Instead of falling back to the standard U-Boot boot flow, we should just halt boot if the expected boot flow in falcon mode fails.
This prevents a malicious actor from accessing U-Boot proper if they can cause a boot failure on falcon mode. Signed-off-by: Anshul Dalal <[email protected]> --- common/spl/spl_mmc.c | 4 ++++ common/spl/spl_nand.c | 11 +++++------ common/spl/spl_nor.c | 10 +++++----- common/spl/spl_spi.c | 3 +++ common/spl/spl_ubi.c | 2 ++ 5 files changed, 19 insertions(+), 11 deletions(-) diff --git a/common/spl/spl_mmc.c b/common/spl/spl_mmc.c index e26f1087d45..c9637399c15 100644 --- a/common/spl/spl_mmc.c +++ b/common/spl/spl_mmc.c @@ -270,6 +270,8 @@ static int spl_mmc_do_fs_boot(struct spl_image_info *spl_image, mmc_get_blk_desc(mmc), partition); if (!ret) return 0; + if (CONFIG_IS_ENABLED(OS_BOOT_SECURE)) + return ret; } #ifdef CONFIG_SPL_FS_LOAD_PAYLOAD_NAME @@ -409,6 +411,8 @@ int spl_mmc_load(struct spl_image_info *spl_image, ret = mmc_load_image_raw_os(spl_image, bootdev, mmc); if (!ret) return 0; + if (CONFIG_IS_ENABLED(OS_BOOT_SECURE)) + return ret; } raw_sect = spl_mmc_get_uboot_raw_sector(mmc, raw_sect); diff --git a/common/spl/spl_nand.c b/common/spl/spl_nand.c index 8993e304c26..7d1b55b2311 100644 --- a/common/spl/spl_nand.c +++ b/common/spl/spl_nand.c @@ -138,12 +138,11 @@ static int spl_nand_load_image(struct spl_image_info *spl_image, err = spl_nand_load_image_os(spl_image, bootdev); if (!err) return 0; - } else { - puts("The Expected Linux image was not " - "found. Please check your NAND " - "configuration.\n"); - puts("Trying to start u-boot now...\n"); - } + + puts("%s: Failed in falcon boot: %d", __func__, err); + if (CONFIG_IS_ENABLED(OS_BOOT_SECURE)) + return err; + puts("Fallback to U-Boot\n"); } #endif diff --git a/common/spl/spl_nor.c b/common/spl/spl_nor.c index e999dcc4fcf..6f8149cac53 100644 --- a/common/spl/spl_nor.c +++ b/common/spl/spl_nor.c @@ -94,11 +94,11 @@ static int spl_nor_load_image(struct spl_image_info *spl_image, err = spl_nor_load_image_os(spl_image, bootdev); if (!err) return 0; - } else { - puts("The Expected Linux image was not found.\n" - "Please check your NOR configuration.\n" - "Trying to start u-boot now...\n"); - } + + puts("%s: Failed in falcon boot: %d", __func__, err); + if (CONFIG_IS_ENABLED(OS_BOOT_SECURE)) + return err; + puts("Fallback to U-Boot\n"); } #endif diff --git a/common/spl/spl_spi.c b/common/spl/spl_spi.c index 1ada37f5c21..863be144316 100644 --- a/common/spl/spl_spi.c +++ b/common/spl/spl_spi.c @@ -104,6 +104,9 @@ static int spl_spi_load_image(struct spl_image_info *spl_image, if (!err) return 0; + + if (CONFIG_IS_ENABLED(OS_BOOT_SECURE)) + return err; } #endif diff --git a/common/spl/spl_ubi.c b/common/spl/spl_ubi.c index 162ec0f2f9b..95676975e76 100644 --- a/common/spl/spl_ubi.c +++ b/common/spl/spl_ubi.c @@ -77,6 +77,8 @@ int spl_ubi_load_image(struct spl_image_info *spl_image, return 0; puts("Loading Linux failed, falling back to U-Boot.\n"); + if (CONFIG_IS_ENABLED(OS_BOOT_SECURE)) + return ret; } #endif -- 2.51.0
