Hi Aswin,

Excited to see some interest from Qualcomm in enabling secureboot, but there's some issues here we need to discuss.

On 7/1/26 14:22, Aswin Murugan wrote:
Add a common configuration fragment for EFI Secure Boot and the
required hash algorithm configs to reuse across Qualcomm boards.

How is this meant to be used? what other steps are required to successfully boot this way? How are you testing this or expecting it to be used?

This fragment alone won't actually make booting "secure" since the console is still enabled along with all the non-EFI boot methods.

So what's the story here? Please give us some insight into the bigger picture, propose some ideas or plans for implementing a full secureboot chain, ping me or Neil or Ilias on IRC about it or at least offer enough context here so that we can discuss on list.

Sending random patches isn't gonna cut it and I'm not gonna just keep guessing what you're trying to achieve with a given patch or series like this. You need to engage with upstream and work with the rest of the community to figure out how your goals fit into the bigger picture (hint: why is this under board/qualcomm/ and not configs/?).

Thanks,
// Casey


Signed-off-by: Aswin Murugan <[email protected]>
---
  board/qualcomm/secure-boot.config | 6 ++++++
  1 file changed, 6 insertions(+)
  create mode 100644 board/qualcomm/secure-boot.config

diff --git a/board/qualcomm/secure-boot.config 
b/board/qualcomm/secure-boot.config
new file mode 100644
index 00000000000..21f567e1a45
--- /dev/null
+++ b/board/qualcomm/secure-boot.config
@@ -0,0 +1,6 @@
+# Enables EFI Secure Boot support
+CONFIG_EFI_VARIABLES_PRESEED=y
+CONFIG_EFI_SECURE_BOOT=y
+CONFIG_FIT_SIGNATURE=y
+CONFIG_SHA512=y
+CONFIG_SHA384=y

Reply via email to