[U-Boot] [RFC 06/15] secure boot: rename CONFIG_SECURE_BOOT

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

From: Tom Rini <trini@konsulko.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [RFC 06/15] secure boot: rename CONFIG_SECURE_BOOT
Date: Thu, 19 Sep 2019 11:02:36 -0400	[thread overview]
Message-ID: <20190919150236.GD6927@bill-the-cat> (raw)
In-Reply-To: <20190918012643.25192-7-takahiro.akashi@linaro.org>

On Wed, Sep 18, 2019 at 10:26:34AM +0900, AKASHI Takahiro wrote:

> The configuration, CONFIG_SECURE_BOOT, was scattered among different
> architecture directories for different implementation. This will prevent
> UEFI secure boot from being added later.
> 
> So let's rename them, giving each implementation to different
> configuration option. CONFIG_SECURE_BOOT still remains not to break
> existing implicit dependency.
> 
> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> ---
>  Kconfig                                   | 7 +++++++
>  arch/arm/cpu/armv7/ls102xa/Kconfig        | 3 ++-
>  arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 3 ++-
>  arch/arm/mach-imx/Kconfig                 | 3 ++-
>  arch/powerpc/cpu/mpc85xx/Kconfig          | 3 ++-
>  5 files changed, 15 insertions(+), 4 deletions(-)
> 
> diff --git a/Kconfig b/Kconfig
> index 1f0904f7045e..c11fc102a7d4 100644
> --- a/Kconfig
> +++ b/Kconfig
> @@ -282,6 +282,13 @@ config SYS_LDSCRIPT
>  
>  endmenu		# General setup
>  
> +config SECURE_BOOT
> +	bool "Secure Boot"
> +	imply SHA256
> +	help
> +	  Enable Secure Boot feature. The actual behavior may vary
> +	  from architecture to architecture.
> +
>  menu "Boot images"
>  
>  config ANDROID_BOOT_IMAGE
> diff --git a/arch/arm/cpu/armv7/ls102xa/Kconfig b/arch/arm/cpu/armv7/ls102xa/Kconfig
> index 94fa68250ddf..ce1bc580d23d 100644
> --- a/arch/arm/cpu/armv7/ls102xa/Kconfig
> +++ b/arch/arm/cpu/armv7/ls102xa/Kconfig
> @@ -50,8 +50,9 @@ config MAX_CPUS
>  	  cores, count the reserved ports. This will allocate enough memory
>  	  in spin table to properly handle all cores.
>  
> -config SECURE_BOOT
> +config FSL_ARMV7_ENABLE_SECURE_BOOT
>  	bool	"Secure Boot"
> +	depends on SECURE_BOOT
>  	help
>  		Enable Freescale Secure Boot feature. Normally selected
>  		by defconfig. If unsure, do not change.
> diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> index 42d31fdab0a0..d4cfe31f8ebf 100644
> --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> @@ -383,8 +383,9 @@ config EMC2305
>  	 Enable the EMC2305 fan controller for configuration of fan
>  	 speed.
>  
> -config SECURE_BOOT
> +config FSI_ARMV8_ENABLE_SECURE_BOOT
>  	bool "Secure Boot"
> +	depends on SECURE_BOOT
>  	help
>  		Enable Freescale Secure Boot feature
>  
> diff --git a/arch/arm/mach-imx/Kconfig b/arch/arm/mach-imx/Kconfig
> index aeb54934888d..e1602fd5f0e8 100644
> --- a/arch/arm/mach-imx/Kconfig
> +++ b/arch/arm/mach-imx/Kconfig
> @@ -34,8 +34,9 @@ config USE_IMXIMG_PLUGIN
>  	  i.MX6/7 supports DCD and Plugin. Enable this configuration
>  	  to use Plugin, otherwise DCD will be used.
>  
> -config SECURE_BOOT
> +config FSL_IMX_ENABLE_SECURE_BOOT
>  	bool "Support i.MX HAB features"
> +	depends on SECURE_BOOT
>  	depends on ARCH_MX7 || ARCH_MX6 || ARCH_MX5
>  	select FSL_CAAM if HAS_CAAM
>  	imply CMD_DEKBLOB
> diff --git a/arch/powerpc/cpu/mpc85xx/Kconfig b/arch/powerpc/cpu/mpc85xx/Kconfig
> index c038a6ddb0f4..9cf6ebbfe3ce 100644
> --- a/arch/powerpc/cpu/mpc85xx/Kconfig
> +++ b/arch/powerpc/cpu/mpc85xx/Kconfig
> @@ -1208,8 +1208,9 @@ config FSL_LAW
>  	help
>  		Use Freescale common code for Local Access Window
>  
> -config SECURE_BOOT
> +config FSL_MPC_ENABLE_SECURE_BOOT
>  	bool	"Secure Boot"
> +	depends on SECURE_BOOT
>  	help
>  		Enable Freescale Secure Boot feature. Normally selected
>  		by defconfig. If unsure, do not change.

