* [PATCH] configs: am62x: enable secure device configs by default
@ 2023-04-05 22:40 Praneeth Bajjuri
2023-05-05 0:59 ` Tom Rini
0 siblings, 1 reply; 2+ messages in thread
From: Praneeth Bajjuri @ 2023-04-05 22:40 UTC (permalink / raw)
To: praneeth, u-boot, Tom Rini; +Cc: Kamlesh Gurudasani, Bryan Brattlof
Enable the CONFIG_TI_SECURE_DEVICE by default
Non-HS devices will continue to boot due to runtime device type detection.
TI's security enforcing SoCs will authenticate each binary it loads by
comparing it's signature with keys etched into the SoC during the boot
up process. The am62x family of SoCs by default will have some level of
security enforcement checking. To keep things as simple as possible,
enable the CONFIG_TI_SECURE_DEVICE options by default so all levels of
secure SoCs will work out of the box
Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
---
configs/am62x_evm_a53_defconfig | 1 +
configs/am62x_evm_r5_defconfig | 1 +
2 files changed, 2 insertions(+)
diff --git a/configs/am62x_evm_a53_defconfig b/configs/am62x_evm_a53_defconfig
index cc9c8eab3e..fc76d88727 100644
--- a/configs/am62x_evm_a53_defconfig
+++ b/configs/am62x_evm_a53_defconfig
@@ -1,5 +1,6 @@
CONFIG_ARM=y
CONFIG_ARCH_K3=y
+CONFIG_TI_SECURE_DEVICE=y
CONFIG_SYS_MALLOC_F_LEN=0x8000
CONFIG_SPL_LIBCOMMON_SUPPORT=y
CONFIG_SPL_LIBGENERIC_SUPPORT=y
diff --git a/configs/am62x_evm_r5_defconfig b/configs/am62x_evm_r5_defconfig
index 44a9130d99..cab8c820f9 100644
--- a/configs/am62x_evm_r5_defconfig
+++ b/configs/am62x_evm_r5_defconfig
@@ -1,5 +1,6 @@
CONFIG_ARM=y
CONFIG_ARCH_K3=y
+CONFIG_TI_SECURE_DEVICE=y
CONFIG_SYS_MALLOC_LEN=0x08000000
CONFIG_SYS_MALLOC_F_LEN=0x9000
CONFIG_SPL_LIBCOMMON_SUPPORT=y
--
2.17.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] configs: am62x: enable secure device configs by default
2023-04-05 22:40 [PATCH] configs: am62x: enable secure device configs by default Praneeth Bajjuri
@ 2023-05-05 0:59 ` Tom Rini
0 siblings, 0 replies; 2+ messages in thread
From: Tom Rini @ 2023-05-05 0:59 UTC (permalink / raw)
To: Praneeth Bajjuri; +Cc: u-boot, Kamlesh Gurudasani, Bryan Brattlof
[-- Attachment #1: Type: text/plain, Size: 818 bytes --]
On Wed, Apr 05, 2023 at 05:40:47PM -0500, Praneeth Bajjuri wrote:
> Enable the CONFIG_TI_SECURE_DEVICE by default
>
> Non-HS devices will continue to boot due to runtime device type detection.
>
> TI's security enforcing SoCs will authenticate each binary it loads by
> comparing it's signature with keys etched into the SoC during the boot
> up process. The am62x family of SoCs by default will have some level of
> security enforcement checking. To keep things as simple as possible,
> enable the CONFIG_TI_SECURE_DEVICE options by default so all levels of
> secure SoCs will work out of the box
>
> Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
> Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
> Signed-off-by: Bryan Brattlof <bb@ti.com>
Applied to u-boot/master, thanks!
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-05-05 0:59 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-04-05 22:40 [PATCH] configs: am62x: enable secure device configs by default Praneeth Bajjuri
2023-05-05 0:59 ` Tom Rini
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox