[PATCH v1 0/2] Add support for secure falcon mode: disable args file
Anshul Dalal
anshuld at ti.com
Wed Oct 8 13:36:02 CEST 2025
Hi all,
Continuing from the last series[1], this patch series addresses the requirement
to disable the args file in falcon mode.
The args file is used in falcon mode for loading the device-tree for the kernel.
However in secure falcon mode, the expected payload is a FIT containing a
signed device-tree and kernel image. Thus removing the need to load the extra
args file in the first place. Loading the extra file without any authentication
mechanism exposes an attack vector and should therefore be disabled to keep the
boot secure.
This patch set builds on the last few to first optionally allow for loading the
args file in non-secure falcon boot flow [1/2] and then disable them altogether
in the next patch [2/2] for secure falcon mode.
[1]: https://lore.kernel.org/u-boot/20251006101057.4172248-1-anshuld@ti.com/
Depends on: https://lore.kernel.org/u-boot/20251006101057.4172248-1-anshuld@ti.com/
Regards,
Anshul
---
Anshul Dalal (2):
spl: make args file optional in falcon mode
spl: prevent loading args file in secure falcon mode
common/spl/Kconfig | 23 ++++++++++++++++-------
common/spl/spl_ext.c | 4 ++++
common/spl/spl_fat.c | 5 +++++
common/spl/spl_nand.c | 4 +++-
common/spl/spl_nor.c | 2 +-
common/spl/spl_spi.c | 5 +++++
common/spl/spl_ubi.c | 4 ++++
include/system-constants.h | 2 +-
8 files changed, 39 insertions(+), 10 deletions(-)
--
2.51.0
More information about the U-Boot
mailing list