On Fri, Dec 15, 2017 at 8:06 PM, Andre Przywara <[email protected]> wrote: > Hi, > > On 15/12/17 13:41, Maxime Ripard wrote: >> On Thu, Dec 14, 2017 at 02:03:12PM +0530, Jagan Teki wrote: >>> On Wed, Dec 13, 2017 at 9:09 PM, Maxime Ripard >>> <[email protected]> wrote: >>>> On Wed, Dec 13, 2017 at 11:33:02AM +0530, Jagan Teki wrote: >>>>> From: Jagan Teki <[email protected]> >>>>> >>>>> Enable FIT_SIGNATURE for sunxi a64. >>>>> >>>>> Signed-off-by: Jagan Teki <[email protected]> >>>>> --- >>>>> Changes for v3: >>>>> - Move imply outside block >>>>> Changes for v2: >>>>> - Use imply instead of select >>>>> >>>>> arch/arm/mach-sunxi/Kconfig | 1 + >>>>> 1 file changed, 1 insertion(+) >>>>> >>>>> diff --git a/arch/arm/mach-sunxi/Kconfig b/arch/arm/mach-sunxi/Kconfig >>>>> index 1fededd..05e2d47 100644 >>>>> --- a/arch/arm/mach-sunxi/Kconfig >>>>> +++ b/arch/arm/mach-sunxi/Kconfig >>>>> @@ -179,6 +179,7 @@ config MACH_SUN50I >>>>> select SUNXI_DRAM_DW_32BIT >>>>> select FIT >>>>> select SPL_LOAD_FIT >>>>> + imply FIT_SIGNATURE >>>> >>>> I'm really not sure we should force it by default. How much code size >>>> is it adding? >>> >>> Why we need to consider u-boot size? (because it may cross the loader2 >>> size?) >>> Here is the delta of u-boot elf >> >> The same reason than anything else on our arm64 builds lately: we have >> a u-boot binary too big for the size compared to our environment offset. > > I agree, and aside from that I don't see how this is useful: > - We don't *need* this for Allwinner boards.
why? can you elaborate? > - It is not usable without some more setup (which that other doc patch > describes). doc patch is rejected since we have redundant docs on the same topic. > - As Maxime mentioned, this is not very helpful on it's own, due to it > inherent vulnerability without a protected SPL as well. > - No other boards seems to set FIT_SIGNATURE. I'm mentioning this again, please check the other platforms as well this is verified-boot not secure-boot, other platforms will do use same. thanks! -- Jagan Teki Free Software Engineer | www.openedev.com U-Boot, Linux | Upstream Maintainer Hyderabad, India. -- You received this message because you are subscribed to the Google Groups "linux-sunxi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
