[PATCH] bootm: change default verification mode from hash to available
Sascha Hauer
s.hauer at pengutronix.de
Sun Feb 16 23:39:14 PST 2025
On Fri, 14 Feb 2025 16:46:22 +0100, Ahmad Fatoum wrote:
> The default of global.bootm.verify=hash means that barebox will refuse
> to boot images without hashes, but won't bother verifying the signature.
>
> For verified boot setups, this parameter needs to be set to signature,
> preferably enforced via CONFIG_BOOTM_FORCE_SIGNED_IMAGES.
>
> For everything else, it's better user experience if barebox would just
> verify what's available instead of refusing to boot images without hashes,
> like the image.fit that Linux can now generate as part of its build.
>
> [...]
Applied, thanks!
[1/1] bootm: change default verification mode from hash to available
https://git.pengutronix.de/cgit/barebox/commit/?id=824314cbade2 (link may not be stable)
Best regards,
--
Sascha Hauer <s.hauer at pengutronix.de>
More information about the barebox
mailing list