imx8mm_var_dart_defconfig: Disable full UEFI support

rafluan · rafluan · commit f631314f93cb · 2024-11-04T14:05:42.000-03:00
The security feature maintained by variscite for secure boot on the imx8mm is
HABv4 support, so this change disables full UEFI support. This reduces the
size of the binaries generated for the bootloader, and avoids HAB events when
enabled.

Binaries size with uefi enabled:
    - u-boot-spl.bin 103K
    - u-boot.bin 977K

Binaries size with uefi disabled:
    - u-boot-spl.bin 101K
    - u-boot.bin 823K

This patch avoid the following events:
--------- HAB Event 1 -----------------
event data:
        0xdb 0x00 0x14 0x43 0x33 0x22 0x33 0x00
        0x00 0x00 0x00 0x0f 0x00 0x7e 0x0b 0xc0
        0x00 0x03 0xf8 0x00

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ADDRESS (0x22)
CTX = HAB_CTX_TARGET (0x33)
ENG = HAB_ENG_ANY (0x00)

--------- HAB Event 2 -----------------
event data:
        0xdb 0x00 0x14 0x43 0x33 0x22 0x33 0x00
        0x00 0x00 0x00 0x0f 0x00 0x7e 0x0b 0xc0
        0x00 0x03 0xf6 0x60

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ADDRESS (0x22)
CTX = HAB_CTX_TARGET (0x33)
ENG = HAB_ENG_ANY (0x00)

Signed-off-by: Luan Rafael Carneiro &lt;luan.r@variscite.com&gt;
diff --git a/configs/imx8mm_var_dart_defconfig b/configs/imx8mm_var_dart_defconfig
@@ -62,7 +62,6 @@ CONFIG_SYS_PROMPT="u-boot=> "
 # CONFIG_BOOTM_NETBSD is not set
 # CONFIG_CMD_EXPORTENV is not set
 # CONFIG_CMD_IMPORTENV is not set
-CONFIG_CMD_NVEDIT_EFI=y
 CONFIG_CRC32_VERIFY=y
 CONFIG_CMD_MEMTEST=y
 CONFIG_CMD_CLK=y
@@ -79,13 +78,13 @@ CONFIG_CMD_USB_MASS_STORAGE=y
 CONFIG_BOOTP_PREFER_SERVERIP=y
 CONFIG_CMD_SNTP=y
 CONFIG_CMD_CACHE=y
-CONFIG_CMD_EFIDEBUG=y
 CONFIG_CMD_RTC=y
 CONFIG_CMD_TIME=y
 CONFIG_CMD_GETTIME=y
 CONFIG_CMD_TIMER=y
 CONFIG_CMD_REGULATOR=y
 CONFIG_CMD_EXT4_WRITE=y
+# CONFIG_SPL_EFI_PARTITION is not set
 CONFIG_OF_CONTROL=y
 CONFIG_ENV_OVERWRITE=y
 CONFIG_ENV_IS_IN_MMC=y
@@ -170,11 +169,5 @@ CONFIG_SPL_RSA=y
 CONFIG_SHA384=y
 CONFIG_LZO=y
 CONFIG_BZIP2=y
-CONFIG_EFI_VAR_BUF_SIZE=139264
-CONFIG_EFI_SET_TIME=y
-CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y
-CONFIG_EFI_CAPSULE_ON_DISK=y
-CONFIG_EFI_IGNORE_OSINDICATIONS=y
-CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
-CONFIG_EFI_SECURE_BOOT=y
+# CONFIG_EFI_LOADER is not set
 # CONFIG_OPTEE_LIB is not set
