At 2022-05-20 14:34:18, "Heinrich Schuchardt" wrote:
>Am 20. Mai 2022 04:58:46 MESZ schrieb Rover Mo :
>
>Having EFI_SECURE_BOOT=y is not enough to use secure boot. You must also
>supply variables PK, KEK, db, dbx.
>
>Furthermore you would have to disable a whole lot more commands to secure the
Am 20. Mai 2022 04:58:46 MESZ schrieb Rover Mo :
>To prevent booting unsigned images, don't enable the non-secure boot
>commands(booti, bootz .etc) by default if secure boot enabled.
>
>Signed-off-by: Rover Mo
>---
> boot/Kconfig | 2 +-
> cmd/Kconfig | 11 +--
> 2 files changed, 10 insert
To prevent booting unsigned images, don't enable the non-secure boot
commands(booti, bootz .etc) by default if secure boot enabled.
Signed-off-by: Rover Mo
---
boot/Kconfig | 2 +-
cmd/Kconfig | 11 +--
2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/boot/Kconfig b/boot
3 matches
Mail list logo