[PATCH RFT v1 16/17] Kconfig: disable raw image boot in secure falcon mode

Tom Rini trini at konsulko.com
Thu Sep 11 19:32:09 CEST 2025 

On Thu, Sep 11, 2025 at 06:44:12PM +0530, Anshul Dalal wrote:

> CMD_BOOTI and CMD_BOOZ enable support for booting raw kernel images in
> falcon mode. This is insecure since raw images can not be authenticated,
> therefore disable those configs when SPL_OS_BOOT_SECURE is set.
> 
> Signed-off-by: Anshul Dalal <anshuld at ti.com>
> ---
>  boot/Kconfig | 4 ++--
>  cmd/Kconfig  | 3 ++-
>  2 files changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/boot/Kconfig b/boot/Kconfig
> index 124f6db3e6e..ddb7a82b374 100644
> --- a/boot/Kconfig
> +++ b/boot/Kconfig
> @@ -422,8 +422,8 @@ config BOOT_DEFAULTS_CMDS
>  	select CMD_DHCP if CMD_NET
>  	select CMD_PING if CMD_NET
>  	select CMD_PXE if CMD_NET
> -	select CMD_BOOTI if ARM64
> -	select CMD_BOOTZ if ARM && !ARM64
> +	select CMD_BOOTI if ARM64 && !SPL_OS_BOOT_SECURE
> +	select CMD_BOOTZ if ARM && !ARM64 && !SPL_OS_BOOT_SECURE
>  	imply CMD_MII if NET
>  
>  config BOOT_DEFAULTS
> diff --git a/cmd/Kconfig b/cmd/Kconfig
> index 29de857ba7c..c4828ed90a4 100644
> --- a/cmd/Kconfig
> +++ b/cmd/Kconfig
> @@ -360,12 +360,13 @@ config BOOTM_ELF
>  
>  config CMD_BOOTZ
>  	bool "bootz"
> +	depends on !SPL_OS_BOOT_SECURE
>  	help
>  	  Boot the Linux zImage
>  
>  config CMD_BOOTI
>  	bool "booti"
> -	depends on ARM64 || RISCV || SANDBOX
> +	depends on (ARM64 || RISCV || SANDBOX) && !SPL_OS_BOOT_SECURE
>  	default y
>  	help
>  	  Boot an AArch64 Linux Kernel image from memory.

You need to think about this in another way, commands aren't present in
SPL binaries. What's probably the best starting path is to ignore this
particular problem, U-Boot has tons of security breaking options, and
then a follow-up would be to figure out how to build (and also for
binman/etc, package!) only SPL. Since really you don't want to flash a
full U-Boot itself when falcon mode will panic if fail and not fall back
to U-Boot.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250911/32fc15b1/attachment.sig>

More information about the U-Boot mailing list