> -----Original Message----- > From: York Sun > Sent: Thursday, September 07, 2017 9:01 PM > To: Sumit Garg <[email protected]>; [email protected] > Cc: Ruchika Gupta <[email protected]>; Prabhakar Kushwaha > <[email protected]>; [email protected] > Subject: Re: [Patch v2] configs: SECURE_BOOT: Enable > CONFIG_CMD_EXT4_WRITE > > On 09/06/2017 09:10 PM, Sumit Garg wrote: > >> -----Original Message----- > >> From: York Sun > >> Sent: Wednesday, September 06, 2017 9:47 PM > >> To: Sumit Garg <[email protected]>; [email protected] > >> Cc: Ruchika Gupta <[email protected]>; Prabhakar Kushwaha > >> <[email protected]>; [email protected] > >> Subject: Re: [Patch v2] configs: SECURE_BOOT: Enable > >> CONFIG_CMD_EXT4_WRITE > >> > >> On 08/25/2017 03:03 AM, Sumit Garg wrote: > >>> As part of chain of trust with confidentiality along with distro > >>> boot, linux kernel image needs to be stored in encrypted form on > >>> ext4 boot partition. So enable CONFIG_CMD_EXT4_WRITE in case of > >>> Secure boot. > >>> > >>> Signed-off-by: Sumit Garg <[email protected]> > >>> --- > >>> > >>> Changes in v2: > >>> Instead of adding CMD_EXT4_WRITE option in each defconfig, added > >>> this option in Kconfig. > >>> > >>> board/freescale/common/Kconfig | 2 ++ > >>> 1 file changed, 2 insertions(+) > >>> > >>> diff --git a/board/freescale/common/Kconfig > >>> b/board/freescale/common/Kconfig index 53b606e..3496eed 100644 > >>> --- a/board/freescale/common/Kconfig > >>> +++ b/board/freescale/common/Kconfig > >>> @@ -6,6 +6,8 @@ config CHAIN_OF_TRUST > >>> select SPL_BOARD_INIT if (ARM && SPL) > >>> select SHA_HW_ACCEL > >>> select SHA_PROG_HW_ACCEL > >>> + select CMD_EXT4 > >>> + select CMD_EXT4_WRITE > >>> bool > >>> default y > >> > >> Are you going to need this for all PowerPC platforms? This changes > >> increases 3K in text section. > >> > >> Will Ruchika confirm? > >> > >> York > > > > We don't need this option on PowerPC platforms as we currently don't > > support distro boot on PowerPC platforms. So we can enable this option for > ARM platforms only. > > Please update the patch to enable these options selectively. > > York Sure I will send this change in v3.
Sumit _______________________________________________ U-Boot mailing list [email protected] https://lists.denx.de/listinfo/u-boot
