[PATCH v2 0/3] Add support for secure falcon mode: disable args file
Anshul Dalal
anshuld at ti.com
Thu Oct 9 13:58:42 CEST 2025
Hi all,
Continuing from the last series[1], this patch series addresses the requirement
to disable the args file in falcon mode.
The args file is used in falcon mode for loading the device-tree for the kernel.
However in secure falcon mode, the expected payload is a FIT containing a signed
device-tree and kernel image. Thus removing the need to load the extra args
file in the first place. Also, loading the extra file without any authentication
mechanism exposes an attack vector and should therefore be disabled to keep the
boot secure.
This patch set builds on the last few to first optionally allow for loading the
args file in non-secure falcon boot flow [1/3] and then disable them altogether
in the next patch [2/3] for secure falcon mode.
[1]: https://lore.kernel.org/u-boot/20251006101057.4172248-1-anshuld@ti.com/
Depends on: https://lore.kernel.org/u-boot/20251006101057.4172248-1-anshuld@ti.com/
Regards,
Anshul
---
Changes in v2:
- Address Tom's comments on [1/3]: https://lore.kernel.org/u-boot/20251008163820.GC298503@bill-the-cat/
- Add call to spl_fixup_fdt with OS_BOOT_ARGS unset in [1/3]
- Pick R-by tags on [2/3]
- Add patch [3/3] to the series to fix the args being unset in falcon mode on
certain boot modes
v1: https://lore.kernel.org/u-boot/20251008113605.1055826-1-anshuld@ti.com/
---
Anshul Dalal (3):
spl: make args file optional in falcon mode
spl: prevent loading args file in secure falcon mode
spl: set fdt address as spl_image arg in falcon mode
common/spl/Kconfig | 22 +++++++++++++++-------
common/spl/spl.c | 9 +++++++--
common/spl/spl_ext.c | 4 ++++
common/spl/spl_fat.c | 5 +++++
common/spl/spl_nand.c | 5 ++++-
common/spl/spl_nor.c | 4 ----
common/spl/spl_spi.c | 5 +++++
common/spl/spl_ubi.c | 4 ++++
common/spl/spl_xip.c | 1 -
include/system-constants.h | 2 +-
10 files changed, 45 insertions(+), 16 deletions(-)
--
2.51.0
More information about the U-Boot
mailing list