SHA512 checksum is a 512-bit (64-byte) hash value used to check that
the image contents have not been corrupted.
+config FIT_FULL_CHECK
+ bool "Do a full check of the FIT before using it"
+ default y
+ help
+ Enable this do a full check of the FIT to make sure it is valid. This
+ helps to protect against carefully crafted FITs which take advantage
+ of bugs or omissions in the code. This includes a bad structure,
+ multiple root nodes and the like.
+
config FIT_SIGNATURE
bool "Enable signature verification of FIT uImages"
depends on DM
select RSA
select RSA_VERIFY
select IMAGE_SIGN_INFO
+ select FIT_FULL_CHECK
help
This option enables signature verification of FIT uImages,
using a hash signed and verified using RSA. If
injected into the FIT creation (i.e. the blobs would have been pre-
processed before being added to the FIT image).
+config FIT_PRINT
+ bool "Support FIT printing"
+ default y
+ help
+ Support printing the content of the fitImage in a verbose manner.
+
if SPL
config SPL_FIT
help
Support printing the content of the fitImage in a verbose manner in SPL.
+config SPL_FIT_FULL_CHECK
+ bool "Do a full check of the FIT before using it"
+ help
+ Enable this do a full check of the FIT to make sure it is valid. This
+ helps to protect against carefully crafted FITs which take advantage
+ of bugs or omissions in the code. This includes a bad structure,
+ multiple root nodes and the like.
+
+
config SPL_FIT_SIGNATURE
bool "Enable signature verification of FIT firmware within SPL"
depends on SPL_DM
select SPL_RSA
select SPL_RSA_VERIFY
select SPL_IMAGE_SIGN_INFO
+ select SPL_FIT_FULL_CHECK
config SPL_LOAD_FIT
bool "Enable SPL loading U-Boot as a FIT (basic fitImage features)"
used for booting OS with different memory setup where the part of
the memory location should be used for different purpose.
+config CHROMEOS
+ bool "Support booting Chrome OS"
+ help
+ Chrome OS requires U-Boot to set up a table indicating the boot mode
+ (e.g. Developer mode) and a few other things. Enable this if you are
+ booting on a Chromebook to avoid getting an error about an invalid
+ firmware ID.
+
+config CHROMEOS_VBOOT
+ bool "Support Chrome OS verified boot"
+ help
+ This is intended to enable the full Chrome OS verified boot support
+ in U-Boot. It is not actually implemented in the U-Boot source code
+ at present, so this option is always set to 'n'. It allows
+ distinguishing between booting Chrome OS in a basic way (developer
+ mode) and a full boot.
+
endmenu # Boot images
menu "Boot timing"
This option adds the feature to only stop the autobooting,
and therefore boot into the U-Boot prompt, when the input
string / password matches a values that is encypted via
- a SHA256 hash and saved in the environment.
+ a SHA256 hash and saved in the environment variable
+ "bootstopkeysha256". If the value in that variable
+ includes a ":", the portion prior to the ":" will be treated
+ as a salt value.
config AUTOBOOT_USE_MENUKEY
bool "Allow a specify key to run a menu from the environment"
CONFIG_BOOTARGS goes into the environment value "bootargs". Note that
this value will also override the "chosen" node in FDT blob.
+config BOOTARGS_SUBST
+ bool "Support substituting strings in boot arguments"
+ help
+ This allows substituting string values in the boot arguments. These
+ are applied after the commandline has been built.
+
+ One use for this is to insert the root-disk UUID into the command
+ line where bootargs contains "root=${uuid}"
+
+ setenv bootargs "console= root=${uuid}"
+ # Set the 'uuid' environment variable
+ part uuid mmc 2:2 uuid
+
+ # Command-line substitution will put the real uuid into the
+ # kernel command line
+ bootm
+
config USE_BOOTCOMMAND
bool "Enable a default value for bootcmd"
help
config PREBOOT
string "preboot default value"
depends on USE_PREBOOT && !USE_DEFAULT_ENV_FILE
- default "usb start" if USB_KEYBOARD || USB_STORAGE
+ default "usb start" if USB_KEYBOARD
default ""
help
This is the default of "preboot" environment variable.