[RFC PATCH v1 2/4] spl: Kconfig: allow disabling fallback during os boot
Tom Rini
trini at konsulko.com
Fri Jun 27 01:47:23 CEST 2025
On Thu, Jun 26, 2025 at 05:34:40PM +0530, Anshul Dalal wrote:
> During falcon boot in FS mode, if the SPL fails to load the payload
> (kernel image and args), the execution fallbacks to standard u-boot boot
> mode.
>
> This might not be desired in cases when u-boot payload (tifalcon.bin in
> our case) is dysfuncitonal by itself or user's access to standard u-boot
> should be restricted (for security reasons for example).
>
> In our falcon use case, this fallback allows the user to bypass
> authenticated boot by just deleting the fitImage which causes SPL to
> reload tifalcon.bin. The boot proceeds as usual until ATF jumps to
> PRELOADED_BL33_BASE where the kernel has not been loaded causing the
> core to execute whatever else was written at that address.
>
> Therefore this patch adds a new config symbol SPL_FALCON_ALLOW_FALLBACK
> that explicitly toggles the fallback for MMC FS boot. It is set to 'y'
> by default so as to not break any existing falcon mode systems.
>
> Signed-off-by: Anshul Dalal <anshuld at ti.com>
> ---
> common/spl/Kconfig | 10 +++++
> common/spl/spl_mmc.c | 87 ++++++++++++++++++++++++++++----------------
> 2 files changed, 65 insertions(+), 32 deletions(-)
>
> diff --git a/common/spl/Kconfig b/common/spl/Kconfig
> index 8d153c2e9c9..d5d3a41ce61 100644
> --- a/common/spl/Kconfig
> +++ b/common/spl/Kconfig
> @@ -1203,6 +1203,16 @@ config SPL_SECURE_OS_BOOT
> Enables support for secure boot in falcon mode by restricting the SPL to
> only loading a fitImage instead of raw kernel images or DTBs.
>
> +config SPL_FALCON_ALLOW_FALLBACK
SPL_OS_BOOT_ALLOW_FALLBACK please.
> + bool "Allow fallback to regular boot if falcon mode fails"
> + depends on SPL_OS_BOOT && SYS_MMCSD_FS_BOOT && !SPL_SECURE_OS_BOOT
This should just be SPL_OS_BOOT && !SPL_OS_BOOT_SECURE.
Then in a follow-up patch we need to go and modify spl_*_load_os to make
use of the new flag and if fail to load the OS image we panic() if we
can't fall back.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250626/e345d27b/attachment.sig>
More information about the U-Boot
mailing list