I've added Priyanka Jain to the thread as the custodian for PowerPC and
NXP stuff and Stefano Babic as the custodian for i.MX stuff.  I don't
want to see "CONFIG_SECURE_BOOT" continue on as a config option, it's
too broad.  Can we please rename and update the existing NXP CONFIG
option (and I assume split it into a few ones to reflect better where
things really changed fundamentally from one SoC/arch to the next) and
update the help text?  Thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20190919/2861475d/attachment.sig>

next prev parent reply	other threads:[~2019-09-19 15:02 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-18  1:26 [U-Boot] [RFC 00/15] efi_loader: add secure boot support AKASHI Takahiro
2019-09-18  1:26 ` [U-Boot] [RFC 01/15] lib: charset: add u16_str<n>cmp() AKASHI Takahiro
2019-09-18 11:16   ` Heinrich Schuchardt
2019-09-18  1:26 ` [U-Boot] [RFC 02/15] test: add tests for u16_str<n>cmp() AKASHI Takahiro
2019-09-18 11:18   ` Heinrich Schuchardt
2019-09-18  1:26 ` [U-Boot] [RFC 03/15] include: pe.h: add image-signing-related definitions AKASHI Takahiro
2019-09-18  1:26 ` [U-Boot] [RFC 04/15] include: image.h: add key info to image_sign_info AKASHI Takahiro
2019-09-25 20:42   ` Simon Glass
2019-09-18  1:26 ` [U-Boot] [RFC 05/15] include: image.h: export hash algorithm helper functions AKASHI Takahiro
2019-09-25 20:42   ` Simon Glass
2019-09-18  1:26 ` [U-Boot] [RFC 06/15] secure boot: rename CONFIG_SECURE_BOOT AKASHI Takahiro
2019-09-19 15:02   ` Tom Rini [this message]
2019-09-19 15:10     ` Stefano Babic
2019-09-25  4:19       ` Priyanka Jain
2019-10-29  5:19         ` AKASHI Takahiro
2019-10-30  8:24           ` Priyanka Jain
2019-09-18  1:26 ` [U-Boot] [RFC 07/15] efi_loader: add signature verification functions AKASHI Takahiro
2019-09-18  1:26 ` [U-Boot] [RFC 08/15] efi_loader: variable: support variable authentication AKASHI Takahiro
2019-09-18  1:26 ` [U-Boot] [RFC 09/15] efi_loader: variable: add VendorKeys and SignatureSupport variables AKASHI Takahiro
2019-09-18  1:26 ` [U-Boot] [RFC 10/15] efi_loader: image_loader: support image authentication AKASHI Takahiro
2019-09-18  1:26 ` [U-Boot] [RFC 11/15] efi_loader: initialize secure boot state AKASHI Takahiro
2019-09-18  1:26 ` [U-Boot] [RFC 12/15] efi_loader: add CONFIG_EFI_SECURE_BOOT AKASHI Takahiro
2019-09-18  1:26 ` [U-Boot] [RFC 13/15] cmd: env: provide appropriate guid for well-defined variable AKASHI Takahiro
2019-09-18  1:26 ` [U-Boot] [RFC 14/15] efi_loader, pytest: add UEFI secure boot tests (image) AKASHI Takahiro
2019-09-18  1:26 ` [U-Boot] [RFC 15/15] efi_loader, pytest: add UEFI secure boot tests (authenticated variables) AKASHI Takahiro

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190919150236.GD6927@bill-the-cat \
    --to=trini@konsulko.com \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox