mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-11-17 18:28:55 +00:00
86c773fe83
As part of chain of trust with confidentiality along with distro boot, linux kernel image needs to be stored in encrypted form on ext4 boot partition. So enable CONFIG_CMD_EXT4_WRITE in case of Secure boot on ARM based platforms. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: York Sun <york.sun@nxp.com>
22 lines
608 B
Text
22 lines
608 B
Text
config CHAIN_OF_TRUST
|
|
depends on !FIT_SIGNATURE && SECURE_BOOT
|
|
imply CMD_BLOB
|
|
imply CMD_HASH if ARM
|
|
select FSL_CAAM
|
|
select SPL_BOARD_INIT if (ARM && SPL)
|
|
select SHA_HW_ACCEL
|
|
select SHA_PROG_HW_ACCEL
|
|
select ENV_IS_NOWHERE
|
|
select CMD_EXT4 if ARM
|
|
select CMD_EXT4_WRITE if ARM
|
|
bool
|
|
default y
|
|
|
|
config CMD_ESBC_VALIDATE
|
|
bool "Enable the 'esbc_validate' and 'esbc_halt' commands"
|
|
default y if CHAIN_OF_TRUST
|
|
help
|
|
This option enables two commands used for secure booting:
|
|
|
|
esbc_validate - validate signature using RSA verification
|
|
esbc_halt - put the core in spin loop (Secure Boot Only)
|