• Sean Anderson's avatar
    cmd: source: Support specifying config name · bcc85b96
    Sean Anderson authored and Tom Rini's avatar Tom Rini committed
    As discussed previously [1,2], the source command is not safe to use with
    verified boot unless there is a key with required = "images" (which has its
    own problems). This is because if such a key is absent, signatures are
    verified but not required. It is assumed that configuration nodes will
    provide the signature. Because the source command does not use
    configurations to determine the image to source, effectively no
    verification takes place.
    
    To address this, allow specifying configuration nodes. We use the same
    syntax as the bootm command (helpfully provided for us by fit_parse_conf).
    By default, we first try the default config and then the default image. To
    force using a config, # must be present in the command (e.g. `source
    $loadaddr#my-conf`). For convenience, the config may be omitted, just like
    the address may be (e.g. `source \#`). This also works for images
    (`source :` behaves exactly like `source` currently does).
    
    [1] https://lore.kernel.org/u-boot/7d71...
    bcc85b96