[PATCH v1] env: Kconfig: disable external env in secure os boot
Anshul Dalal
anshuld at ti.com
Fri Oct 17 05:58:58 CEST 2025
On Fri Oct 17, 2025 at 3:37 AM IST, Tom Rini wrote:
> On Thu, 09 Oct 2025 18:04:34 +0530, Anshul Dalal wrote:
>
>> Falcon mode uses falcon_image_file from the env during mmc fs boot, but
>> external env can be compromised. Therefore disable access to external
>> env by setting SPL_ENV_IS_NOWHERE when SPL_OS_BOOT_SECURE is set.
>>
>>
>
> Applied to u-boot/master, thanks!
>
> [1/1] env: Kconfig: disable external env in secure os boot
> commit: 1e470ddd0743bbd1f229421e11e9ad2093f7fd20
Hi Tom,
Unfortunately the patch this depends on[1] has not been merged yet.
Essentially as master stands now, we are disabling env based on
SPL_OS_BOOT_SECURE even though that config isn't defined anywhere.
I'm working on addressing your comments[2] on my last series disabling
fallback in falcon mode and will duly post a revision, in the meantime
could we just merge the [1/7] of that series and I'll remove it form the
rest of the series in the revision?
[1]:
[PATCH -next v3 1/7] spl: Kconfig: add SPL_OS_BOOT_SECURE config symbol:
- https://lore.kernel.org/u-boot/20251006101057.4172248-2-anshuld@ti.com/
[2]: https://lore.kernel.org/u-boot/20251015195943.GA710760@bill-the-cat/
Regards,
Anshul
More information about the U-Boot
mailing list