env: Migrate CONFIG_ENV_AES to Kconfig and deprecate

The underlying implementation for ENV_AES has security complications and is not recommended for use. Please see CVE-2017-3225 and CVE-2017-3226 for more details. Mark this as deprecated now and delete this in the medium term if no one comes forward to re-work the support. Signed-off-by: Tom Rini <trini@konsulko.com>
author: Tom Rini <trini@konsulko.com> 2017-09-08 13:12:16 -0400
committer: Tom Rini <trini@konsulko.com> 2017-09-08 13:12:16 -0400
commit: 5eb35220b2cbeac79af8d73c696f5930a755c5bd (patch)
tree: f59b9f17685f72088979d53a0a6f451fad1ef09a /env
parent: 0683fb7242100a2a006d23627e9a53822136a615 (diff)
download: u-boot-5eb35220b2cbeac79af8d73c696f5930a755c5bd.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/env/Kconfig b/env/Kconfig
index f12ef28634..024d4d79bd 100644
--- a/env/Kconfig
+++ b/env/Kconfig
@@ -375,6 +375,14 @@ config ENV_IS_IN_UBI
 
 endchoice
 
+config ENV_AES
+	bool "AES-128 encryption for stored environment (DEPRECATED)"
+	help
+	  Enable this to have the on-device stored environment be encrypted
+	  with AES-128.  The implementation here however has security
+	  complications and is not recommended for use.  Please see
+	  CVE-2017-3225 and CVE-2017-3226 for more details.
+
 config ENV_FAT_INTERFACE
 	string "Name of the block device for the environment"
 	depends on ENV_IS_IN_FAT
author	Tom Rini <trini@konsulko.com>	2017-09-08 13:12:16 -0400
committer	Tom Rini <trini@konsulko.com>	2017-09-08 13:12:16 -0400
commit	5eb35220b2cbeac79af8d73c696f5930a755c5bd (patch)
tree	f59b9f17685f72088979d53a0a6f451fad1ef09a /env
parent	0683fb7242100a2a006d23627e9a53822136a615 (diff)
download	u-boot-5eb35220b2cbeac79af8d73c696f5930a755c5bd.tar.gz