[RFC PATCH v1 3/4] spl: Kconfig: disallow loading args in falcon mode
Tom Rini
trini at konsulko.com
Fri Jun 27 01:47:33 CEST 2025
On Thu, Jun 26, 2025 at 05:34:41PM +0530, Anshul Dalal wrote:
> The current falcon boot requires loading of an args file (usually the
> DTB) and a kernel image file to boot. But with secure boot, the dtb is
> expected to be packaged inside the fitImage that kernel image (path set
> by SPL_FS_LOAD_KERNEL_NAME) points to making loading the args file
> unnecessary.
>
> Secondly the args file causes security issues since it can not be
> authenticated unlike a fitImage.
>
> Furthermore current falcon boot flow provides added flexibility that
> might not be desired in the interest of security, in the current flow
> SPL first looks for files pointed to by the environment variables
> 'falcon_args_file' and 'falcon_image_file'. This could be compromised by
> modifying the env data.
>
> Therefore this patch introduces a new boolean config symbol
> SPL_FALCON_LOAD_ARGS that simplifies the boot flow to only load the
> kernel image file set by SPL_FS_LOAD_KERNEL_NAME if disabled.
>
> Signed-off-by: Anshul Dalal <anshuld at ti.com>
> ---
> common/spl/Kconfig | 10 ++++++++++
> common/spl/spl_ext.c | 5 +++++
> common/spl/spl_fat.c | 5 +++++
> 3 files changed, 20 insertions(+)
>
> diff --git a/common/spl/Kconfig b/common/spl/Kconfig
> index d5d3a41ce61..b2dbe2eea65 100644
> --- a/common/spl/Kconfig
> +++ b/common/spl/Kconfig
> @@ -1213,6 +1213,16 @@ config SPL_FALCON_ALLOW_FALLBACK
> When enabled, u-boot will to load SPL_FS_LOAD_PAYLOAD_NAME from MMC
> if loading SPL_FS_LOAD_KERNEL_NAME fails.
>
> +config SPL_FALCON_LOAD_ARGS
I'm not sure we need this, exactly. We might need some hidden symbols
but with SPL_OS_BOOT && SPL_OS_BOOT_SECURE we just need to not allow
SPL*_ARGS options to be enabled. The tricky part will be either more
hidden symbols or some updates to various parts of the code so that we
can still compile.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250626/0d7f8aab/attachment.sig>
More information about the U-Boot
mailing list