Hi all,
During the implementation of falcon mode for TI's K3 devices [1], I encountered
several limitations in regards to the current falcon mode support in U-Boot
especially in ensuring a secure boot flow.
Although the current implementation allows for loading of a signed fitImage as
the SPL payload, there are still a few edge cases that might allow bypassing the
verified boot path.
The following issues with current falcon mode need to be resolved:
1) No fallback:
We currently fallback to regular boot flow if falcon mode fails,
this might not be secure.
2) No arguments file:
We currently load a kernel file (which could be a raw image or FIT)
alongside an args file (usually the DT). The args file here doesn't have
any verification mechanism, so should be skipped altogether as the FIT can
contain the DT.
3) No access to env:
In ext and fat fs boot, currently we also reads the environment to get the
names of the kernel and the arg file. This should be disabled in secure
falcon flow as the env might not be secure.
4) No raw image boot:
Boot should fail when the kernel file is a raw kernel image, only FIT should
be allowed.
As per the recommendation of maintainers[2], I have decided to split the above
set of tasks into multiple patch series. This is the first one which fixes the
load order of kernel image and the args file in falcon mode. Along with some
minor cleanup.
Regards,
Anshul
[1]: https://lore.kernel.org/u-boot/20250603142452.2707171-1-ansh...@ti.com/
[2]: https://lore.kernel.org/u-boot/20250911172313.GT124814@bill-the-cat/
---
Changes in v3:
- Remove extra added prints
- More cleanup of CONFIG_SPL_LIBCOMMON_SUPPORT in the last patch
v2: https://lore.kernel.org/u-boot/20250916103542.104773-1-ansh...@ti.com/
Changes in v2:
- Split series into multiple:
1. Fix load order of kernel image and args file in MMC/FS boot (this series)
2. Prevent fallback to U-Boot proper in falcon mode
3. Remove the need for args file in falcon mode
4. Disable env in falcon mode
5. Fixes such as disabling booting raw images
- Add call to ext4fs_set_blk_dev and ext4fs_mount for args file
- Add maintainers of platforms with SPL_OPTEE_IMAGE in CC
- Pick up R-by tags
v1: https://lore.kernel.org/u-boot/20250911131414.3296697-1-ansh...@ti.com/
---
Anshul Dalal (4):
spl: fat: load kernel image before args in falcon
spl: ext: load kernel image before args in falcon
spl: mmc: load kernel image before args in falcon
spl: ext,fat: cleanup use of CONFIG_SPL_LIBCOMMON_SUPPORT
common/spl/spl_ext.c | 64 +++++++++++++++++++++++---------------------
common/spl/spl_fat.c | 47 ++++++++++++++++----------------
common/spl/spl_mmc.c | 20 +++++++-------
3 files changed, 68 insertions(+), 63 deletions(-)
--
2.51.0
