[PATCH RFT v1 01/17] spl: Kconfig: add SPL_OS_BOOT_SECURE config symbol
Anshul Dalal
anshuld at ti.com
Thu Sep 11 15:13:57 CEST 2025
This patch adds the new SPL_OS_BOOT_SECURE symbol that enables secure
boot flow in falcon mode. This symbol can be used to disable certain
inherently insecure options during falcon boot.
Signed-off-by: Anshul Dalal <anshuld at ti.com>
---
common/spl/Kconfig | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/common/spl/Kconfig b/common/spl/Kconfig
index ab05536bd02..7e87e50f693 100644
--- a/common/spl/Kconfig
+++ b/common/spl/Kconfig
@@ -1206,6 +1206,14 @@ config SPL_OS_BOOT
Enable booting directly to an OS from SPL.
for more info read doc/README.falcon
+config SPL_OS_BOOT_SECURE
+ bool "Allow Falcon Mode on secure devices"
+ depends on SPL_OS_BOOT
+ help
+ This allows for secure devices with signature verification capabilities
+ to use falcon mode by disabling certain inherently non-securable options
+ in the SPL boot flow.
+
config SPL_PAYLOAD_ARGS_ADDR
hex "Address in memory to load 'args' file for Falcon Mode to"
depends on SPL_OS_BOOT || SPL_LOAD_FIT_OPENSBI_OS_BOOT
--
2.51.0
More information about the U-Boot
mailing list