[U-Boot] [RFC 06/15] secure boot: rename CONFIG_SECURE_BOOT

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Tom Rini <trini@konsulko.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [RFC 06/15] secure boot: rename CONFIG_SECURE_BOOT
Date: Thu, 19 Sep 2019 11:02:36 -0400	[thread overview]
Message-ID: <20190919150236.GD6927@bill-the-cat> (raw)
In-Reply-To: <20190918012643.25192-7-takahiro.akashi@linaro.org>

On Wed, Sep 18, 2019 at 10:26:34AM +0900, AKASHI Takahiro wrote:

> The configuration, CONFIG_SECURE_BOOT, was scattered among different
> architecture directories for different implementation. This will prevent
> UEFI secure boot from being added later.
> 
> So let's rename them, giving each implementation to different
> configuration option. CONFIG_SECURE_BOOT still remains not to break
> existing implicit dependency.
> 
> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> ---
>  Kconfig                                   | 7 +++++++
>  arch/arm/cpu/armv7/ls102xa/Kconfig        | 3 ++-
>  arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 3 ++-
>  arch/arm/mach-imx/Kconfig                 | 3 ++-
>  arch/powerpc/cpu/mpc85xx/Kconfig          | 3 ++-
>  5 files changed, 15 insertions(+), 4 deletions(-)
> 
> diff --git a/Kconfig b/Kconfig
> index 1f0904f7045e..c11fc102a7d4 100644
> --- a/Kconfig
> +++ b/Kconfig
> @@ -282,6 +282,13 @@ config SYS_LDSCRIPT
>  
>  endmenu		# General setup
>  
> +config SECURE_BOOT
> +	bool "Secure Boot"
> +	imply SHA256
> +	help
> +	  Enable Secure Boot feature. The actual behavior may vary
> +	  from architecture to architecture.
> +
>  menu "Boot images"
>  
>  config ANDROID_BOOT_IMAGE
> diff --git a/arch/arm/cpu/armv7/ls102xa/Kconfig b/arch/arm/cpu/armv7/ls102xa/Kconfig
> index 94fa68250ddf..ce1bc580d23d 100644
> --- a/arch/arm/cpu/armv7/ls102xa/Kconfig
> +++ b/arch/arm/cpu/armv7/ls102xa/Kconfig
> @@ -50,8 +50,9 @@ config MAX_CPUS
>  	  cores, count the reserved ports. This will allocate enough memory
>  	  in spin table to properly handle all cores.
>  
> -config SECURE_BOOT
> +config FSL_ARMV7_ENABLE_SECURE_BOOT
>  	bool	"Secure Boot"
> +	depends on SECURE_BOOT
>  	help
>  		Enable Freescale Secure Boot feature. Normally selected
>  		by defconfig. If unsure, do not change.
> diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> index 42d31fdab0a0..d4cfe31f8ebf 100644
> --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> @@ -383,8 +383,9 @@ config EMC2305
>  	 Enable the EMC2305 fan controller for configuration of fan
>  	 speed.
>  
> -config SECURE_BOOT
> +config FSI_ARMV8_ENABLE_SECURE_BOOT
>  	bool "Secure Boot"
> +	depends on SECURE_BOOT
>  	help
>  		Enable Freescale Secure Boot feature
>  
> diff --git a/arch/arm/mach-imx/Kconfig b/arch/arm/mach-imx/Kconfig
> index aeb54934888d..e1602fd5f0e8 100644
> --- a/arch/arm/mach-imx/Kconfig
> +++ b/arch/arm/mach-imx/Kconfig
> @@ -34,8 +34,9 @@ config USE_IMXIMG_PLUGIN
>  	  i.MX6/7 supports DCD and Plugin. Enable this configuration
>  	  to use Plugin, otherwise DCD will be used.
>  
> -config SECURE_BOOT
> +config FSL_IMX_ENABLE_SECURE_BOOT
>  	bool "Support i.MX HAB features"
> +	depends on SECURE_BOOT
>  	depends on ARCH_MX7 || ARCH_MX6 || ARCH_MX5
>  	select FSL_CAAM if HAS_CAAM
>  	imply CMD_DEKBLOB
> diff --git a/arch/powerpc/cpu/mpc85xx/Kconfig b/arch/powerpc/cpu/mpc85xx/Kconfig
> index c038a6ddb0f4..9cf6ebbfe3ce 100644
> --- a/arch/powerpc/cpu/mpc85xx/Kconfig
> +++ b/arch/powerpc/cpu/mpc85xx/Kconfig
> @@ -1208,8 +1208,9 @@ config FSL_LAW
>  	help
>  		Use Freescale common code for Local Access Window
>  
> -config SECURE_BOOT
> +config FSL_MPC_ENABLE_SECURE_BOOT
>  	bool	"Secure Boot"
> +	depends on SECURE_BOOT
>  	help
>  		Enable Freescale Secure Boot feature. Normally selected
>  		by defconfig. If unsure, do not change.

