On Fri Jun 27, 2025 at 5:17 AM IST, Tom Rini wrote: > On Thu, Jun 26, 2025 at 05:34:42PM +0530, Anshul Dalal wrote: > >> Raw kernel images can not be authenticated so disable loading such >> binaries in secure falcon mode. This change restricts the falcon mode >> SPL to FIT as the only viable boot image which can be authenticated. >> >> Signed-off-by: Anshul Dalal <ansh...@ti.com> >> --- >> cmd/Kconfig | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/cmd/Kconfig b/cmd/Kconfig >> index ed741d43cea..8eb55dd7f6e 100644 >> --- a/cmd/Kconfig >> +++ b/cmd/Kconfig >> @@ -353,12 +353,13 @@ config BOOTM_ELF >> >> config CMD_BOOTZ >> bool "bootz" >> + depends on !SPL_SECURE_OS_BOOT >> help >> Boot the Linux zImage >> >> config CMD_BOOTI >> bool "booti" >> - depends on ARM64 || RISCV || SANDBOX >> + depends on (ARM64 || RISCV || SANDBOX) && !SPL_SECURE_OS_BOOT >> default y >> help >> Boot an AArch64 Linux Kernel image from memory. > > This is just pushing things too far and we need to step back and fix it, > sorry. We need BOOTZ_IMAGE_FORMAT and BOOTI_IMAGE_FORMAT to go with > LEGACY_IMAGE_FORMAT, and then SPL_... variants too, and then use those > symbols.
I can respin one of my earlier patch series[1] that migrated these CMD_BOOTx symbols to SPL. But we should still disable those new symbols to prevent loading of unverifiable raw kernel images in secure os boot right? [1]: https://lore.kernel.org/u-boot/20250408141436.712387-1-ansh...@ti.com/
