boot: don't enable the non-secure boot commands by default if secure boot enabledWIP/2022-04-11-further-assorted-fixes

To prevent booting unsigned images, don't enable the non-secure boot
commands(booti, bootz .etc) by default if secure boot enabled.

Signed-off-by: Rover Mo <myzmzz@126.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>

2 files changed, 10 insertions, 3 deletions

diff --git a/boot/Kconfig b/boot/Kconfig
index ec5b956..a69c796 100644
--- a/boot/Kconfig
+++ b/boot/Kconfig
@@ -294,7 +294,7 @@ endif # FIT
 
 config LEGACY_IMAGE_FORMAT
 	bool "Enable support for the legacy image format"
-	default y if !FIT_SIGNATURE
+	default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT
 	help
 	  This option enables the legacy image format. It is enabled by
 	  default for backward compatibility, unless FIT_SIGNATURE is
diff --git a/cmd/Kconfig b/cmd/Kconfig
index d3abe3a..180d097 100644
--- a/cmd/Kconfig
+++ b/cmd/Kconfig
@@ -220,15 +220,22 @@ config BOOTM_EFI
 
 config CMD_BOOTZ
 	bool "bootz"
+	default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT
 	help
 	  Boot the Linux zImage
+	  The bootz command is used for launching unsigned Linux zImage.
+	  If you want to have secure boot either via signed FIT images or via
+	  signed UEFI images, this option should be disabled.
 
 config CMD_BOOTI
 	bool "booti"
 	depends on ARM64 || RISCV
-	default y
+	default y if !FIT_SIGNATURE && !EFI_SECURE_BOOT
 	help
-	  Boot an AArch64 Linux Kernel image from memory.
+	  Boot an AArch64/RISC-V Linux Kernel image from memory.
+	  The booti command is used for launching unsigned AArch64 and RISC-V
+	  Linux kernel images. If you want to have secure boot either via signed
+	  FIT images or via signed UEFI images, this option should be disabled.
 
 config BOOTM_LINUX
 	bool "Support booting Linux OS images"