[PATCH 2/2] configs: Make TI_SECURE_DEVICE default for K3

Jan Kiszka jan.kiszka at siemens.com
Wed Aug 9 08:08:09 CEST 2023 

On 03.08.23 16:54, Andrew Davis wrote:
> All K3 boards now are secure by default, instead of setting this in each
> defconfig, make it implied by the ARCH config.
> 
> The only exception is IOT2050, which I do not believe will have any
> problems with being a TI_SECURE_DEVICE, but for now turn it off to keep
> its config the same.

The IOT2050 firmware is not using TI_SECURE_DEVICE because it serves
non-HS devices by default as well. Secure boot on HS devices can be
enabled by applying an extra config fragment like [1].

So it's indeed better to keep this off for the IO2050 to avoid untested
side effects. E.g., we would probably lose legacy image booting in
non-secure mode.

Jan

[1]
https://github.com/siemens/meta-iot2050/blob/master/recipes-bsp/u-boot/files/secure-boot.cfg

> 
> Signed-off-by: Andrew Davis <afd at ti.com>
> ---
>  arch/arm/Kconfig                 | 1 +
>  configs/am62ax_evm_a53_defconfig | 1 -
>  configs/am62ax_evm_r5_defconfig  | 1 -
>  configs/am62x_evm_a53_defconfig  | 1 -
>  configs/am62x_evm_r5_defconfig   | 1 -
>  configs/am64x_evm_a53_defconfig  | 1 -
>  configs/am64x_evm_r5_defconfig   | 1 -
>  configs/iot2050_defconfig        | 1 +
>  configs/j7200_evm_a72_defconfig  | 1 -
>  configs/j7200_evm_r5_defconfig   | 1 -
>  configs/j721e_evm_a72_defconfig  | 1 -
>  configs/j721e_evm_r5_defconfig   | 1 -
>  configs/j721s2_evm_a72_defconfig | 1 -
>  configs/j721s2_evm_r5_defconfig  | 1 -
>  14 files changed, 2 insertions(+), 12 deletions(-)
> 
> diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
> index 97c25b4f146..8ad6c5582ce 100644
> --- a/arch/arm/Kconfig
> +++ b/arch/arm/Kconfig
> @@ -787,6 +787,7 @@ config ARCH_K3
>  	select FIT
>  	select REGEX
>  	select FIT_SIGNATURE if ARM64
> +	imply TI_SECURE_DEVICE
>  
>  config ARCH_OMAP2PLUS
>  	bool "TI OMAP2+"
> diff --git a/configs/am62ax_evm_a53_defconfig b/configs/am62ax_evm_a53_defconfig
> index 773cf3a591c..d0a34c75505 100644
> --- a/configs/am62ax_evm_a53_defconfig
> +++ b/configs/am62ax_evm_a53_defconfig
> @@ -1,6 +1,5 @@
>  CONFIG_ARM=y
>  CONFIG_ARCH_K3=y
> -CONFIG_TI_SECURE_DEVICE=y
>  CONFIG_SYS_MALLOC_F_LEN=0x8000
>  CONFIG_SPL_LIBCOMMON_SUPPORT=y
>  CONFIG_SPL_LIBGENERIC_SUPPORT=y
> diff --git a/configs/am62ax_evm_r5_defconfig b/configs/am62ax_evm_r5_defconfig
> index 05c30cbba19..2c1110d227f 100644
> --- a/configs/am62ax_evm_r5_defconfig
> +++ b/configs/am62ax_evm_r5_defconfig
> @@ -1,6 +1,5 @@
>  CONFIG_ARM=y
>  CONFIG_ARCH_K3=y
> -CONFIG_TI_SECURE_DEVICE=y
>  CONFIG_SYS_MALLOC_F_LEN=0x9000
>  CONFIG_SPL_LIBCOMMON_SUPPORT=y
>  CONFIG_SPL_LIBGENERIC_SUPPORT=y
> diff --git a/configs/am62x_evm_a53_defconfig b/configs/am62x_evm_a53_defconfig
> index d55caabe22c..1d05cecbcde 100644
> --- a/configs/am62x_evm_a53_defconfig
> +++ b/configs/am62x_evm_a53_defconfig
> @@ -1,6 +1,5 @@
>  CONFIG_ARM=y
>  CONFIG_ARCH_K3=y
> -CONFIG_TI_SECURE_DEVICE=y
>  CONFIG_SYS_MALLOC_F_LEN=0x8000
>  CONFIG_SPL_LIBCOMMON_SUPPORT=y
>  CONFIG_SPL_LIBGENERIC_SUPPORT=y
> diff --git a/configs/am62x_evm_r5_defconfig b/configs/am62x_evm_r5_defconfig
> index 3c5f3672984..9dd2930dc89 100644
> --- a/configs/am62x_evm_r5_defconfig
> +++ b/configs/am62x_evm_r5_defconfig
> @@ -1,6 +1,5 @@
>  CONFIG_ARM=y
>  CONFIG_ARCH_K3=y
> -CONFIG_TI_SECURE_DEVICE=y
>  CONFIG_SYS_MALLOC_LEN=0x08000000
>  CONFIG_SYS_MALLOC_F_LEN=0x9000
>  CONFIG_SPL_LIBCOMMON_SUPPORT=y
