With CONFIG_BOOTM_FORCE_SIGNED_IMAGES the bootm code will refuse to boot unsigned images. Since currently FIT is the only image type which supports signing, this means with this option we enforce using FIT images. All additionally passed in device trees and initrds will be ignored, so that only the ones from the FIT image can be used. Signed-off-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx> --- common/bootm.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/common/bootm.c b/common/bootm.c index d8acff8..3efc17e 100644 --- a/common/bootm.c +++ b/common/bootm.c @@ -68,8 +68,10 @@ enum bootm_verify bootm_get_verify_mode(void) } static const char * const bootm_verify_names[] = { +#ifndef CONFIG_BOOTM_FORCE_SIGNED_IMAGES [BOOTM_VERIFY_NONE] = "none", [BOOTM_VERIFY_HASH] = "hash", +#endif [BOOTM_VERIFY_SIGNATURE] = "signature", }; @@ -526,6 +528,23 @@ int bootm_boot(struct bootm_data *bootm_data) goto err_out; } + if (IS_ENABLED(CONFIG_BOOTM_FORCE_SIGNED_IMAGES)) + data->verify = BOOTM_VERIFY_SIGNATURE; + + /* + * When we only allow booting signed images make sure everything + * we boot is in the OS image and not given separately. + */ + data->oftree = NULL; + data->oftree_file = NULL; + data->initrd_file = NULL; + if (os_type != filetype_oftree) { + printf("Signed boot and image is no FIT image, aborting\n"); + ret = -EINVAL; + goto err_out; + } + } + if (IS_ENABLED(CONFIG_FITIMAGE) && os_type == filetype_oftree) { struct fit_handle *fit; -- 2.7.0.rc3 _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox