[EXTERNAL] Re: [PATCH v4 23/23] configs: am64x: Enable TI_SECURE_DEV options

Kamlesh Gurudasani kamlesh at ti.com
Mon May 22 15:23:30 CEST 2023


Kamlesh Gurudasani <kamlesh at ti.com> writes:

> Neha Malcom Francis <n-francis at ti.com> writes:
>
>> Hi Andrew
>>
>> On 18/05/23 22:09, Andrew Davis wrote:
>>> On 5/18/23 9:27 AM, Neha Malcom Francis wrote:
>>>> From: Kamlesh Gurudasani <kamlesh at ti.com>
>>>>
>>>> AM64x family of SoCs by default will have some level of security
>>>> enforcement checking. Enable CONFIG_TI_SECURE_DEVICE by default so all
>>>> levels of secure SoCs will boot with binman.
>>>>
>>>> Signed-off-by: Kamlesh Gurudasani <kamlesh at ti.com>
>>>> Signed-off-by: Neha Francis <n-francis at ti.com>
>>>> Signed-off-by: Neha Malcom Francis <n-francis at ti.com>
>>
>> (apologies for the incorrect tags)
>>
>>>> ---
>>> 
>>> This fix is independent of the binman changes and should go
>>> in first anyway to keep bisectability.
>>> 
>>> Andrew
>>> 
>>
>> This fix breaks KIG flow though, which is why it was decided to be put 
>> in along with the binman series.
>>
> If we do not have TI_SECURE_DEV option enabled, generated
> tispl.bin_fs will not have capability too parse signed u-boot.img_fs.
>
> tispl.bin_fs will be able to parse u-boot.img_unsigned.
>
> If we enable TI_SECURE_DEV in KIG flow, only tispl.bin_HS will be
> generated, which breaks the GP flow.
By GP flow, I mean the scripts to support the GP


More information about the U-Boot mailing list