u-boot/board/freescale/common/Kconfig
Sumit Garg 86c773fe83 configs: SECURE_BOOT: Enable CONFIG_CMD_EXT4_WRITE
As part of chain of trust with confidentiality along with distro
boot, linux kernel image needs to be stored in encrypted form on
ext4 boot partition. So enable CONFIG_CMD_EXT4_WRITE in case of
Secure boot on ARM based platforms.

Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2018-01-15 12:44:23 -08:00

22 lines
608 B
Text

config CHAIN_OF_TRUST
depends on !FIT_SIGNATURE && SECURE_BOOT
imply CMD_BLOB
imply CMD_HASH if ARM
select FSL_CAAM
select SPL_BOARD_INIT if (ARM && SPL)
select SHA_HW_ACCEL
select SHA_PROG_HW_ACCEL
select ENV_IS_NOWHERE
select CMD_EXT4 if ARM
select CMD_EXT4_WRITE if ARM
bool
default y
config CMD_ESBC_VALIDATE
bool "Enable the 'esbc_validate' and 'esbc_halt' commands"
default y if CHAIN_OF_TRUST
help
This option enables two commands used for secure booting:
esbc_validate - validate signature using RSA verification
esbc_halt - put the core in spin loop (Secure Boot Only)