Commit 5eb35220 authored by Tom Rini's avatar Tom Rini

env: Migrate CONFIG_ENV_AES to Kconfig and deprecate

The underlying implementation for ENV_AES has security complications and
is not recommended for use.  Please see CVE-2017-3225 and CVE-2017-3226
for more details.  Mark this as deprecated now and delete this in the
medium term if no one comes forward to re-work the support.
Signed-off-by: Tom Rini's avatarTom Rini <trini@konsulko.com>
parent 0683fb72
......@@ -375,6 +375,14 @@ config ENV_IS_IN_UBI
endchoice
config ENV_AES
bool "AES-128 encryption for stored environment (DEPRECATED)"
help
Enable this to have the on-device stored environment be encrypted
with AES-128. The implementation here however has security
complications and is not recommended for use. Please see
CVE-2017-3225 and CVE-2017-3226 for more details.
config ENV_FAT_INTERFACE
string "Name of the block device for the environment"
depends on ENV_IS_IN_FAT
......
......@@ -574,7 +574,6 @@ CONFIG_ENV_ACCESS_IGNORE_FORCE
CONFIG_ENV_ADDR
CONFIG_ENV_ADDR_FLEX
CONFIG_ENV_ADDR_REDUND
CONFIG_ENV_AES
CONFIG_ENV_BASE
CONFIG_ENV_CALLBACK_LIST_DEFAULT
CONFIG_ENV_CALLBACK_LIST_STATIC
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment