We do use an strict boot rule if the CONFIG_BOOTM_FORCE_SIGNED_IMAGES
switch was enabled. Instead of only checking the compile time switch we
should check the runtime configurable $global.bootm.verify param too
while applying the rule.
Therefore make use of the bootm_get_verify_mode() to query the mode. If
CONFIG_BOOTM_FORCE_SIGNED_IMAGES was enabled the only allowed value is
BOOTM_VERIFY_SIGNATURE.
Signed-off-by: Marco Felsch <m.felsch@xxxxxxxxxxxxxx>
---
common/bootm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/bootm.c b/common/bootm.c
index e6703b19b3ba..03af3d2b28f7 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -699,7 +699,7 @@ int bootm_boot(struct bootm_data *bootm_data)
goto err_out;
}
- if (IS_ENABLED(CONFIG_BOOTM_FORCE_SIGNED_IMAGES)) {
+ if (bootm_get_verify_mode() == BOOTM_VERIFY_SIGNATURE) {
data->verify = BOOTM_VERIFY_SIGNATURE;
/*
--
2.39.2
