On 24-04-08, Ahmad Fatoum wrote: > Hello Marco, > > On 08.04.24 09:36, Marco Felsch wrote: > > The only allowed value for bootm_verify_mode is BOOTM_VERIFY_SIGNATURE > > if CONFIG_BOOTM_FORCE_SIGNED_IMAGES is enabled. This is set via the > > bootm_init() initcall. All further attempts to modify this variable > > should be prevented. > > > > Signed-off-by: Marco Felsch <m.felsch@xxxxxxxxxxxxxx> > > --- > > common/bootm.c | 5 +++++ > > 1 file changed, 5 insertions(+) > > > > diff --git a/common/bootm.c b/common/bootm.c > > index a59fa35008a9..e6703b19b3ba 100644 > > --- a/common/bootm.c > > +++ b/common/bootm.c > > @@ -75,6 +75,11 @@ enum bootm_verify bootm_get_verify_mode(void) > > > > void bootm_set_verify_mode(enum bootm_verify mode) > > { > > + if (IS_ENABLED(CONFIG_BOOTM_FORCE_SIGNED_IMAGES)) { > > + pr_err("BOOTM_FORCE_SIGNED_IMAGES enabled, prevent modifying bootm_verify_mode\n"); > > + return; > > + } > > We bootm_set_verify_mode(BOOTM_VERIFY_SIGNATURE) shouldn't result > in a warning message. I was considering this as well.. I will add it, thanks. > With this addressed: > > Reviewed-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx> > > > + > > bootm_verify_mode = mode; > > } > > > > -- > Pengutronix e.K. | | > Steuerwalder Str. 21 | http://www.pengutronix.de/ | > 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | > Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | > >