Hi all, Continuing from the last series[1], this patch series addresses the requirement to disable the args file in falcon mode.
The args file is used in falcon mode for loading the device-tree for the kernel. However in secure falcon mode, the expected payload is a FIT containing a signed device-tree and kernel image. Thus removing the need to load the extra args file in the first place. Also, loading the extra file without any authentication mechanism exposes an attack vector and should therefore be disabled to keep the boot secure. This patch set builds on the last few to first optionally allow for loading the args file in non-secure falcon boot flow [1/3] and then disable them altogether in the next patch [2/3] for secure falcon mode. [1]: https://lore.kernel.org/u-boot/[email protected]/ Depends on: https://lore.kernel.org/u-boot/[email protected]/ Regards, Anshul --- Changes in v2: - Address Tom's comments on [1/3]: https://lore.kernel.org/u-boot/20251008163820.GC298503@bill-the-cat/ - Add call to spl_fixup_fdt with OS_BOOT_ARGS unset in [1/3] - Pick R-by tags on [2/3] - Add patch [3/3] to the series to fix the args being unset in falcon mode on certain boot modes v1: https://lore.kernel.org/u-boot/[email protected]/ --- Anshul Dalal (3): spl: make args file optional in falcon mode spl: prevent loading args file in secure falcon mode spl: set fdt address as spl_image arg in falcon mode common/spl/Kconfig | 22 +++++++++++++++------- common/spl/spl.c | 9 +++++++-- common/spl/spl_ext.c | 4 ++++ common/spl/spl_fat.c | 5 +++++ common/spl/spl_nand.c | 5 ++++- common/spl/spl_nor.c | 4 ---- common/spl/spl_spi.c | 5 +++++ common/spl/spl_ubi.c | 4 ++++ common/spl/spl_xip.c | 1 - include/system-constants.h | 2 +- 10 files changed, 45 insertions(+), 16 deletions(-) -- 2.51.0
