diff options
| author | Anshul Dalal <[email protected]> | 2025-10-18 01:03:12 +0530 |
|---|---|---|
| committer | Tom Rini <[email protected]> | 2025-10-20 10:14:00 -0600 |
| commit | d3ac0d60da066bf4ddb5a60174be8108fdc16862 (patch) | |
| tree | 971253a2fd6e768d07324b37c03b05e18def4dff | |
| parent | d9a50f8f14a5e052c0731492d8223dd3b8332a8b (diff) | |
spl: falcon: disable fallback to U-Boot on failure
Instead of falling back to the standard U-Boot boot flow, we should just
halt boot if the expected boot flow in falcon mode fails.
This prevents a malicious actor from accessing U-Boot proper if they can
cause a boot failure on falcon mode.
Signed-off-by: Anshul Dalal <[email protected]>
| -rw-r--r-- | common/spl/spl_mmc.c | 4 | ||||
| -rw-r--r-- | common/spl/spl_nand.c | 6 | ||||
| -rw-r--r-- | common/spl/spl_nor.c | 6 | ||||
| -rw-r--r-- | common/spl/spl_spi.c | 6 | ||||
| -rw-r--r-- | common/spl/spl_ubi.c | 2 |
5 files changed, 18 insertions, 6 deletions
diff --git a/common/spl/spl_mmc.c b/common/spl/spl_mmc.c index bfcdea2d05f..0a00d295575 100644 --- a/common/spl/spl_mmc.c +++ b/common/spl/spl_mmc.c @@ -272,6 +272,8 @@ static int spl_mmc_do_fs_boot(struct spl_image_info *spl_image, return 0; printf("%s, Failed to load falcon payload: %d\n", __func__, ret); + if (IS_ENABLED(CONFIG_SPL_OS_BOOT_SECURE)) + return ret; printf("Fallback to U-Boot\n"); } @@ -412,6 +414,8 @@ int spl_mmc_load(struct spl_image_info *spl_image, ret = mmc_load_image_raw_os(spl_image, bootdev, mmc); if (!ret) return 0; + if (IS_ENABLED(CONFIG_SPL_OS_BOOT_SECURE)) + return ret; } raw_sect = spl_mmc_get_uboot_raw_sector(mmc, raw_sect); diff --git a/common/spl/spl_nand.c b/common/spl/spl_nand.c index c9f5d039768..3da292f1437 100644 --- a/common/spl/spl_nand.c +++ b/common/spl/spl_nand.c @@ -138,8 +138,10 @@ static int spl_nand_load_image(struct spl_image_info *spl_image, err = spl_nand_load_image_os(spl_image, bootdev); if (!err) return 0; - printf("%s: Failed in falcon boot: %d, fallback to U-Boot", - __func__, err); + printf("%s: Failed in falcon boot: %d", __func__, err); + if (IS_ENABLED(CONFIG_SPL_OS_BOOT_SECURE)) + return err; + printf("Fallback to U-Boot\n"); } #endif diff --git a/common/spl/spl_nor.c b/common/spl/spl_nor.c index c349a4c7bc3..bb91f4ab8f8 100644 --- a/common/spl/spl_nor.c +++ b/common/spl/spl_nor.c @@ -96,8 +96,10 @@ static int spl_nor_load_image(struct spl_image_info *spl_image, if (!err) return 0; - printf("%s: Failed in falcon boot: %d, fallback to U-Boot", - __func__, err); + printf("%s: Failed in falcon boot: %d", __func__, err); + if (IS_ENABLED(CONFIG_SPL_OS_BOOT_SECURE)) + return err; + printf("Fallback to U-Boot\n"); } #endif diff --git a/common/spl/spl_spi.c b/common/spl/spl_spi.c index 45718824cbf..4d61214bceb 100644 --- a/common/spl/spl_spi.c +++ b/common/spl/spl_spi.c @@ -105,8 +105,10 @@ static int spl_spi_load_image(struct spl_image_info *spl_image, if (!err) return 0; - printf("%s: Failed in falcon boot: %d, fallback to U-Boot", - __func__, err); + printf("%s: Failed in falcon boot: %d", __func__, err); + if (IS_ENABLED(CONFIG_SPL_OS_BOOT_SECURE)) + return err; + printf("Fallback to U-Boot\n"); } #endif diff --git a/common/spl/spl_ubi.c b/common/spl/spl_ubi.c index 4aecad3470c..25e7599703c 100644 --- a/common/spl/spl_ubi.c +++ b/common/spl/spl_ubi.c @@ -77,6 +77,8 @@ int spl_ubi_load_image(struct spl_image_info *spl_image, return 0; printf("%s: Failed in falcon boot: %d", __func__, ret); + if (IS_ENABLED(CONFIG_SPL_OS_BOOT_SECURE)) + return ret; printf("Fallback to U-Boot\n"); } #endif |