Hello Marco,
On 08.04.24 09:36, Marco Felsch wrote:
> The only allowed value for bootm_verify_mode is BOOTM_VERIFY_SIGNATURE
> if CONFIG_BOOTM_FORCE_SIGNED_IMAGES is enabled. This is set via the
> bootm_init() initcall. All further attempts to modify this variable
> should be prevented.
>
> Signed-off-by: Marco Felsch <m.felsch@xxxxxxxxxxxxxx>
> ---
> common/bootm.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/common/bootm.c b/common/bootm.c
> index a59fa35008a9..e6703b19b3ba 100644
> --- a/common/bootm.c
> +++ b/common/bootm.c
> @@ -75,6 +75,11 @@ enum bootm_verify bootm_get_verify_mode(void)
>
> void bootm_set_verify_mode(enum bootm_verify mode)
> {
> + if (IS_ENABLED(CONFIG_BOOTM_FORCE_SIGNED_IMAGES)) {
> + pr_err("BOOTM_FORCE_SIGNED_IMAGES enabled, prevent modifying bootm_verify_mode\n");
> + return;
> + }
We bootm_set_verify_mode(BOOTM_VERIFY_SIGNATURE) shouldn't result
in a warning message.
With this addressed:
Reviewed-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
> +
> bootm_verify_mode = mode;
> }
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
