Hello Marco, On 08.04.24 09:36, Marco Felsch wrote: > We do use an strict boot rule if the CONFIG_BOOTM_FORCE_SIGNED_IMAGES > switch was enabled. Instead of only checking the compile time switch we > should check the runtime configurable $global.bootm.verify param too > while applying the rule. > > Therefore make use of the bootm_get_verify_mode() to query the mode. If > CONFIG_BOOTM_FORCE_SIGNED_IMAGES was enabled the only allowed value is > BOOTM_VERIFY_SIGNATURE. > > Signed-off-by: Marco Felsch <m.felsch@xxxxxxxxxxxxxx> Are you aware of https://lore.barebox.org/barebox/20231023162748.533468-1-a.fatoum@xxxxxxxxxxxxxx/ Would that address your use case? Cheers, Ahmad > --- > common/bootm.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/common/bootm.c b/common/bootm.c > index e6703b19b3ba..03af3d2b28f7 100644 > --- a/common/bootm.c > +++ b/common/bootm.c > @@ -699,7 +699,7 @@ int bootm_boot(struct bootm_data *bootm_data) > goto err_out; > } > > - if (IS_ENABLED(CONFIG_BOOTM_FORCE_SIGNED_IMAGES)) { > + if (bootm_get_verify_mode() == BOOTM_VERIFY_SIGNATURE) { > data->verify = BOOTM_VERIFY_SIGNATURE; > > /* -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