I've added Priyanka Jain to the thread as the custodian for PowerPC and
NXP stuff and Stefano Babic as the custodian for i.MX stuff.  I don't
want to see "CONFIG_SECURE_BOOT" continue on as a config option, it's
too broad.  Can we please rename and update the existing NXP CONFIG
option (and I assume split it into a few ones to reflect better where
things really changed fundamentally from one SoC/arch to the next) and
update the help text?  Thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20190919/2861475d/attachment.sig>

next prev parent reply	other threads:[~2019-09-19 15:02 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-18  1:26 [U-Boot] [RFC 00/15] efi_loader: add secure boot support AKASHI Takahiro
2019-09-18  1:26 ` [U-Boot] [RFC 01/15] lib: charset: add u16_str<n>cmp() AKASHI Takahiro
2019-09-18 11:16   ` Heinrich Schuchardt
2019-09-18  1:26 ` [U-Boot] [RFC 02/15] test: add tests for u16_str<n>cmp() AKASHI Takahiro
2019-09-18 11:18   ` Heinrich Schuchardt
2019-09-18  1:26 ` [U-Boot] [RFC 03/15] include: pe.h: add image-signing-related definitions AKASHI Takahiro
2019-09-18  1:26 ` [U-Boot] [RFC 04/15] include: image.h: add key info to image_sign_info AKASHI Takahiro
2019-09-25 20:42   ` Simon Glass
2019-09-18  1:26 ` [U-Boot] [RFC 05/15] include: image.h: export hash algorithm helper functions AKASHI Takahiro
2019-09-25 20:42   ` Simon Glass
2019-09-18  1:26 ` [U-Boot] [RFC 06/15] secure boot: rename CONFIG_SECURE_BOOT AKASHI Takahiro
2019-09-19 15:02   ` Tom Rini [this message]
2019-09-19 15:10     ` Stefano Babic
2019-09-25  4:19       ` Priyanka Jain
2019-10-29  5:19         ` AKASHI Takahiro
2019-10-30  8:24           ` Priyanka Jain
2019-09-18  1:26 ` [U-Boot] [RFC 07/15] efi_loader: add signature verification functions AKASHI Takahiro
2019-09-18  1:26 ` [U-Boot] [RFC 08/15] efi_loader: variable: support variable authentication AKASHI Takahiro
2019-09-18  1:26 ` [U-Boot] [RFC 09/15] efi_loader: variable: add VendorKeys and SignatureSupport variables AKASHI Takahiro
2019-09-18  1:26 ` [U-Boot] [RFC 10/15] efi_loader: image_loader: support image authentication AKASHI Takahiro
2019-09-18  1:26 ` [U-Boot] [RFC 11/15] efi_loader: initialize secure boot state AKASHI Takahiro
2019-09-18  1:26 ` [U-Boot] [RFC 12/15] efi_loader: add CONFIG_EFI_SECURE_BOOT AKASHI Takahiro
2019-09-18  1:26 ` [U-Boot] [RFC 13/15] cmd: env: provide appropriate guid for well-defined variable AKASHI Takahiro
2019-09-18  1:26 ` [U-Boot] [RFC 14/15] efi_loader, pytest: add UEFI secure boot tests (image) AKASHI Takahiro
2019-09-18  1:26 ` [U-Boot] [RFC 15/15] efi_loader, pytest: add UEFI secure boot tests (authenticated variables) AKASHI Takahiro

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190919150236.GD6927@bill-the-cat \
    --to=trini@konsulko.com \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.