On Sat Jun 7, 2025 at 12:36 AM IST, Tom Rini wrote:
> On Tue, Jun 03, 2025 at 07:54:41PM +0530, Anshul Dalal wrote:
>
>> Falcon mode was disabled for TI_SECURE_DEVICE at commit e95b9b4437bc
>> ("ti_armv7_common: Disable Falcon Mode on HS devices") for older 32-bit
>> HS devices and can be enabled on K3 devices.
>>
>> For secure boot, the kernel with x509 headers can be packaged in a fit
>> container (fitImage) signed with TIFS keys for authentication.
>>
>> Signed-off-by: Anshul Dalal <ansh...@ti.com>
>> ---
>> common/spl/Kconfig | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/common/spl/Kconfig b/common/spl/Kconfig
>> index 77cf04d38ed..bc5a334a1c5 100644
>> --- a/common/spl/Kconfig
>> +++ b/common/spl/Kconfig
>> @@ -1190,7 +1190,7 @@ config SPL_ONENAND_SUPPORT
>>
>> config SPL_OS_BOOT
>> bool "Activate Falcon Mode"
>> - depends on !TI_SECURE_DEVICE
>> + depends on !TI_SECURE_DEVICE || ARCH_K3
>> help
>> Enable booting directly to an OS from SPL.
>> for more info read doc/README.falcon
>
> I wonder if overloading ARCH_K3 like this isn't a great idea. Or perhaps
> TI_SECURE_DEVICE is too generic a name. I kind of want to introduce
> something that means TI Secure Boot is supported but also Falcon is
> supported, and then use that as how we disable in Kconfig various
> insecure options. And I assume that it's a matter of effort not
> technical restrictions for supporting falcon mode on older HS parts?
I second your opinion here, the falcon boot flow we do have in K3
devices is quite different from existing platforms but still enabled by
the same SPL_OS_BOOT config. Perhaps adding a config like K3_FALCON
makes sense here.
And yes, older HS *K3* parts should be able to support a similar falcon
style boot flow with not much changes to the k3_falcon_prep function.
