[PATCH 2/4] spl: Force disable non-FIT loading for TI secure devices
Andrew Davis
afd at ti.com
Wed May 4 22:52:26 CEST 2022
Booting of non-FIT images bypass our chain-of-trust boot flow,
these options should not be allowed when high security is set.
Signed-off-by: Andrew Davis <afd at ti.com>
---
common/spl/Kconfig | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/common/spl/Kconfig b/common/spl/Kconfig
index 43485af468..50ff113cab 100644
--- a/common/spl/Kconfig
+++ b/common/spl/Kconfig
@@ -219,7 +219,8 @@ config SPL_BOOTCOUNT_LIMIT
config SPL_RAW_IMAGE_SUPPORT
bool "Support SPL loading and booting of RAW images"
default n if (ARCH_MX6 && (SPL_MMC || SPL_SATA))
- default y if !TI_SECURE_DEVICE
+ default y
+ depends on !TI_SECURE_DEVICE
help
SPL will support loading and booting a RAW image when this option
is y. If this is not set, SPL will move on to other available
@@ -227,7 +228,8 @@ config SPL_RAW_IMAGE_SUPPORT
config SPL_LEGACY_IMAGE_FORMAT
bool "Support SPL loading and booting of Legacy images"
- default y if !TI_SECURE_DEVICE && !SPL_LOAD_FIT
+ default y if !SPL_LOAD_FIT
+ depends on !TI_SECURE_DEVICE
help
SPL will support loading and booting Legacy images when this option
is y. If this is not set, SPL will move on to other available
--
2.36.0
More information about the U-Boot
mailing list