> diff --git a/configs/am64x_evm_a53_defconfig b/configs/am64x_evm_a53_defconfig
> index 9bdb767f9e6..d1d46c61075 100644
> --- a/configs/am64x_evm_a53_defconfig
> +++ b/configs/am64x_evm_a53_defconfig
> @@ -1,7 +1,6 @@
>  CONFIG_ARM=y
>  CONFIG_SKIP_LOWLEVEL_INIT=y
>  CONFIG_ARCH_K3=y
> -CONFIG_TI_SECURE_DEVICE=y
>  CONFIG_SYS_MALLOC_LEN=0x2000000
>  CONFIG_SYS_MALLOC_F_LEN=0x8000
>  CONFIG_SPL_GPIO=y
> diff --git a/configs/am64x_evm_r5_defconfig b/configs/am64x_evm_r5_defconfig
> index 45d32658cff..96cb437b10b 100644
> --- a/configs/am64x_evm_r5_defconfig
> +++ b/configs/am64x_evm_r5_defconfig
> @@ -1,6 +1,5 @@
>  CONFIG_ARM=y
>  CONFIG_ARCH_K3=y
> -CONFIG_TI_SECURE_DEVICE=y
>  CONFIG_SYS_MALLOC_LEN=0x2000000
>  CONFIG_SYS_MALLOC_F_LEN=0x80000
>  CONFIG_SPL_GPIO=y
> diff --git a/configs/iot2050_defconfig b/configs/iot2050_defconfig
> index bcbaa92ee89..ad9217ff86a 100644
> --- a/configs/iot2050_defconfig
> +++ b/configs/iot2050_defconfig
> @@ -1,6 +1,7 @@
>  CONFIG_ARM=y
>  CONFIG_SKIP_LOWLEVEL_INIT=y
>  CONFIG_ARCH_K3=y
> +# CONFIG_TI_SECURE_DEVICE is not set
>  CONFIG_SYS_MALLOC_LEN=0x2000000
>  CONFIG_SYS_MALLOC_F_LEN=0x8000
>  CONFIG_SPL_GPIO=y
> diff --git a/configs/j7200_evm_a72_defconfig b/configs/j7200_evm_a72_defconfig
> index c68d52537e5..a9f5d36ffe3 100644
> --- a/configs/j7200_evm_a72_defconfig
> +++ b/configs/j7200_evm_a72_defconfig
> @@ -1,6 +1,5 @@
>  CONFIG_ARM=y
>  CONFIG_ARCH_K3=y
> -CONFIG_TI_SECURE_DEVICE=y
>  CONFIG_SYS_MALLOC_LEN=0x2000000
>  CONFIG_SYS_MALLOC_F_LEN=0x8000
>  CONFIG_SPL_GPIO=y
> diff --git a/configs/j7200_evm_r5_defconfig b/configs/j7200_evm_r5_defconfig
> index c4dd33627bd..0da16f25a23 100644
> --- a/configs/j7200_evm_r5_defconfig
> +++ b/configs/j7200_evm_r5_defconfig
> @@ -1,6 +1,5 @@
>  CONFIG_ARM=y
>  CONFIG_ARCH_K3=y
> -CONFIG_TI_SECURE_DEVICE=y
>  CONFIG_SYS_MALLOC_LEN=0x2000000
>  CONFIG_SYS_MALLOC_F_LEN=0x70000
>  CONFIG_SPL_GPIO=y
> diff --git a/configs/j721e_evm_a72_defconfig b/configs/j721e_evm_a72_defconfig
> index 525f150e91d..af784c4e005 100644
> --- a/configs/j721e_evm_a72_defconfig
> +++ b/configs/j721e_evm_a72_defconfig
> @@ -1,6 +1,5 @@
>  CONFIG_ARM=y
>  CONFIG_ARCH_K3=y
> -CONFIG_TI_SECURE_DEVICE=y
>  CONFIG_SYS_MALLOC_LEN=0x2000000
>  CONFIG_SYS_MALLOC_F_LEN=0x8000
>  CONFIG_SPL_GPIO=y
> diff --git a/configs/j721e_evm_r5_defconfig b/configs/j721e_evm_r5_defconfig
> index cf7bc872b5f..f6dba64530c 100644
> --- a/configs/j721e_evm_r5_defconfig
> +++ b/configs/j721e_evm_r5_defconfig
> @@ -1,6 +1,5 @@
>  CONFIG_ARM=y
>  CONFIG_ARCH_K3=y
> -CONFIG_TI_SECURE_DEVICE=y
>  CONFIG_SYS_MALLOC_LEN=0x2000000
>  CONFIG_SYS_MALLOC_F_LEN=0x70000
>  CONFIG_SPL_GPIO=y
> diff --git a/configs/j721s2_evm_a72_defconfig b/configs/j721s2_evm_a72_defconfig
> index d59f3156d10..7b7f3dc08e4 100644
> --- a/configs/j721s2_evm_a72_defconfig
> +++ b/configs/j721s2_evm_a72_defconfig
> @@ -1,6 +1,5 @@
>  CONFIG_ARM=y
>  CONFIG_ARCH_K3=y
> -CONFIG_TI_SECURE_DEVICE=y
>  CONFIG_SYS_MALLOC_LEN=0x2000000
>  CONFIG_SYS_MALLOC_F_LEN=0x8000
>  CONFIG_SPL_GPIO=y
> diff --git a/configs/j721s2_evm_r5_defconfig b/configs/j721s2_evm_r5_defconfig
> index 1e66ac23d05..39467e0d00e 100644
> --- a/configs/j721s2_evm_r5_defconfig
> +++ b/configs/j721s2_evm_r5_defconfig
> @@ -1,6 +1,5 @@
>  CONFIG_ARM=y
>  CONFIG_ARCH_K3=y
> -CONFIG_TI_SECURE_DEVICE=y
>  CONFIG_SYS_MALLOC_LEN=0x2000000
>  CONFIG_SYS_MALLOC_F_LEN=0x10000
>  CONFIG_SPL_GPIO=y

-- 
Siemens AG, Technology
Linux Expert Center

More information about the U-Boot mailing list