[PATCH] binman: ti-secure: Enable debug extension for combined boot

[Manorit Chawdhry]

To debug using jtag, ROM needs to unlock jtag debugging on HS devices
and it does that looking at this debug extension.

Add the debug extension and enable it by default.

Link: https://software-dl.ti.com/tisci/esd/latest/2_tisci_msgs/security/sec_cert_format.html?highlight=debug#sysfw-debug-ext
Signed-off-by: Manorit Chawdhry <m-chawdhry at ti.com>
---
Keeping this enabled by default as this is enabled for non-combined boot
as well by default.
---
 tools/binman/btool/openssl.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/tools/binman/btool/openssl.py b/tools/binman/btool/openssl.py
index fe81a1f51b1e..c6df64c5316d 100644
--- a/tools/binman/btool/openssl.py
+++ b/tools/binman/btool/openssl.py
@@ -283,6 +283,7 @@ emailAddress           = {req_dist_name_dict['emailAddress']}
 basicConstraints = CA:true
 1.3.6.1.4.1.294.1.3=ASN1:SEQUENCE:swrv
 1.3.6.1.4.1.294.1.9=ASN1:SEQUENCE:ext_boot_info
+1.3.6.1.4.1.294.1.8=ASN1:SEQUENCE:debug
 
 [swrv]
 swrv=INTEGER:{sw_rev}
@@ -323,6 +324,12 @@ compSize = INTEGER:{imagesize_sysfw_data}
 shaType  = OID:{sha_type}
 shaValue = FORMAT:HEX,OCT:{hashval_sysfw_data}
 
+[ debug ]
+debugUID = FORMAT:HEX,OCT:0000000000000000000000000000000000000000000000000000000000000000
+debugType = INTEGER:4
+coreDbgEn = INTEGER:0
+coreDbgSecEn = INTEGER:0
+
 {sysfw_inner_cert_ext_boot_block}
 
 {dm_data_ext_boot_block}

---
base-commit: fb49d6c289d942ff7de309a5c5eaa37a7f4235db
change-id: 20240326-b4-upstream-jtag-debug-unlock-6fc21e344cfb

Best regards,
-- 
Manorit Chawdhry <m-chawdhry at ti.com>