Cover Letter Detail
Show a cover letter.
GET /api/covers/2140914/?format=api
{ "id": 2140914, "url": "http://patchwork.ozlabs.org/api/covers/2140914/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/cover/20250923124639.667718-1-anshuld@ti.com/", "project": { "id": 18, "url": "http://patchwork.ozlabs.org/api/projects/18/?format=api", "name": "U-Boot", "link_name": "uboot", "list_id": "u-boot.lists.denx.de", "list_email": "u-boot@lists.denx.de", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20250923124639.667718-1-anshuld@ti.com>", "list_archive_url": null, "date": "2025-09-23T12:46:34", "name": "[v3,0/4] Add support for secure falcon mode: load kernel image before args", "submitter": { "id": 90324, "url": "http://patchwork.ozlabs.org/api/people/90324/?format=api", "name": "Anshul Dalal", "email": "anshuld@ti.com" }, "mbox": "http://patchwork.ozlabs.org/project/uboot/cover/20250923124639.667718-1-anshuld@ti.com/mbox/", "series": [ { "id": 474844, "url": "http://patchwork.ozlabs.org/api/series/474844/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/list/?series=474844", "date": "2025-09-23T12:46:35", "name": "Add support for secure falcon mode: load kernel image before args", "version": 3, "mbox": "http://patchwork.ozlabs.org/series/474844/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/covers/2140914/comments/", "headers": { "Return-Path": "<u-boot-bounces@lists.denx.de>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=ti.com header.i=@ti.com header.a=rsa-sha256\n header.s=ti-com-17Q1 header.b=GtWlqwgZ;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)", "phobos.denx.de;\n dmarc=pass (p=quarantine dis=none) header.from=ti.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de", "phobos.denx.de;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=ti.com header.i=@ti.com header.b=\"GtWlqwgZ\";\n\tdkim-atps=neutral", "phobos.denx.de;\n dmarc=pass (p=quarantine dis=none) header.from=ti.com", "phobos.denx.de; spf=pass smtp.mailfrom=anshuld@ti.com" ], "Received": [ "from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4cWKVs6wG8z1y2d\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 23 Sep 2025 22:47:01 +1000 (AEST)", "from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 8198E834D4;\n\tTue, 23 Sep 2025 14:46:53 +0200 (CEST)", "by phobos.denx.de (Postfix, from userid 109)\n id 9D261833E9; Tue, 23 Sep 2025 14:46:50 +0200 (CEST)", "from lelvem-ot02.ext.ti.com (lelvem-ot02.ext.ti.com [198.47.23.235])\n (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n bits)) (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id 5418F800B6\n for <u-boot@lists.denx.de>; Tue, 23 Sep 2025 14:46:47 +0200 (CEST)", "from lelvem-sh01.itg.ti.com ([10.180.77.71])\n by lelvem-ot02.ext.ti.com (8.15.2/8.15.2) with ESMTP id 58NCkg0U1476281;\n Tue, 23 Sep 2025 07:46:42 -0500", "from DLEE104.ent.ti.com (dlee104.ent.ti.com [157.170.170.34])\n by lelvem-sh01.itg.ti.com (8.18.1/8.18.1) with ESMTPS id 58NCkgbl1083045\n (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA256 bits=128 verify=FAIL);\n Tue, 23 Sep 2025 07:46:42 -0500", "from DLEE200.ent.ti.com (157.170.170.75) by DLEE104.ent.ti.com\n (157.170.170.34) with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.55; Tue, 23\n Sep 2025 07:46:41 -0500", "from lelvem-mr06.itg.ti.com (10.180.75.8) by DLEE200.ent.ti.com\n (157.170.170.75) with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20 via Frontend\n Transport; Tue, 23 Sep 2025 07:46:41 -0500", "from localhost (dhcp-172-24-233-105.dhcp.ti.com [172.24.233.105])\n by lelvem-mr06.itg.ti.com (8.18.1/8.18.1) with ESMTP id 58NCkesX056538;\n Tue, 23 Sep 2025 07:46:41 -0500" ], "X-Spam-Checker-Version": "SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de", "X-Spam-Level": "", "X-Spam-Status": "No, score=-2.