| Message ID | 1503466161-24469-1-git-send-email-sumit.garg@nxp.com |
|---|---|
| State | Superseded |
| Headers | show |
On Wed, Aug 23, 2017 at 10:59:21AM +0530, Sumit Garg wrote: > As part of chain of trust with confidentiality along with distro > boot, linux kernel image needs to be stored in encrypted form on > ext4 boot partition. So enable CONFIG_CMD_EXT4_WRITE in all Secure > Boot defconfigs. > > Signed-off-by: Sumit Garg <sumit.garg@nxp.com> You should imply or select this, I suspect, from boards/freescale/common/Kconfig somewhere, thanks!
> -----Original Message----- > From: Tom Rini [mailto:trini@konsulko.com] > Sent: Thursday, August 24, 2017 12:50 AM > To: Sumit Garg <sumit.garg@nxp.com> > Cc: u-boot@lists.denx.de; Ruchika Gupta <ruchika.gupta@nxp.com> > Subject: Re: [U-Boot] [PATCH] configs: SECURE_BOOT: Enable > CONFIG_CMD_EXT4_WRITE > > On Wed, Aug 23, 2017 at 10:59:21AM +0530, Sumit Garg wrote: > > > As part of chain of trust with confidentiality along with distro boot, > > linux kernel image needs to be stored in encrypted form on > > ext4 boot partition. So enable CONFIG_CMD_EXT4_WRITE in all Secure > > Boot defconfigs. > > > > Signed-off-by: Sumit Garg <sumit.garg@nxp.com> > > You should imply or select this, I suspect, from > boards/freescale/common/Kconfig somewhere, thanks! > > -- > Tom Thanks Tom for your review. I would enable CONFIG_CMD_EXT4_WRITE via boards/freescale/common/Kconfig. Sumit
diff --git a/configs/ls1012ardb_qspi_SECURE_BOOT_defconfig b/configs/ls1012ardb_qspi_SECURE_BOOT_defconfig index ec6ed37..edc01be 100644 --- a/configs/ls1012ardb_qspi_SECURE_BOOT_defconfig +++ b/configs/ls1012ardb_qspi_SECURE_BOOT_defconfig @@ -25,6 +25,7 @@ CONFIG_CMD_PING=y CONFIG_CMD_CACHE=y CONFIG_CMD_EXT2=y CONFIG_CMD_FAT=y +CONFIG_CMD_EXT4_WRITE=y CONFIG_OF_CONTROL=y CONFIG_NET_RANDOM_ETHADDR=y CONFIG_DM=y diff --git a/configs/ls1021aqds_nor_SECURE_BOOT_defconfig b/configs/ls1021aqds_nor_SECURE_BOOT_defconfig index 6b5477f..cffda8a 100644 --- a/configs/ls1021aqds_nor_SECURE_BOOT_defconfig +++ b/configs/ls1021aqds_nor_SECURE_BOOT_defconfig @@ -28,6 +28,7 @@ CONFIG_CMD_PING=y CONFIG_CMD_BMP=y CONFIG_CMD_EXT2=y CONFIG_CMD_FAT=y +CONFIG_CMD_EXT4_WRITE=y CONFIG_OF_CONTROL=y CONFIG_DM=y CONFIG_SYS_FSL_DDR3=y diff --git a/configs/ls1021atwr_nor_SECURE_BOOT_defconfig b/configs/ls1021atwr_nor_SECURE_BOOT_defconfig index beff98a..a6a03e2 100644 --- a/configs/ls1021atwr_nor_SECURE_BOOT_defconfig +++ b/configs/ls1021atwr_nor_SECURE_BOOT_defconfig @@ -28,6 +28,7 @@ CONFIG_CMD_PING=y CONFIG_CMD_BMP=y CONFIG_CMD_EXT2=y CONFIG_CMD_FAT=y +CONFIG_CMD_EXT4_WRITE=y CONFIG_OF_CONTROL=y CONFIG_DM=y CONFIG_MTD_NOR_FLASH=y diff --git a/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig b/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig index 416fff6..a5fcd47 100644 --- a/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig +++ b/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig @@ -41,6 +41,7 @@ CONFIG_CMD_PING=y CONFIG_CMD_BMP=y CONFIG_CMD_EXT2=y CONFIG_CMD_FAT=y +CONFIG_CMD_EXT4_WRITE=y # CONFIG_SPL_EFI_PARTITION is not set CONFIG_OF_CONTROL=y CONFIG_DM=y diff --git a/configs/ls1043ardb_SECURE_BOOT_defconfig b/configs/ls1043ardb_SECURE_BOOT_defconfig index d914be2..25c1be8 100644 --- a/configs/ls1043ardb_SECURE_BOOT_defconfig +++ b/configs/ls1043ardb_SECURE_BOOT_defconfig @@ -19,6 +19,7 @@ CONFIG_CMD_PING=y CONFIG_CMD_CACHE=y CONFIG_CMD_EXT2=y CONFIG_CMD_FAT=y +CONFIG_CMD_EXT4_WRITE=y CONFIG_OF_CONTROL=y CONFIG_DM=y CONFIG_MTD_NOR_FLASH=y diff --git a/configs/ls1043ardb_nand_SECURE_BOOT_defconfig b/configs/ls1043ardb_nand_SECURE_BOOT_defconfig index 957f2c7..740726f 100644 --- a/configs/ls1043ardb_nand_SECURE_BOOT_defconfig +++ b/configs/ls1043ardb_nand_SECURE_BOOT_defconfig @@ -34,6 +34,7 @@ CONFIG_CMD_PING=y CONFIG_CMD_CACHE=y CONFIG_CMD_EXT2=y