[PATCH v2 0/3] Add support for secure falcon mode: disable args file
Tom Rini
trini at konsulko.com
Mon Oct 20 23:38:40 CEST 2025
On Thu, 09 Oct 2025 17:28:42 +0530, Anshul Dalal wrote:
> Continuing from the last series[1], this patch series addresses the requirement
> to disable the args file in falcon mode.
>
> The args file is used in falcon mode for loading the device-tree for the kernel.
> However in secure falcon mode, the expected payload is a FIT containing a signed
> device-tree and kernel image. Thus removing the need to load the extra args
> file in the first place. Also, loading the extra file without any authentication
> mechanism exposes an attack vector and should therefore be disabled to keep the
> boot secure.
>
> [...]
Applied to u-boot/master, thanks!
[1/3] spl: make args file optional in falcon mode
commit: b1a3ed068869d7289747dddd6dc13ecb9f9840a6
[2/3] spl: prevent loading args file in secure falcon mode
commit: 82e04e768fc21c1ac43df5d5a68ec8aaf008c0a8
[3/3] spl: set fdt address as spl_image arg in falcon mode
commit: f851171e14ac1b1910c549879a9b82060cc4cdba
--
Tom
More information about the U-Boot
mailing list