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,\n DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,\n RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,\n RCVD_IN_VALIDITY_RPBL_BLOCKED,SPF_HELO_PASS,SPF_PASS autolearn=ham\n autolearn_force=no version=3.4.2", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com;\n s=ti-com-17Q1; t=1758631602;\n bh=7cjS7JxjhCE57NtnyzstoxVVGevGCTAAYF6blYMvBTM=;\n h=From:To:CC:Subject:Date;\n b=GtWlqwgZbnpCRk+21dSX/xgumMGcTWz07So0JHE1wocEMGU6iSddW4XT165m1BGUj\n K6yN38mYzvfA45jU0QQADNWA1f1a4Pi/S5GjiuNlM6Bio/DdOVa9hRcaZrNYP5YtmB\n 9ZCDE0L9uUtPBRS4lUccwDm8RnBbB4r6gE5PIMVM=", "From": "Anshul Dalal <anshuld@ti.com>", "To": "<u-boot@lists.denx.de>", "CC": "Anshul Dalal <anshuld@ti.com>, <vigneshr@ti.com>, <trini@konsulko.com>,\n <afd@ti.com>, <m-chawdhry@ti.com>, <n-francis@ti.com>, <b-liu@ti.com>,\n <nm@ti.com>, <bb@ti.com>, <kever.yang@rock-chips.com>,\n <hl@rock-chips.com>, <tim@feathertop.org>,\n <marek.vasut+renesas@mailbox.org>", "Subject": "[PATCH v3 0/4] Add support for secure falcon mode: load kernel image\n before args", "Date": "Tue, 23 Sep 2025 18:16:34 +0530", "Message-ID": "<20250923124639.667718-1-anshuld@ti.com>", "X-Mailer": "git-send-email 2.51.0", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-C2ProcessedOrg": "333ef613-75bf-4e12-a4b1-8e3623f5dcea", "X-BeenThere": "u-boot@lists.denx.de", "X-Mailman-Version": "2.1.39", "Precedence": "list", "List-Id": "U-Boot discussion <u-boot.lists.denx.de>", "List-Unsubscribe": "<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>", "List-Archive": "<https://lists.denx.de/pipermail/u-boot/>", "List-Post": "<mailto:u-boot@lists.denx.de>", "List-Help": "<mailto:u-boot-request@lists.denx.de?subject=help>", "List-Subscribe": "<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>", "Errors-To": "u-boot-bounces@lists.denx.de", "Sender": "\"U-Boot\" <u-boot-bounces@lists.denx.de>", "X-Virus-Scanned": "clamav-milter 0.103.8 at phobos.denx.de", "X-Virus-Status": "Clean" }, "content": "Hi all,\n\nDuring the implementation of falcon mode for TI's K3 devices [1], I encountered\nseveral limitations in regards to the current falcon mode support in U-Boot\nespecially in ensuring a secure boot flow.\n\nAlthough the current implementation allows for loading of a signed fitImage as\nthe SPL payload, there are still a few edge cases that might allow bypassing the\nverified boot path.\n\nThe following issues with current falcon mode need to be resolved:\n\n1) No fallback:\n We currently fallback to regular boot flow if falcon mode fails,\n this might not be secure.\n\n2) No arguments file:\n We currently load a kernel file (which could be a raw image or FIT)\n alongside an args file (usually the DT). The args file here doesn't have\n any verification mechanism, so should be skipped altogether as the FIT can\n contain the DT.\n\n3) No access to env:\n In ext and fat fs boot, currently we also reads the environment to get the\n names of the kernel and the arg file. This should be disabled in secure\n falcon flow as the env might not be secure.\n\n4) No raw image boot:\n Boot should fail when the kernel file is a raw kernel image, only FIT should\n be allowed.\n\nAs per the recommendation of maintainers[2], I have decided to split the above\nset of tasks into multiple patch series. This is the first one which fixes the\nload order of kernel image and the args file in falcon mode. Along with some\nminor cleanup.\n\nRegards,\nAnshul\n\n[1]: https://lore.kernel.org/u-boot/20250603142452.2707171-1-anshuld@ti.com/\n[2]: https://lore.kernel.org/u-boot/20250911172313.GT124814@bill-the-cat/\n\n---\nChanges in v3:\n - Remove extra added prints\n - More cleanup of CONFIG_SPL_LIBCOMMON_SUPPORT in the last patch\n\nv2: https://lore.kernel.org/u-boot/20250916103542.104773-1-anshuld@ti.com/\n\nChanges in v2:\n - Split series into multiple:\n 1. Fix load order of kernel image and args file in MMC/FS boot (this series)\n 2. Prevent fallback to U-Boot proper in falcon mode\n 3. Remove the need for args file in falcon mode\n 4. Disable env in falcon mode\n 5. Fixes such as disabling booting raw images\n - Add call to ext4fs_set_blk_dev and ext4fs_mount for args file\n - Add maintainers of platforms with SPL_OPTEE_IMAGE in CC\n - Pick up R-by tags\n\nv1: https://lore.kernel.org/u-boot/20250911131414.3296697-1-anshuld@ti.com/\n---\nAnshul Dalal (4):\n spl: fat: load kernel image before args in falcon\n spl: ext: load kernel image before args in falcon\n spl: mmc: load kernel image before args in falcon\n spl: ext,fat: cleanup use of CONFIG_SPL_LIBCOMMON_SUPPORT\n\n common/spl/spl_ext.c | 64 +++++++++++++++++++++++---------------------\n common/spl/spl_fat.c | 47 ++++++++++++++++----------------\n common/spl/spl_mmc.c | 20 +++++++-------\n 3 files changed, 68 insertions(+), 63 deletions(-)" }