subject:"\[PATCH v3 1\/2\] boot\: don't enable the non\-secure boot commands by default if secure boot enabled"

Re:Re: [PATCH v3 1/2] boot: don't enable the non-secure boot commands by default if secure boot enabled

2022-05-20 Thread Rover Mo

At 2022-05-20 14:34:18, "Heinrich Schuchardt" wrote: >Am 20. Mai 2022 04:58:46 MESZ schrieb Rover Mo : > >Having EFI_SECURE_BOOT=y is not enough to use secure boot. You must also >supply variables PK, KEK, db, dbx. > >Furthermore you would have to disable a whole lot more commands to secure the

Re: [PATCH v3 1/2] boot: don't enable the non-secure boot commands by default if secure boot enabled

2022-05-19 Thread Heinrich Schuchardt

Am 20. Mai 2022 04:58:46 MESZ schrieb Rover Mo : >To prevent booting unsigned images, don't enable the non-secure boot >commands(booti, bootz .etc) by default if secure boot enabled. > >Signed-off-by: Rover Mo >--- > boot/Kconfig | 2 +- > cmd/Kconfig | 11 +-- > 2 files changed, 10 insert

[PATCH v3 1/2] boot: don't enable the non-secure boot commands by default if secure boot enabled

2022-05-19 Thread Rover Mo

To prevent booting unsigned images, don't enable the non-secure boot commands(booti, bootz .etc) by default if secure boot enabled. Signed-off-by: Rover Mo --- boot/Kconfig | 2 +- cmd/Kconfig | 11 +-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/boot/Kconfig b/boot