configfile: pytest.ini
collected 798 items / 787 deselected / 11 selected
test/py/tests/test_handoff.py . [ 9%]
test/py/tests/test_ofplatdata.py . [ 18%]
test/py/tests/test_spl.py ......... [100%]
========================================================== 11 passed, 787 deselected in 6.47s ==========================================================
sandbox_spl: +make O=/work/open-source/bootloader/u-boot/build-sandbox_noinst -s sandbox_noinst_defconfig
+make O=/work/open-source/bootloader/u-boot/build-sandbox_noinst -s -j8
================================================================= test session starts ==================================================================
platform linux -- Python 3.8.10, pytest-6.2.5, py-1.10.0, pluggy-0.13.1
rootdir: /work/open-source/bootloader/u-boot/test/py, configfile: pytest.ini
collected 798 items / 787 deselected / 11 selected
test/py/tests/test_handoff.py s [ 9%]
test/py/tests/test_ofplatdata.py s [ 18%]
test/py/tests/test_spl.py ......... [100%]
===================================================== 9 passed, 2 skipped, 787 deselected in 6.44s =====================================================
sandbox_flattree: +make O=/work/open-source/bootloader/u-boot/build-sandbox_flattree -s sandbox_flattree_defconfig
+make O=/work/open-source/bootloader/u-boot/build-sandbox_flattree -s -j8
================================================================= test session starts ==================================================================
platform linux -- Python 3.8.10, pytest-6.2.5, py-1.10.0, pluggy-0.13.1
rootdir: /work/open-source/bootloader/u-boot/test/py, configfile: pytest.ini
collected 794 items / 338 deselected / 456 selected
test/py/tests/test_ut.py ....................................................................................................................... [ 26%]
................................................................................................................................................ [ 57%]
................................................................................................................................................ [ 89%]
................................................. [100%]
========================================================= 456 passed, 338 deselected in 8.67s ==========================================================
binman: <unittest.result.TestResult run=322 errors=0 failures=0>
patman: <unittest.result.TestResult run=44 errors=0 failures=0>
buildman: <unittest.result.TestResult run=46 errors=0 failures=0>
fdt: <unittest.result.TestResult run=41 errors=0 failures=0>
dtoc: <unittest.result.TestResult run=62 errors=0 failures=0>
binman code coverage: <unittest.result.TestResult run=322 errors=0 failures=0>
100%
dtoc code coverage: <unittest.result.TestResult run=62 errors=0 failures=0>
100%
fdt code coverage: <unittest.result.TestResult run=41 errors=0 failures=0>
100%
Tests passed!
/work/open-source/bootloader/u-boot$
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2] boot: don't enable the non-secure boot commands by default if secure boot enabled
2021-11-09 7:21 [PATCH v2] boot: don't enable the non-secure boot commands by default if secure boot enabled Rover Mo
2021-11-09 7:30 ` Rover Mo
@ 2021-11-09 8:54 ` Heinrich Schuchardt
2021-11-25 0:11 ` Simon Glass
2022-04-12 0:51 ` Tom Rini
3 siblings, 0 replies; 5+ messages in thread
From: Heinrich Schuchardt @ 2021-11-09 8:54 UTC (permalink / raw)
To: Rover Mo, u-boot; +Cc: sjg, michal.simek, patrick.delaunay, bmeng.cn
On 11/9/21 08:21, Rover Mo wrote:
> To prevent booting unsigned images, don't enable the non-secure boot
> commands(booti, bootz .etc) by default if secure boot enabled.
>
> Signed-off-by: Rover Mo <myzmzz@126.com>
> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
> Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2] boot: don't enable the non-secure boot commands by default if secure boot enabled
2021-11-09 7:21 [PATCH v2] boot: don't enable the non-secure boot commands by default if secure boot enabled Rover Mo
2021-11-09 7:30 ` Rover Mo
2021-11-09 8:54 ` [PATCH " Heinrich Schuchardt
@ 2021-11-25 0:11 ` Simon Glass
2022-04-12 0:51 ` Tom Rini
3 siblings, 0 replies; 5+ messages in thread
From: Simon Glass @ 2021-11-25 0:11 UTC (permalink / raw)
To: Rover Mo; +Cc: u-boot, xypron.glpk, michal.simek, patrick.delaunay, bmeng.cn
On Tue, 9 Nov 2021 at 00:23, Rover Mo <myzmzz@126.com> wrote:
>
> To prevent booting unsigned images, don't enable the non-secure boot
> commands(booti, bootz .etc) by default if secure boot enabled.
>
> Signed-off-by: Rover Mo <myzmzz@126.com>
> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
> Cc: Simon Glass <sjg@chromium.org>
>
> ---
>
> Changes for v2:
> - Don't enable the non-secure boot commands too if !EFI_SECURE_BOOT
> - Update the help information
> - Changed commit title
>
> cmd/Kconfig | 11 +++++++++--
> common/Kconfig.boot | 2 +-
> 2 files changed, 10 insertions(+), 3 deletions(-)
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-on: coral, sandbox
Tested-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2] boot: don't enable the non-secure boot commands by default if secure boot enabled
2021-11-09 7:21 [PATCH v2] boot: don't enable the non-secure boot commands by default if secure boot enabled Rover Mo
` (2 preceding siblings ...)
2021-11-25 0:11 ` Simon Glass
@ 2022-04-12 0:51 ` Tom Rini
3 siblings, 0 replies; 5+ messages in thread
From: Tom Rini @ 2022-04-12 0:51 UTC (permalink / raw)
To: Rover Mo
Cc: u-boot, sjg, xypron.glpk, michal.simek, patrick.delaunay, bmeng.cn
[-- Attachment #1: Type: text/plain, Size: 588 bytes --]
On Tue, Nov 09, 2021 at 03:21:43PM +0800, Rover Mo wrote:
> To prevent booting unsigned images, don't enable the non-secure boot
> commands(booti, bootz .etc) by default if secure boot enabled.
>
> Signed-off-by: Rover Mo <myzmzz@126.com>
> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
> Cc: Simon Glass <sjg@chromium.org>
> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
> Reviewed-by: Simon Glass <sjg@chromium.org>
> Tested-by: Simon Glass <sjg@chromium.org>
This breaks building on iot_devkit, please test, fix and resubmit,
thanks.
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-04-12 0:52 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-09 7:21 [PATCH v2] boot: don't enable the non-secure boot commands by default if secure boot enabled Rover Mo
2021-11-09 7:30 ` Rover Mo
2021-11-09 8:54 ` [PATCH " Heinrich Schuchardt
2021-11-25 0:11 ` Simon Glass
2022-04-12 0:51 ` Tom Rini
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.