From: Anshul Dalal <anshuld@ti.com>
Date: Fri, 17 Oct 2025 19:33:06 +0000 (+0530)
Subject: spl: Kconfig: add SPL_OS_BOOT_SECURE config symbol
X-Git-Tag: v2026.01-rc1~18^2~6
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a3e67a96452983ae3b35a78cb2910f14fda9dd86;p=thirdparty%2Fu-boot.git

spl: Kconfig: add SPL_OS_BOOT_SECURE config symbol

This patch adds the new SPL_OS_BOOT_SECURE symbol that enables secure
boot flow in falcon mode. This symbol can be used to disable certain
inherently insecure options during falcon boot.

Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Anshul Dalal <anshuld@ti.com>
---

diff --git a/common/spl/Kconfig b/common/spl/Kconfig
index 4ece5d168f9..ba94d6fe05a 100644
--- a/common/spl/Kconfig
+++ b/common/spl/Kconfig
@@ -1207,6 +1207,14 @@ config SPL_OS_BOOT
 	  Enable booting directly to an OS from SPL.
 	  for more info read doc/README.falcon
 
+config SPL_OS_BOOT_SECURE
+	bool "Allow Falcon Mode on secure devices"
+	depends on SPL_OS_BOOT
+	help
+	  This allows for secure devices with signature verification capabilities
+	  to use falcon mode by disabling certain inherently non-securable options
+	  in the SPL boot flow.
+
 config SPL_PAYLOAD_ARGS_ADDR
 	hex "Address in memory to load 'args' file for Falcon Mode to"
 	depends on SPL_OS_BOOT || SPL_LOAD_FIT_OPENSBI_OS_BOOT