[PATCH RFT v1 15/17] env: Kconfig: disable external env in secure os boot
Anshul Dalal
anshuld at ti.com
Thu Sep 11 15:14:11 CEST 2025
Falcon mode uses falcon_image_file from the env during mmc fs boot, but
external env can be compromised. Therefore disable access to external
env by setting SPL_ENV_IS_NOWHERE when SPL_OS_BOOT_SECURE is set.
Signed-off-by: Anshul Dalal <anshuld at ti.com>
---
env/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/env/Kconfig b/env/Kconfig
index 03c189b7266..d68cb90f3a4 100644
--- a/env/Kconfig
+++ b/env/Kconfig
@@ -827,6 +827,7 @@ if SPL_ENV_SUPPORT
config SPL_ENV_IS_NOWHERE
bool "SPL Environment is not stored"
default y if ENV_IS_NOWHERE
+ default y if SPL_OS_BOOT_SECURE
help
Similar to ENV_IS_NOWHERE, used for SPL environment.
--
2.51.0
More information about the U-Boot
mailing list