spl: Kconfig: add SPL_OS_BOOT_SECURE config symbol

This patch adds the new SPL_OS_BOOT_SECURE symbol that enables secure
boot flow in falcon mode. This symbol can be used to disable certain
inherently insecure options during falcon boot.

Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Anshul Dalal <anshuld@ti.com>

diff --git a/common/spl/Kconfig b/common/spl/Kconfig
index 4ece5d168f927abdecfacf0fa19deab16e56939f..ba94d6fe05ab268c064d48720543547442809e0c 100644 (file)
--- a/common/spl/Kconfig
+++ b/common/spl/Kconfig
@@ -1207,6 +1207,14 @@ config SPL_OS_BOOT
          Enable booting directly to an OS from SPL.
          for more info read doc/README.falcon
 
+config SPL_OS_BOOT_SECURE
+       bool "Allow Falcon Mode on secure devices"
+       depends on SPL_OS_BOOT
+       help
+         This allows for secure devices with signature verification capabilities
+         to use falcon mode by disabling certain inherently non-securable options
+         in the SPL boot flow.
+
 config SPL_PAYLOAD_ARGS_ADDR
        hex "Address in memory to load 'args' file for Falcon Mode to"
        depends on SPL_OS_BOOT || SPL_LOAD_FIT_OPENSBI_OS_BOOT