Hi Sascha, On Tue, Jan 19, 2016 at 8:55 AM, Sascha Hauer <s.hauer@xxxxxxxxxxxxxx> wrote: > With CONFIG_BOOTM_FORCE_SIGNED_IMAGES the bootm code will refuse to boot > unsigned images. Since currently FIT is the only image type which > supports signing this means we with this option we enforce using FIT comma is missing after "supports signing", "we" after "means" must go away > images. All additionally passed in device trees and initrds will be a word is missing between "All" and "additionally" > ignored so that only the ones from the FIT image can be used. comma after "ignored" Reviewed-by: Yegor Yefremov <yegorslists@xxxxxxxxxxxxxx> Yegor > Signed-off-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx> > --- > common/bootm.c | 19 +++++++++++++++++++ > 1 file changed, 19 insertions(+) > > diff --git a/common/bootm.c b/common/bootm.c > index d8acff8..3efc17e 100644 > --- a/common/bootm.c > +++ b/common/bootm.c > @@ -68,8 +68,10 @@ enum bootm_verify bootm_get_verify_mode(void) > } > > static const char * const bootm_verify_names[] = { > +#ifndef CONFIG_BOOTM_FORCE_SIGNED_IMAGES > [BOOTM_VERIFY_NONE] = "none", > [BOOTM_VERIFY_HASH] = "hash", > +#endif > [BOOTM_VERIFY_SIGNATURE] = "signature", > }; > > @@ -526,6 +528,23 @@ int bootm_boot(struct bootm_data *bootm_data) > goto err_out; > } > > + if (IS_ENABLED(CONFIG_BOOTM_FORCE_SIGNED_IMAGES)) > + data->verify = BOOTM_VERIFY_SIGNATURE; > + > + /* > + * When we only allow booting signed images make sure everything > + * we boot is in the OS image and not given separately. > + */ > + data->oftree = NULL; > + data->oftree_file = NULL; > + data->initrd_file = NULL; > + if (os_type != filetype_oftree) { > + printf("Signed boot and image is no FIT image, aborting\n"); > + ret = -EINVAL; > + goto err_out; > + } > + } > + > if (IS_ENABLED(CONFIG_FITIMAGE) && os_type == filetype_oftree) { > struct fit_handle *fit; > > -- > 2.7.0.rc3 > > > _______________________________________________ > barebox mailing list > barebox@xxxxxxxxxxxxxxxxxxx > http://lists.infradead.org/mailman/listinfo/barebox _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox