From: Sascha Hauer <s.hauer@pengutronix.de>
To: barebox@lists.infradead.org, Ahmad Fatoum <a.fatoum@pengutronix.de>
Subject: Re: [PATCH RFC 00/17] Add security policy support
Date: Tue, 23 Sep 2025 10:08:08 +0200 [thread overview]
Message-ID: <175861488841.2898830.1909397651152731956.b4-ty@pengutronix.de> (raw)
In-Reply-To: <20250814130702.4039241-1-a.fatoum@pengutronix.de>
On Thu, 14 Aug 2025 15:06:45 +0200, Ahmad Fatoum wrote:
> Security policies are a mechanism for barebox to prevent, when so
> desired, security relevant code from being executed.
>
> Security policies are controlled via a second Kconfig menu structure
> (called Sconfig) which collects security relevant options.
>
> While the normal Kconfig menu structure is about feature support
> enabled at compile time, a security policy determines whether a
> feature is allowed or prohibited at runtime with an explicit focus
> on security.
>
> [...]
Applied, thanks!
[01/1] fixup! docs: security-policies: add documentation
(no commit info)
[01/17] kconfig: allow setting CONFIG_ from the outside
https://git.pengutronix.de/cgit/barebox/commit/?id=9a4281052b8f (link may not be stable)
[03/17] kbuild: implement loopable loop_cmd
https://git.pengutronix.de/cgit/barebox/commit/?id=daaa3560414e (link may not be stable)
[04/17] Add security policy support
https://git.pengutronix.de/cgit/barebox/commit/?id=03a1030ea708 (link may not be stable)
[05/17] kbuild: allow security config use without source tree modification
https://git.pengutronix.de/cgit/barebox/commit/?id=74b1901d06f2 (link may not be stable)
[06/17] defaultenv: update PS1 according to security policy
https://git.pengutronix.de/cgit/barebox/commit/?id=98e1b8ef80b9 (link may not be stable)
[07/17] security: policy: support externally provided configs
https://git.pengutronix.de/cgit/barebox/commit/?id=d94aa6a99dfa (link may not be stable)
[08/17] commands: implement sconfig command
https://git.pengutronix.de/cgit/barebox/commit/?id=56de5ea4fe40 (link may not be stable)
[09/17] docs: security-policies: add documentation
https://git.pengutronix.de/cgit/barebox/commit/?id=9d8f7062b581 (link may not be stable)
[10/17] commands: go: add security config option
https://git.pengutronix.de/cgit/barebox/commit/?id=58401df16031 (link may not be stable)
[11/17] console: ratp: add security config option
https://git.pengutronix.de/cgit/barebox/commit/?id=d1f12e4aaaff (link may not be stable)
[12/17] bootm: support calling bootm_optional_signed_images at any time
https://git.pengutronix.de/cgit/barebox/commit/?id=48f1c4c70944 (link may not be stable)
[13/17] bootm: make unsigned image support runtime configurable
https://git.pengutronix.de/cgit/barebox/commit/?id=9dbde2ceea58 (link may not be stable)
[14/17] ARM: configs: add virt32_secure_defconfig
https://git.pengutronix.de/cgit/barebox/commit/?id=cc285c8c0ab4 (link may not be stable)
[15/17] boards: qemu-virt: add security policies
https://git.pengutronix.de/cgit/barebox/commit/?id=332277872144 (link may not be stable)
[16/17] boards: qemu-virt: allow setting policy from command line
https://git.pengutronix.de/cgit/barebox/commit/?id=cea49ae7bb88 (link may not be stable)
[17/17] test: py: add basic security policy test
https://git.pengutronix.de/cgit/barebox/commit/?id=b3773336f564 (link may not be stable)
Best regards,
--
Sascha Hauer <s.hauer@pengutronix.de>
prev parent reply other threads:[~2025-09-23 8:08 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-14 13:06 Ahmad Fatoum
2025-08-14 13:06 ` [PATCH RFC 01/17] kconfig: allow setting CONFIG_ from the outside Ahmad Fatoum
2025-08-14 13:06 ` [PATCH RFC 02/17] scripts: include scripts/include for all host tools Ahmad Fatoum
2025-08-14 13:06 ` [PATCH RFC 03/17] kbuild: implement loopable loop_cmd Ahmad Fatoum
2025-08-14 13:06 ` [PATCH RFC 04/17] Add security policy support Ahmad Fatoum
2025-08-18 13:28 ` Sascha Hauer
2025-08-18 14:08 ` Ahmad Fatoum
2025-08-14 13:06 ` [PATCH RFC 05/17] kbuild: allow security config use without source tree modification Ahmad Fatoum
2025-08-14 13:06 ` [PATCH RFC 06/17] defaultenv: update PS1 according to security policy Ahmad Fatoum
2025-08-14 13:06 ` [PATCH RFC 07/17] security: policy: support externally provided configs Ahmad Fatoum
2025-08-18 12:38 ` Ahmad Fatoum
2025-08-14 13:06 ` [PATCH RFC 08/17] commands: implement sconfig command Ahmad Fatoum
2025-08-14 13:06 ` [PATCH RFC 09/17] docs: security-policies: add documentation Ahmad Fatoum
2025-08-18 13:58 ` [PATCH] fixup! " Sascha Hauer
2025-08-14 13:06 ` [PATCH RFC 10/17] commands: go: add security config option Ahmad Fatoum
2025-08-14 13:06 ` [PATCH RFC 11/17] console: ratp: " Ahmad Fatoum
2025-08-14 13:06 ` [PATCH RFC 12/17] bootm: support calling bootm_optional_signed_images at any time Ahmad Fatoum
2025-08-14 13:06 ` [PATCH RFC 13/17] bootm: make unsigned image support runtime configurable Ahmad Fatoum
2025-08-14 13:06 ` [PATCH RFC 14/17] ARM: configs: add virt32_secure_defconfig Ahmad Fatoum
2025-08-14 13:07 ` [PATCH RFC 15/17] boards: qemu-virt: add security policies Ahmad Fatoum
2025-08-14 13:07 ` [PATCH RFC 16/17] boards: qemu-virt: allow setting policy from command line Ahmad Fatoum
2025-08-14 13:07 ` [PATCH RFC 17/17] test: py: add basic security policy test Ahmad Fatoum
2025-09-23 8:08 ` Sascha Hauer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=175861488841.2898830.1909397651152731956.b4-ty@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox