summaryrefslogtreecommitdiff
path: root/payloads/external
diff options
context:
space:
mode:
authorMaciej Pijanowski <maciej.pijanowski@3mdeb.com>2023-12-21 21:38:03 +0100
committerFelix Singer <service+coreboot-gerrit@felixsinger.de>2024-05-29 19:22:57 +0000
commit0306cc2bbd40375972e1bda32b640a51c14e4ab0 (patch)
tree415994830c447ee8ef9e09ced7a3002822df99ce /payloads/external
parentfda9d75d90dfb8b5a441eea9d108e6f075087dc0 (diff)
payloads/iPXE: Hook up TRUST_CMD switch
Change-Id: Ia4f5d4140eeb8625c5ee41e38f048658db28a199 Signed-off-by: Maciej Pijanowski <maciej.pijanowski@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/79684 Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'payloads/external')
-rw-r--r--payloads/external/Makefile.mk1
-rw-r--r--payloads/external/iPXE/Kconfig9
-rw-r--r--payloads/external/iPXE/Makefile3
3 files changed, 13 insertions, 0 deletions
diff --git a/payloads/external/Makefile.mk b/payloads/external/Makefile.mk
index c227402ee5..d497cf871c 100644
--- a/payloads/external/Makefile.mk
+++ b/payloads/external/Makefile.mk
@@ -381,6 +381,7 @@ payloads/external/iPXE/ipxe/ipxe.rom ipxe: $(DOTCONFIG) $(IPXE_CONFIG_SCRIPT)
CONFIG_HAS_SCRIPT=$(CONFIG_IPXE_ADD_SCRIPT) \
CONFIG_IPXE_NO_PROMPT=$(CONFIG_IPXE_NO_PROMPT) \
CONFIG_IPXE_HAS_HTTPS=$(CONFIG_IPXE_HAS_HTTPS) \
+ CONFIG_PXE_TRUST_CMD=$(CONFIG_PXE_TRUST_CMD) \
MFLAGS= MAKEFLAGS=
# LinuxBoot
diff --git a/payloads/external/iPXE/Kconfig b/payloads/external/iPXE/Kconfig
index 2ad39a1a6b..02dce27848 100644
--- a/payloads/external/iPXE/Kconfig
+++ b/payloads/external/iPXE/Kconfig
@@ -108,7 +108,16 @@ config IPXE_HAS_HTTPS
Enable HTTPS protocol, which allows you to encrypt all communication
with a web server and to verify the server's identity
+config PXE_TRUST_CMD
+ bool "Enable TRUST commands"
+ default y
+ help
+ Enable imgverify and imgtrust commands, which allow you to verify
+ digital signature of file prior loading it, and restrict to loading
+ trusted files only.
+
endif # BUILD_IPXE
+
endmenu
endif # PXE
diff --git a/payloads/external/iPXE/Makefile b/payloads/external/iPXE/Makefile
index 6f5525bcd6..91074fea99 100644
--- a/payloads/external/iPXE/Makefile
+++ b/payloads/external/iPXE/Makefile
@@ -52,6 +52,9 @@ endif
ifeq ($(CONFIG_IPXE_HAS_HTTPS),y)
sed -i'' 's|.*DOWNLOAD_PROTO_HTTPS|#define DOWNLOAD_PROTO_HTTPS|g' "$(project_dir)/src/config/general.h"
endif
+ifeq ($(CONFIG_PXE_TRUST_CMD),y)
+ sed -i'' 's|.*IMAGE_TRUST_CMD|#define IMAGE_TRUST_CMD|g' "$(project_dir)/src/config/general.h"
+endif
build: config $(CONFIG_SCRIPT)
ifeq ($(CONFIG_HAS_SCRIPT),y)