[PATCH 04/13] boot: invert the secure boot forcing support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Add HAS_SECURE_BOOT as we will add other image format that support secure boot

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@xxxxxxxxxxxx>
---
 common/Kconfig | 12 ++++++++----
 common/bootm.c |  6 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/common/Kconfig b/common/Kconfig
index f7ff04664..895814ee9 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -21,6 +21,9 @@ config HAS_KALLSYMS
 config HAS_MODULES
 	bool
 
+config HAS_SECURE_BOOT
+	bool
+
 config HAS_CACHE
 	bool
 	help
@@ -624,6 +627,7 @@ config BOOTM_FITIMAGE_SIGNATURE
 	prompt "support verifying signed FIT images"
 	depends on BOOTM_FITIMAGE
 	select FITIMAGE_SIGNATURE
+	select HAS_SECURE_BOOT
 	help
 	  Support verifying signed FIT images. This requires FIT images
 	  as described in:
@@ -631,14 +635,14 @@ config BOOTM_FITIMAGE_SIGNATURE
 	  Additionally the barebox device tree needs a /signature node with the
 	  public key with which the image has been signed.
 
-config BOOTM_FORCE_SIGNED_IMAGES
+config BOOT_FORCE_SIGNED_IMAGES
 	bool
 	prompt "Force booting of signed images"
-	depends on BOOTM_FITIMAGE_SIGNATURE
+	depends on HAS_SECURE_BOOT
 	help
 	  With this option enabled only signed images can be booted, unsigned images
-	  are refused to boot. Effectively this means only FIT images can be booted
-	  since they are the only supported image type that support signing.
+	  are refused to boot. Effectively this means only Signed images can
+	  be booted.
 
 config BLSPEC
 	depends on BLOCK
diff --git a/common/bootm.c b/common/bootm.c
index 53311ab1c..885b09f81 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -82,7 +82,7 @@ enum bootm_verify bootm_get_verify_mode(void)
 }
 
 static const char * const bootm_verify_names[] = {
-#ifndef CONFIG_BOOTM_FORCE_SIGNED_IMAGES
+#ifndef CONFIG_BOOT_FORCE_SIGNED_IMAGES
 	[BOOTM_VERIFY_NONE] = "none",
 	[BOOTM_VERIFY_HASH] = "hash",
 	[BOOTM_VERIFY_AVAILABLE] = "available",
@@ -531,7 +531,7 @@ int bootm_boot(struct bootm_data *bootm_data)
 		goto err_out;
 	}
 
-	if (IS_ENABLED(CONFIG_BOOTM_FORCE_SIGNED_IMAGES)) {
+	if (IS_ENABLED(CONFIG_BOOT_FORCE_SIGNED_IMAGES)) {
 		data->verify = BOOTM_VERIFY_SIGNATURE;
 
 		/*
@@ -635,7 +635,7 @@ static int bootm_init(void)
 		globalvar_add_simple("bootm.initrd.loadaddr", NULL);
 	}
 
-	if (IS_ENABLED(CONFIG_BOOTM_FORCE_SIGNED_IMAGES))
+	if (IS_ENABLED(CONFIG_BOOT_FORCE_SIGNED_IMAGES))
 		bootm_verify_mode = BOOTM_VERIFY_SIGNATURE;
 
 	globalvar_add_simple_int("bootm.verbose", &bootm_verbosity, "%u");
-- 
2.11.0


_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox



[Index of Archives]     [Linux Embedded]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux