spl: prevent loading args file in secure falcon mode

The expected payload for the SPL in secure falcon mode is a fitImage
that contains the kernel image and the DT. This removes the need to load
an additional args file, which exposes an additional attack vector since
it can not be verified.

Therefore this patch disables loading of the arg file when
SPL_OS_BOOT_SECURE is set.

Reviewed-by: Tom Rini <[email protected]>
Signed-off-by: Anshul Dalal <[email protected]>

1 files changed, 2 insertions, 1 deletions

diff --git a/common/spl/Kconfig b/common/spl/Kconfig
index 7fd46ace8de..0fe5db43d5d 100644
--- a/common/spl/Kconfig
+++ b/common/spl/Kconfig
@@ -796,6 +796,7 @@ config SPL_FS_LOAD_PAYLOAD_NAME
 config SPL_FS_LOAD_KERNEL_NAME
 	string "File to load for the OS kernel from the filesystem"
 	depends on (SPL_FS_EXT4 || SPL_FS_FAT || SPL_FS_SQUASHFS) && SPL_OS_BOOT
+	default "fitImage" if SPL_OS_BOOT_SECURE
 	default "uImage"
 	help
 	  Filename to read to load for the OS kernel when reading from the
@@ -1217,7 +1218,7 @@ config SPL_OS_BOOT_SECURE
 
 config SPL_OS_BOOT_ARGS
 	bool "Allow SPL to load args for kernel in falcon mode"
-	depends on SPL_OS_BOOT || SPL_LOAD_FIT_OPENSBI_OS_BOOT
+	depends on (SPL_OS_BOOT || SPL_LOAD_FIT_OPENSBI_OS_BOOT) && !SPL_OS_BOOT_SECURE
 	help
 	  This option enables the SPL to load an args file (usually the FDT)
 	  alongside the kernel image in falcon boot mode.