From: Heiko Schocher <hs@denx.de>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 1/4] bootm: allow to disable legacy image format
Date: Fri, 09 May 2014 07:12:24 +0200 [thread overview]
Message-ID: <536C63B8.2010801@denx.de> (raw)
In-Reply-To: <536B8062.6030209@kaew.be>
Hello Mike,
Am 08.05.2014 15:02, schrieb mike:
> Hi Heiko,
>
> Did you see my last email? The one that bounced with a mime header and where I attached a patch file.
Seems I missed this EMail ...
> I just wonder if its not better to switch the define to be
>
> if (CONFIG_SIGNATURE_VERIFICATION_WITH_LEGACY_SIDE_DOOR). It can become mutually exclusive with the existing signature verification define.
The define length seems a little long, but this is also an option.
I just prepared my patch after Simons comment, see:
http://lists.denx.de/pipermail/u-boot/2014-May/179139.html
> That way the legacy stuff is removed automatically upon requesting verification unless defined otherwise. When you fail to boot an unsigned legacy kernel then its kind of obvious that you have to solve something but if you implement verified boot and
> forget this new variable then you leave a security hole.
>
> In my last email I also discussed my confusion regard the 'required' variable. Similar argument to the above plus some other thoughts.
Was this EMail on the U-Boot ML? I could not find it...
Can you send a link?
bye,
Heiko
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
next prev parent reply other threads:[~2014-05-09 5:12 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-08 11:05 [U-Boot] [PATCH 0/4] mpc8313: ids8313 board updates Heiko Schocher
2014-05-08 11:05 ` [U-Boot] [PATCH 1/4] bootm: allow to disable legacy image format Heiko Schocher
2014-05-08 13:02 ` mike
2014-05-09 4:29 ` Wolfgang Denk
2014-05-09 5:12 ` Heiko Schocher [this message]
2014-05-09 13:13 ` Simon Glass
2014-05-09 13:35 ` Wolfgang Denk
2014-05-09 18:47 ` Simon Glass
2014-05-09 19:12 ` Tom Rini
2014-05-12 7:36 ` Heiko Schocher
2014-05-12 15:00 ` Tom Rini
2014-05-08 11:05 ` [U-Boot] [PATCH 2/4] mpc8313, signed fit: disable legacy image format on ids8313 board Heiko Schocher
2014-05-08 20:19 ` Kim Phillips
2014-05-08 11:05 ` [U-Boot] [PATCH 3/4] lib, fdt: move fdtdec_get_int() out of lib/fdtdec.c Heiko Schocher
2014-05-09 19:59 ` Simon Glass
2014-05-12 7:09 ` Heiko Schocher
2014-05-08 11:05 ` [U-Boot] [PATCH 4/4] mpc8313: add CONFIG_SYS_GENERIC_BOARD to ids8313 board Heiko Schocher
2014-05-08 20:19 ` Kim Phillips
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=536C63B8.2010801@denx.de \
--to=hs@denx.de \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox