Hi all, With my ongoing work in supporting falcon mode on TI's AM62 platforms[1], I have encountered several limitations of falcon boot flow from a security PoV. Currently falcon mode requires an args binary (usually a DTB) and the kernel image to boot.
This conflicts with secure boot which requires a signed fitImage to be loaded with the kernel and dtb packaged in a single FIT container among other issues. This patch series adds a new SPL_SECURE_OS_BOOT config symbols which disables loading the args file as well as fallback to U-Boot if enabled. The changes have currently only been verified on MMC FS boot but I can expand support to other boot media if this is the right direction for achieving secure falcon boot. Happy booting, Anshul --- [1]: https://lore.kernel.org/u-boot/20250603142452.2707171-1-ansh...@ti.com/ --- Anshul Dalal (4): spl: Kconfig: add SPL_SECURE_OS_BOOT config symbol spl: Kconfig: allow disabling fallback during os boot spl: Kconfig: disallow loading args in falcon mode cmd: Kconfig: disable loading raw images in secure os boot cmd/Kconfig | 3 +- common/spl/Kconfig | 27 ++++++++++++++ common/spl/spl_ext.c | 5 +++ common/spl/spl_fat.c | 5 +++ common/spl/spl_mmc.c | 87 ++++++++++++++++++++++++++++---------------- 5 files changed, 94 insertions(+), 33 deletions(-) -- 2.49.0
