On Thu, Sep 11, 2025 at 06:44:10PM +0530, Anshul Dalal wrote: > The expected payload for the SPL in secure falcon mode is a fitImage > that contains the kernel image and the DT. This removes the need to load > an additional args file, which exposes an additional attack vector since > it can not be verified. > > Therefore this patch disables loading of the arg file when > SPL_OS_BOOT_SECURE is set. > > Signed-off-by: Anshul Dalal <ansh...@ti.com> > --- > common/spl/Kconfig | 18 +++++++++++-------
I don't quite like how we're handling the "ARGS" part of this problem, and I think we need to clean that up first (which also means splitting this series up a bit). We should make having an "ARGS" CONFIG for any of the locations be optional as even non-secure use cases make use of FIT quite often. Then we make the "ARGS" options depend on !SPL_OS_BOOT_SECURE being set. So the first series here would be the patches that make us consistently load kernel and then args as the first step. The second step in that series would be making args optional. The third step would be some of the related cleanups you're doing. The second series would be introducing SPL_OS_BOOT_SECURE and related. Thanks! -- Tom
signature.asc
Description: PGP signature
