Add HAS_SECURE_BOOT as we will add other image format that support secure boot Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@xxxxxxxxxxxx> --- common/Kconfig | 12 ++++++++---- common/bootm.c | 6 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/common/Kconfig b/common/Kconfig index f7ff04664..895814ee9 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -21,6 +21,9 @@ config HAS_KALLSYMS config HAS_MODULES bool +config HAS_SECURE_BOOT + bool + config HAS_CACHE bool help @@ -624,6 +627,7 @@ config BOOTM_FITIMAGE_SIGNATURE prompt "support verifying signed FIT images" depends on BOOTM_FITIMAGE select FITIMAGE_SIGNATURE + select HAS_SECURE_BOOT help Support verifying signed FIT images. This requires FIT images as described in: @@ -631,14 +635,14 @@ config BOOTM_FITIMAGE_SIGNATURE Additionally the barebox device tree needs a /signature node with the public key with which the image has been signed. -config BOOTM_FORCE_SIGNED_IMAGES +config BOOT_FORCE_SIGNED_IMAGES bool prompt "Force booting of signed images" - depends on BOOTM_FITIMAGE_SIGNATURE + depends on HAS_SECURE_BOOT help With this option enabled only signed images can be booted, unsigned images - are refused to boot. Effectively this means only FIT images can be booted - since they are the only supported image type that support signing. + are refused to boot. Effectively this means only Signed images can + be booted. config BLSPEC depends on BLOCK diff --git a/common/bootm.c b/common/bootm.c index 53311ab1c..885b09f81 100644 --- a/common/bootm.c +++ b/common/bootm.c @@ -82,7 +82,7 @@ enum bootm_verify bootm_get_verify_mode(void) } static const char * const bootm_verify_names[] = { -#ifndef CONFIG_BOOTM_FORCE_SIGNED_IMAGES +#ifndef CONFIG_BOOT_FORCE_SIGNED_IMAGES [BOOTM_VERIFY_NONE] = "none", [BOOTM_VERIFY_HASH] = "hash", [BOOTM_VERIFY_AVAILABLE] = "available", @@ -531,7 +531,7 @@ int bootm_boot(struct bootm_data *bootm_data) goto err_out; } - if (IS_ENABLED(CONFIG_BOOTM_FORCE_SIGNED_IMAGES)) { + if (IS_ENABLED(CONFIG_BOOT_FORCE_SIGNED_IMAGES)) { data->verify = BOOTM_VERIFY_SIGNATURE; /* @@ -635,7 +635,7 @@ static int bootm_init(void) globalvar_add_simple("bootm.initrd.loadaddr", NULL); } - if (IS_ENABLED(CONFIG_BOOTM_FORCE_SIGNED_IMAGES)) + if (IS_ENABLED(CONFIG_BOOT_FORCE_SIGNED_IMAGES)) bootm_verify_mode = BOOTM_VERIFY_SIGNATURE; globalvar_add_simple_int("bootm.verbose", &bootm_verbosity, "%u"); -- 2.11.0 _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox