]> git.ipfire.org Git - thirdparty/u-boot.git/commitdiff
projects / thirdparty / u-boot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d9a50f8)
spl: falcon: disable fallback to U-Boot on failure
authorAnshul Dalal <anshuld@ti.com>
Fri, 17 Oct 2025 19:33:12 +0000 (01:03 +0530)
committerTom Rini <trini@konsulko.com>
Mon, 20 Oct 2025 16:14:00 +0000 (10:14 -0600)
Instead of falling back to the standard U-Boot boot flow, we should just
halt boot if the expected boot flow in falcon mode fails.

This prevents a malicious actor from accessing U-Boot proper if they can
cause a boot failure on falcon mode.

Signed-off-by: Anshul Dalal <anshuld@ti.com>
common/spl/spl_mmc.c patch | blob | blame | history
common/spl/spl_nand.c patch | blob | blame | history
common/spl/spl_nor.c patch | blob | blame | history
common/spl/spl_spi.c patch | blob | blame | history
common/spl/spl_ubi.c patch | blob | blame | history

diff --git a/common/spl/spl_mmc.c b/common/spl/spl_mmc.c
index bfcdea2d05fbdba136d7cba1a47ab7bf457579e3..0a00d2955755e7fbcdb73bafaf46ba55bc77c28d 100644 (file)
--- a/common/spl/spl_mmc.c
+++ b/common/spl/spl_mmc.c
@@ -272,6 +272,8 @@ static int spl_mmc_do_fs_boot(struct spl_image_info *spl_image,
                        return 0;
                printf("%s, Failed to load falcon payload: %d\n", __func__,
                       ret);
+               if (IS_ENABLED(CONFIG_SPL_OS_BOOT_SECURE))
+                       return ret;
                printf("Fallback to U-Boot\n");
        }
 
@@ -412,6 +414,8 @@ int spl_mmc_load(struct spl_image_info *spl_image,
                        ret = mmc_load_image_raw_os(spl_image, bootdev, mmc);
                        if (!ret)
                                return 0;
+                       if (IS_ENABLED(CONFIG_SPL_OS_BOOT_SECURE))
+                               return ret;
                }
 
                raw_sect = spl_mmc_get_uboot_raw_sector(mmc, raw_sect);
diff --git a/common/spl/spl_nand.c b/common/spl/spl_nand.c
index c9f5d039768eef6a51976ce264b51d4a2720ef4d..3da292f1437fbf7a105e61cbe90f5dd3511d3182 100644 (file)
--- a/common/spl/spl_nand.c
+++ b/common/spl/spl_nand.c
@@ -138,8 +138,10 @@ static int spl_nand_load_image(struct spl_image_info *spl_image,
                err = spl_nand_load_image_os(spl_image, bootdev);
                if (!err)
                        return 0;
-               printf("%s: Failed in falcon boot: %d, fallback to U-Boot",
-                      __func__, err);
+               printf("%s: Failed in falcon boot: %d", __func__, err);
+               if (IS_ENABLED(CONFIG_SPL_OS_BOOT_SECURE))
+                       return err;
+               printf("Fallback to U-Boot\n");
        }
 #endif
 
diff --git a/common/spl/spl_nor.c b/common/spl/spl_nor.c
index c349a4c7bc38587b6ada5ddbd83f15721918eacc..bb91f4ab8f8024a4cee39e80f10b3ac45e271ad5 100644 (file)
--- a/common/spl/spl_nor.c
+++ b/common/spl/spl_nor.c
@@ -96,8 +96,10 @@ static int spl_nor_load_image(struct spl_image_info *spl_image,
                if (!err)
                        return 0;
 
-               printf("%s: Failed in falcon boot: %d, fallback to U-Boot",
-                      __func__, err);
+               printf("%s: Failed in falcon boot: %d", __func__, err);
+               if (IS_ENABLED(CONFIG_SPL_OS_BOOT_SECURE))
+                       return err;
+               printf("Fallback to U-Boot\n");
        }
 #endif
 
diff --git a/common/spl/spl_spi.c b/common/spl/spl_spi.c
index 45718824cbf4a642693bd74bdb6976fc5630f655..4d61214bceba874741f1c4878dd714054a9e1bcc 100644 (file)
--- a/common/spl/spl_spi.c
+++ b/common/spl/spl_spi.c
@@ -105,8 +105,10 @@ static int spl_spi_load_image(struct spl_image_info *spl_image,
                if (!err)
                        return 0;
 
-               printf("%s: Failed in falcon boot: %d, fallback to U-Boot",
-                      __func__, err);
+               printf("%s: Failed in falcon boot: %d", __func__, err);
+               if (IS_ENABLED(CONFIG_SPL_OS_BOOT_SECURE))
+                       return err;
+               printf("Fallback to U-Boot\n");
        }
 #endif
 
diff --git a/common/spl/spl_ubi.c b/common/spl/spl_ubi.c
index 4aecad3470c17d9520b32d101fd3ce0a93cdede9..25e7599703c4afd1ea9066b9fa3116b5d20039b7 100644 (file)
--- a/common/spl/spl_ubi.c
+++ b/common/spl/spl_ubi.c
@@ -77,6 +77,8 @@ int spl_ubi_load_image(struct spl_image_info *spl_image,
                        return 0;
 
                printf("%s: Failed in falcon boot: %d", __func__, ret);
+               if (IS_ENABLED(CONFIG_SPL_OS_BOOT_SECURE))
+                       return ret;
                printf("Fallback to U-Boot\n");
        }
 #endif
"Das U-Boot" Source Tree