[PATCH RFT v1 14/17] spl: falcon: prevent loading args file in secure os boot
Tom Rini
trini at konsulko.com
Thu Sep 11 19:23:13 CEST 2025
On Thu, Sep 11, 2025 at 06:44:10PM +0530, Anshul Dalal wrote:
> The expected payload for the SPL in secure falcon mode is a fitImage
> that contains the kernel image and the DT. This removes the need to load
> an additional args file, which exposes an additional attack vector since
> it can not be verified.
>
> Therefore this patch disables loading of the arg file when
> SPL_OS_BOOT_SECURE is set.
>
> Signed-off-by: Anshul Dalal <anshuld at ti.com>
> ---
> common/spl/Kconfig | 18 +++++++++++-------
I don't quite like how we're handling the "ARGS" part of this problem,
and I think we need to clean that up first (which also means splitting
this series up a bit). We should make having an "ARGS" CONFIG for any of
the locations be optional as even non-secure use cases make use of FIT
quite often. Then we make the "ARGS" options depend on
!SPL_OS_BOOT_SECURE being set.
So the first series here would be the patches that make us consistently
load kernel and then args as the first step. The second step in that
series would be making args optional. The third step would be some of
the related cleanups you're doing. The second series would be
introducing SPL_OS_BOOT_SECURE and related. Thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250911/f289fc2d/attachment.sig>
More information about the U-Boot
mailing list