From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew F. Davis <afd@ti.com>
Date: Thu, 16 Feb 2017 08:40:37 -0600
Subject: [U-Boot] [PATCH v5 0/6] Allow disabling non-FIT image loading
 from SPL
In-Reply-To: <20170215235913.GK26129@bill-the-cat>
References: <20170215194551.18732-1-afd@ti.com>
 <20170215235913.GK26129@bill-the-cat>
Message-ID: <c0761a9e-efd9-ee3b-d014-7287b1a9d2e0@ti.com>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

On 02/15/2017 05:59 PM, Tom Rini wrote:
> On Wed, Feb 15, 2017 at 01:45:45PM -0600, Andrew F. Davis wrote:
> 
>> Hello all,
>>
>> To address a needed feature brought up by Andreas[0], we need a way to
>> disable SPL from loading non-FIT images.
>>
>> The function spl_parse_image_header is common to all SPL loading paths
>> (common/spl/spl_(nand|net|nor|etc..)) so we add the check here.
>>
>> This version of the series is a bit different than the last 2 due
>> to suggestions by Simon, instead of a negative option disabling
>> non-FIT images, we allow the other image format's support to be
>> toggled off, and do that on HS boards.
> 
> I think this would be cleaner if we introduce the symbols to be default
> n if TI_SECURE_DEVICE and then we don't have to modify the defconfig
> files.  That said, we should probably do that as a new patch #3 so it's
> clear in the commit history when we default it off.  Thanks!
> 

Hmmm, I'm really not a fan of this, disabling these options is only
needed on a couple boards and so should go in their defconfig, adding
the per-board exceptions to the symbol definition itself will start to
cause massive kconfig bloat.

If you strongly disagree, below is a patch #3, if you take this you can
drop the defconfig patches from this series.

---

Author: Andrew F. Davis <afd@ti.com>
Date:   Thu Feb 16 08:36:08 2017 -0600

    Kconfig: Disable non-FIT SPL loading for TI secure devices

    Non-FIT SPL image loading support should be disabled for TI secure
    devices as the image handlers for those image types do not follow
    our secure boot flow.

    Signed-off-by: Andrew F. Davis <afd@ti.com>

diff --git a/Kconfig b/Kconfig
index 70fd616cb1..3d42e8e06c 100644
--- a/Kconfig
+++ b/Kconfig
@@ -295,7 +295,7 @@ config FIT_IMAGE_POST_PROCESS

 config SPL_RAW_IMAGE_SUPPORT
        bool "Support SPL loading and booting of RAW images"
-       default y
+       default y if !TI_SECURE_DEVICE
        help
          SPL will support loading and booting a RAW image when this option
          is y. If this is not set, SPL will move on to other available
@@ -303,7 +303,7 @@ config SPL_RAW_IMAGE_SUPPORT

 config SPL_LEGACY_IMAGE_SUPPORT
        bool "Support SPL loading and booting of Legacy images"
-       default y
+       default y if !TI_SECURE_DEVICE
        help
          SPL will support loading and booting Legacy images when this
option
          is y. If this is not set, SPL will move on to other available