On 9/23/25 8:08 AM, Anshul Dalal wrote:
Falcon mode was disabled for TI_SECURE_DEVICE at commit e95b9b4437bc
("ti_armv7_common: Disable Falcon Mode on HS devices") for older 32-bit
HS devices and but can now be enabled with the addition of
OS_BOOT_SECURE.
For secure boot, the kernel with x509 headers can be packaged in a fit
container (fitImage) signed with TIFS keys for authentication.
Signed-off-by: Anshul Dalal <ansh...@ti.com>
---
common/spl/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/spl/Kconfig b/common/spl/Kconfig
index 7e87e50f693..ab780da9e1c 100644
--- a/common/spl/Kconfig
+++ b/common/spl/Kconfig
@@ -1201,7 +1201,7 @@ config SPL_ONENAND_SUPPORT
config SPL_OS_BOOT
bool "Activate Falcon Mode"
- depends on !TI_SECURE_DEVICE
+ select SPL_OS_BOOT_SECURE if TI_SECURE_DEVICE
help
Enable booting directly to an OS from SPL.
for more info read doc/README.falcon
The subject doesn't need to include "K3", this is for all
TI secure devices.
This patch should also go last in the series. Not that it
causes any break, but feels like a "security bisectability"
problem to allow something and then after make it secure.
Andrew
