[PATCH v4 23/23] configs: am64x: Enable TI_SECURE_DEV options

Kamlesh Gurudasani kamlesh at ti.com
Mon May 22 14:35:45 CEST 2023

Neha Malcom Francis <n-francis at ti.com> writes:

> Hi Andrew
> On 18/05/23 22:09, Andrew Davis wrote:
>> On 5/18/23 9:27 AM, Neha Malcom Francis wrote:
>>> From: Kamlesh Gurudasani <kamlesh at ti.com>
>>> AM64x family of SoCs by default will have some level of security
>>> enforcement checking. Enable CONFIG_TI_SECURE_DEVICE by default so all
>>> levels of secure SoCs will boot with binman.
>>> Signed-off-by: Kamlesh Gurudasani <kamlesh at ti.com>
>>> Signed-off-by: Neha Francis <n-francis at ti.com>
>>> Signed-off-by: Neha Malcom Francis <n-francis at ti.com>
> (apologies for the incorrect tags)
>>> ---
>> This fix is independent of the binman changes and should go
>> in first anyway to keep bisectability.
>> Andrew
> This fix breaks KIG flow though, which is why it was decided to be put 
> in along with the binman series.
If we do not have TI_SECURE_DEV option enabled, generated
tispl.bin_fs will not have capability too parse signed u-boot.img_fs.

tispl.bin_fs will be able to parse u-boot.img_unsigned.

If we enable TI_SECURE_DEV in KIG flow, only tispl.bin_HS will be
generated, which breaks the GP flow.

Unless, the patch to fix the issue of generating tispl.bin is merged.

More information about the U-Boot mailing list