On Tue, Jun 03, 2025 at 07:54:41PM +0530, Anshul Dalal wrote:
> Falcon mode was disabled for TI_SECURE_DEVICE at commit e95b9b4437bc
> ("ti_armv7_common: Disable Falcon Mode on HS devices") for older 32-bit
> HS devices and can be enabled on K3 devices.
>
> For secure boot, the kernel with x509 headers can be packaged in a fit
> container (fitImage) signed with TIFS keys for authentication.
>
> Signed-off-by: Anshul Dalal <ansh...@ti.com>
> ---
> common/spl/Kconfig | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/common/spl/Kconfig b/common/spl/Kconfig
> index 77cf04d38ed..bc5a334a1c5 100644
> --- a/common/spl/Kconfig
> +++ b/common/spl/Kconfig
> @@ -1190,7 +1190,7 @@ config SPL_ONENAND_SUPPORT
>
> config SPL_OS_BOOT
> bool "Activate Falcon Mode"
> - depends on !TI_SECURE_DEVICE
> + depends on !TI_SECURE_DEVICE || ARCH_K3
> help
> Enable booting directly to an OS from SPL.
> for more info read doc/README.falconI wonder if overloading ARCH_K3 like this isn't a great idea. Or perhaps TI_SECURE_DEVICE is too generic a name. I kind of want to introduce something that means TI Secure Boot is supported but also Falcon is supported, and then use that as how we disable in Kconfig various insecure options. And I assume that it's a matter of effort not technical restrictions for supporting falcon mode on older HS parts? -- Tom
signature.asc
Description: PGP signature
