From 82e04e768fc21c1ac43df5d5a68ec8aaf008c0a8 Mon Sep 17 00:00:00 2001 From: Anshul Dalal Date: Thu, 9 Oct 2025 17:28:44 +0530 Subject: [PATCH] spl: prevent loading args file in secure falcon mode The expected payload for the SPL in secure falcon mode is a fitImage that contains the kernel image and the DT. This removes the need to load an additional args file, which exposes an additional attack vector since it can not be verified. Therefore this patch disables loading of the arg file when SPL_OS_BOOT_SECURE is set. Reviewed-by: Tom Rini Signed-off-by: Anshul Dalal --- common/spl/Kconfig | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/common/spl/Kconfig b/common/spl/Kconfig index 7fd46ace8de..0fe5db43d5d 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -796,6 +796,7 @@ config SPL_FS_LOAD_PAYLOAD_NAME config SPL_FS_LOAD_KERNEL_NAME string "File to load for the OS kernel from the filesystem" depends on (SPL_FS_EXT4 || SPL_FS_FAT || SPL_FS_SQUASHFS) && SPL_OS_BOOT + default "fitImage" if SPL_OS_BOOT_SECURE default "uImage" help Filename to read to load for the OS kernel when reading from the @@ -1217,7 +1218,7 @@ config SPL_OS_BOOT_SECURE config SPL_OS_BOOT_ARGS bool "Allow SPL to load args for kernel in falcon mode" - depends on SPL_OS_BOOT || SPL_LOAD_FIT_OPENSBI_OS_BOOT + depends on (SPL_OS_BOOT || SPL_LOAD_FIT_OPENSBI_OS_BOOT) && !SPL_OS_BOOT_SECURE help This option enables the SPL to load an args file (usually the FDT) alongside the kernel image in falcon boot mode. -- 2.47.3