From: Anshul Dalal Date: Fri, 17 Oct 2025 19:33:12 +0000 (+0530) Subject: spl: falcon: disable fallback to U-Boot on failure X-Git-Tag: v2026.01-rc1~18^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d3ac0d60da066bf4ddb5a60174be8108fdc16862;p=thirdparty%2Fu-boot.git spl: falcon: disable fallback to U-Boot on failure Instead of falling back to the standard U-Boot boot flow, we should just halt boot if the expected boot flow in falcon mode fails. This prevents a malicious actor from accessing U-Boot proper if they can cause a boot failure on falcon mode. Signed-off-by: Anshul Dalal --- diff --git a/common/spl/spl_mmc.c b/common/spl/spl_mmc.c index bfcdea2d05f..0a00d295575 100644 --- a/common/spl/spl_mmc.c +++ b/common/spl/spl_mmc.c @@ -272,6 +272,8 @@ static int spl_mmc_do_fs_boot(struct spl_image_info *spl_image, return 0; printf("%s, Failed to load falcon payload: %d\n", __func__, ret); + if (IS_ENABLED(CONFIG_SPL_OS_BOOT_SECURE)) + return ret; printf("Fallback to U-Boot\n"); } @@ -412,6 +414,8 @@ int spl_mmc_load(struct spl_image_info *spl_image, ret = mmc_load_image_raw_os(spl_image, bootdev, mmc); if (!ret) return 0; + if (IS_ENABLED(CONFIG_SPL_OS_BOOT_SECURE)) + return ret; } raw_sect = spl_mmc_get_uboot_raw_sector(mmc, raw_sect); diff --git a/common/spl/spl_nand.c b/common/spl/spl_nand.c index c9f5d039768..3da292f1437 100644 --- a/common/spl/spl_nand.c +++ b/common/spl/spl_nand.c @@ -138,8 +138,10 @@ static int spl_nand_load_image(struct spl_image_info *spl_image, err = spl_nand_load_image_os(spl_image, bootdev); if (!err) return 0; - printf("%s: Failed in falcon boot: %d, fallback to U-Boot", - __func__, err); + printf("%s: Failed in falcon boot: %d", __func__, err); + if (IS_ENABLED(CONFIG_SPL_OS_BOOT_SECURE)) + return err; + printf("Fallback to U-Boot\n"); } #endif diff --git a/common/spl/spl_nor.c b/common/spl/spl_nor.c index c349a4c7bc3..bb91f4ab8f8 100644 --- a/common/spl/spl_nor.c +++ b/common/spl/spl_nor.c @@ -96,8 +96,10 @@ static int spl_nor_load_image(struct spl_image_info *spl_image, if (!err) return 0; - printf("%s: Failed in falcon boot: %d, fallback to U-Boot", - __func__, err); + printf("%s: Failed in falcon boot: %d", __func__, err); + if (IS_ENABLED(CONFIG_SPL_OS_BOOT_SECURE)) + return err; + printf("Fallback to U-Boot\n"); } #endif diff --git a/common/spl/spl_spi.c b/common/spl/spl_spi.c index 45718824cbf..4d61214bceb 100644 --- a/common/spl/spl_spi.c +++ b/common/spl/spl_spi.c @@ -105,8 +105,10 @@ static int spl_spi_load_image(struct spl_image_info *spl_image, if (!err) return 0; - printf("%s: Failed in falcon boot: %d, fallback to U-Boot", - __func__, err); + printf("%s: Failed in falcon boot: %d", __func__, err); + if (IS_ENABLED(CONFIG_SPL_OS_BOOT_SECURE)) + return err; + printf("Fallback to U-Boot\n"); } #endif diff --git a/common/spl/spl_ubi.c b/common/spl/spl_ubi.c index 4aecad3470c..25e7599703c 100644 --- a/common/spl/spl_ubi.c +++ b/common/spl/spl_ubi.c @@ -77,6 +77,8 @@ int spl_ubi_load_image(struct spl_image_info *spl_image, return 0; printf("%s: Failed in falcon boot: %d", __func__, ret); + if (IS_ENABLED(CONFIG_SPL_OS_BOOT_SECURE)) + return ret; printf("Fallback to U-Boot\n"); } #endif