CONFIG_CMD_FAT=y +CONFIG_CMD_EXT4_WRITE=y # CONFIG_SPL_EFI_PARTITION is not set CONFIG_OF_CONTROL=y CONFIG_DM=y diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig index 4e959bf..3eb61a6 100644 --- a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig +++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig @@ -34,6 +34,7 @@ CONFIG_CMD_PING=y CONFIG_CMD_CACHE=y CONFIG_CMD_EXT2=y CONFIG_CMD_FAT=y +CONFIG_CMD_EXT4_WRITE=y # CONFIG_SPL_EFI_PARTITION is not set CONFIG_OF_CONTROL=y CONFIG_DM=y diff --git a/configs/ls1046aqds_SECURE_BOOT_defconfig b/configs/ls1046aqds_SECURE_BOOT_defconfig index e335c71..e1da07c 100644 --- a/configs/ls1046aqds_SECURE_BOOT_defconfig +++ b/configs/ls1046aqds_SECURE_BOOT_defconfig @@ -22,6 +22,7 @@ CONFIG_CMD_PING=y CONFIG_CMD_CACHE=y CONFIG_CMD_EXT2=y CONFIG_CMD_FAT=y +CONFIG_CMD_EXT4_WRITE=y CONFIG_OF_CONTROL=y CONFIG_DM=y CONFIG_MTD_NOR_FLASH=y diff --git a/configs/ls1046ardb_qspi_SECURE_BOOT_defconfig b/configs/ls1046ardb_qspi_SECURE_BOOT_defconfig index 6653016..6703542 100644 --- a/configs/ls1046ardb_qspi_SECURE_BOOT_defconfig +++ b/configs/ls1046ardb_qspi_SECURE_BOOT_defconfig @@ -21,6 +21,7 @@ CONFIG_CMD_PING=y CONFIG_CMD_CACHE=y CONFIG_CMD_EXT2=y CONFIG_CMD_FAT=y +CONFIG_CMD_EXT4_WRITE=y CONFIG_OF_CONTROL=y CONFIG_DM=y CONFIG_SPI_FLASH=y diff --git a/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig b/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig index 5b72ae1..82d4b2c 100644 --- a/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig +++ b/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig @@ -26,6 +26,7 @@ CONFIG_CMD_PING=y CONFIG_CMD_CACHE=y CONFIG_CMD_EXT2=y CONFIG_CMD_FAT=y +CONFIG_CMD_EXT4_WRITE=y # CONFIG_SPL_EFI_PARTITION is not set CONFIG_OF_CONTROL=y CONFIG_DM=y diff --git a/configs/ls2080aqds_SECURE_BOOT_defconfig b/configs/ls2080aqds_SECURE_BOOT_defconfig index 617c522..c6c7fa9 100644 --- a/configs/ls2080aqds_SECURE_BOOT_defconfig +++ b/configs/ls2080aqds_SECURE_BOOT_defconfig @@ -42,3 +42,4 @@ CONFIG_RSA=y CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_CMD_EXT4_WRITE=y diff --git a/configs/ls2080ardb_SECURE_BOOT_defconfig b/configs/ls2080ardb_SECURE_BOOT_defconfig index 70839e6..acfd8bc 100644 --- a/configs/ls2080ardb_SECURE_BOOT_defconfig +++ b/configs/ls2080ardb_SECURE_BOOT_defconfig @@ -41,3 +41,4 @@ CONFIG_RSA=y CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_CMD_EXT4_WRITE=y diff --git a/configs/ls2088ardb_qspi_SECURE_BOOT_defconfig b/configs/ls2088ardb_qspi_SECURE_BOOT_defconfig index 360d8c4..5ce4ca5 100644 --- a/configs/ls2088ardb_qspi_SECURE_BOOT_defconfig +++ b/configs/ls2088ardb_qspi_SECURE_BOOT_defconfig @@ -22,6 +22,7 @@ CONFIG_CMD_PING=y CONFIG_CMD_CACHE=y CONFIG_CMD_EXT2=y CONFIG_CMD_FAT=y +CONFIG_CMD_EXT4_WRITE=y CONFIG_OF_CONTROL=y CONFIG_NET_RANDOM_ETHADDR=y CONFIG_DM=y
As part of chain of trust with confidentiality along with distro boot, linux kernel image needs to be stored in encrypted form on ext4 boot partition. So enable CONFIG_CMD_EXT4_WRITE in all Secure Boot defconfigs. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> --- configs/ls1012ardb_qspi_SECURE_BOOT_defconfig | 1 + configs/ls1021aqds_nor_SECURE_BOOT_defconfig | 1 + configs/ls1021atwr_nor_SECURE_BOOT_defconfig | 1 + configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig | 1 + configs/ls1043ardb_SECURE_BOOT_defconfig | 1 + configs/ls1043ardb_nand_SECURE_BOOT_defconfig | 1 + configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig | 1 + configs/ls1046aqds_SECURE_BOOT_defconfig | 1 + configs/ls1046ardb_qspi_SECURE_BOOT_defconfig | 1 + configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig | 1 + configs/ls2080aqds_SECURE_BOOT_defconfig | 1 + configs/ls2080ardb_SECURE_BOOT_defconfig | 1 + configs/ls2088ardb_qspi_SECURE_BOOT_defconfig | 1 + 13 files changed, 13 insertions(+)