[PATCH v7 01/10] spl: Kconfig: allow K3 devices to use falcon mode
Tom Rini
trini at konsulko.com
Fri Jun 6 21:06:25 CEST 2025
On Tue, Jun 03, 2025 at 07:54:41PM +0530, Anshul Dalal wrote:
> Falcon mode was disabled for TI_SECURE_DEVICE at commit e95b9b4437bc
> ("ti_armv7_common: Disable Falcon Mode on HS devices") for older 32-bit
> HS devices and can be enabled on K3 devices.
>
> For secure boot, the kernel with x509 headers can be packaged in a fit
> container (fitImage) signed with TIFS keys for authentication.
>
> Signed-off-by: Anshul Dalal <anshuld at ti.com>
> ---
> common/spl/Kconfig | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/common/spl/Kconfig b/common/spl/Kconfig
> index 77cf04d38ed..bc5a334a1c5 100644
> --- a/common/spl/Kconfig
> +++ b/common/spl/Kconfig
> @@ -1190,7 +1190,7 @@ config SPL_ONENAND_SUPPORT
>
> config SPL_OS_BOOT
> bool "Activate Falcon Mode"
> - depends on !TI_SECURE_DEVICE
> + depends on !TI_SECURE_DEVICE || ARCH_K3
> help
> Enable booting directly to an OS from SPL.
> for more info read doc/README.falcon
I wonder if overloading ARCH_K3 like this isn't a great idea. Or perhaps
TI_SECURE_DEVICE is too generic a name. I kind of want to introduce
something that means TI Secure Boot is supported but also Falcon is
supported, and then use that as how we disable in Kconfig various
insecure options. And I assume that it's a matter of effort not
technical restrictions for supporting falcon mode on older HS parts?
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250606/bfc21798/attachment.sig>
More information about the U-Boot
mailing list