Re: [PATCH 2/2] configs: Make TI_SECURE_DEVICE default for K3
On Thu, Aug 03, 2023 at 09:54:41AM -0500, Andrew Davis wrote: > All K3 boards now are secure by default, instead of setting this in each > defconfig, make it implied by the ARCH config. > > The only exception is IOT2050, which I do not believe will have any > problems with being a TI_SECURE_DEVICE, but for now turn it off to keep > its config the same. > > Signed-off-by: Andrew Davis > Tested-by: Tom Rini Applied to u-boot/master, thanks! -- Tom signature.asc Description: PGP signature
Re: [PATCH 2/2] configs: Make TI_SECURE_DEVICE default for K3
On 03.08.23 16:54, Andrew Davis wrote: > All K3 boards now are secure by default, instead of setting this in each > defconfig, make it implied by the ARCH config. > > The only exception is IOT2050, which I do not believe will have any > problems with being a TI_SECURE_DEVICE, but for now turn it off to keep > its config the same. The IOT2050 firmware is not using TI_SECURE_DEVICE because it serves non-HS devices by default as well. Secure boot on HS devices can be enabled by applying an extra config fragment like [1]. So it's indeed better to keep this off for the IO2050 to avoid untested side effects. E.g., we would probably lose legacy image booting in non-secure mode. Jan [1] https://github.com/siemens/meta-iot2050/blob/master/recipes-bsp/u-boot/files/secure-boot.cfg > > Signed-off-by: Andrew Davis > --- > arch/arm/Kconfig | 1 + > configs/am62ax_evm_a53_defconfig | 1 - > configs/am62ax_evm_r5_defconfig | 1 - > configs/am62x_evm_a53_defconfig | 1 - > configs/am62x_evm_r5_defconfig | 1 - > configs/am64x_evm_a53_defconfig | 1 - > configs/am64x_evm_r5_defconfig | 1 - > configs/iot2050_defconfig| 1 + > configs/j7200_evm_a72_defconfig | 1 - > configs/j7200_evm_r5_defconfig | 1 - > configs/j721e_evm_a72_defconfig | 1 - > configs/j721e_evm_r5_defconfig | 1 - > configs/j721s2_evm_a72_defconfig | 1 - > configs/j721s2_evm_r5_defconfig | 1 - > 14 files changed, 2 insertions(+), 12 deletions(-) > > diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig > index 97c25b4f146..8ad6c5582ce 100644 > --- a/arch/arm/Kconfig > +++ b/arch/arm/Kconfig > @@ -787,6 +787,7 @@ config ARCH_K3 > select FIT > select REGEX > select FIT_SIGNATURE if ARM64 > + imply TI_SECURE_DEVICE > > config ARCH_OMAP2PLUS > bool "TI OMAP2+" > diff --git a/configs/am62ax_evm_a53_defconfig > b/configs/am62ax_evm_a53_defconfig > index 773cf3a591c..d0a34c75505 100644 > --- a/configs/am62ax_evm_a53_defconfig > +++ b/configs/am62ax_evm_a53_defconfig > @@ -1,6 +1,5 @@ > CONFIG_ARM=y > CONFIG_ARCH_K3=y > -CONFIG_TI_SECURE_DEVICE=y > CONFIG_SYS_MALLOC_F_LEN=0x8000 > CONFIG_SPL_LIBCOMMON_SUPPORT=y > CONFIG_SPL_LIBGENERIC_SUPPORT=y > diff --git a/configs/am62ax_evm_r5_defconfig b/configs/am62ax_evm_r5_defconfig > index 05c30cbba19..2c1110d227f 100644 > --- a/configs/am62ax_evm_r5_defconfig > +++ b/configs/am62ax_evm_r5_defconfig > @@ -1,6 +1,5 @@ > CONFIG_ARM=y > CONFIG_ARCH_K3=y > -CONFIG_TI_SECURE_DEVICE=y > CONFIG_SYS_MALLOC_F_LEN=0x9000 > CONFIG_SPL_LIBCOMMON_SUPPORT=y > CONFIG_SPL_LIBGENERIC_SUPPORT=y > diff --git a/configs/am62x_evm_a53_defconfig b/configs/am62x_evm_a53_defconfig > index d55caabe22c..1d05cecbcde 100644 > --- a/configs/am62x_evm_a53_defconfig > +++ b/configs/am62x_evm_a53_defconfig > @@ -1,6 +1,5 @@ > CONFIG_ARM=y > CONFIG_ARCH_K3=y > -CONFIG_TI_SECURE_DEVICE=y > CONFIG_SYS_MALLOC_F_LEN=0x8000 > CONFIG_SPL_LIBCOMMON_SUPPORT=y > CONFIG_SPL_LIBGENERIC_SUPPORT=y > diff --git a/configs/am62x_evm_r5_defconfig b/configs/am62x_evm_r5_defconfig > index 3c5f3672984..9dd2930dc89 100644 > --- a/configs/am62x_evm_r5_defconfig > +++ b/configs/am62x_evm_r5_defconfig > @@ -1,6 +1,5 @@ > CONFIG_ARM=y > CONFIG_ARCH_K3=y > -CONFIG_TI_SECURE_DEVICE=y > CONFIG_SYS_MALLOC_LEN=0x0800 > CONFIG_SYS_MALLOC_F_LEN=0x9000 > CONFIG_SPL_LIBCOMMON_SUPPORT=y > diff --git a/configs/am64x_evm_a53_defconfig b/configs/am64x_evm_a53_defconfig > index 9bdb767f9e6..d1d46c61075 100644 > --- a/configs/am64x_evm_a53_defconfig > +++ b/configs/am64x_evm_a53_defconfig > @@ -1,7 +1,6 @@ > CONFIG_ARM=y > CONFIG_SKIP_LOWLEVEL_INIT=y > CONFIG_ARCH_K3=y > -CONFIG_TI_SECURE_DEVICE=y > CONFIG_SYS_MALLOC_LEN=0x200 > CONFIG_SYS_MALLOC_F_LEN=0x8000 > CONFIG_SPL_GPIO=y > diff --git a/configs/am64x_evm_r5_defconfig b/configs/am64x_evm_r5_defconfig > index 45d32658cff..96cb437b10b 100644 > --- a/configs/am64x_evm_r5_defconfig > +++ b/configs/am64x_evm_r5_defconfig > @@ -1,6 +1,5 @@ > CONFIG_ARM=y > CONFIG_ARCH_K3=y > -CONFIG_TI_SECURE_DEVICE=y > CONFIG_SYS_MALLOC_LEN=0x200 > CONFIG_SYS_MALLOC_F_LEN=0x8 > CONFIG_SPL_GPIO=y > diff --git a/configs/iot2050_defconfig b/configs/iot2050_defconfig > index bcbaa92ee89..ad9217ff86a 100644 > --- a/configs/iot2050_defconfig > +++ b/configs/iot2050_defconfig > @@ -1,6 +1,7 @@ > CONFIG_ARM=y > CONFIG_SKIP_LOWLEVEL_INIT=y > CONFIG_ARCH_K3=y > +# CONFIG_TI_SECURE_DEVICE is not set > CONFIG_SYS_MALLOC_LEN=0x200 > CONFIG_SYS_MALLOC_F_LEN=0x8000 > CONFIG_SPL_GPIO=y > diff --git a/configs/j7200_evm_a72_defconfig b/configs/j7200_evm_a72_defconfig > index c68d52537e5..a9f5d36ffe3 100644 > --- a/configs/j7200_evm_a72_defconfig > +++ b/configs/j7200_evm_a72_defconfig > @@ -1,6 +1,5 @@ > CONFIG_ARM=y > CONFIG_ARCH_K3=y > -CONFIG_TI_SECURE_DEVICE=y > CONFIG_SYS_MALLOC_LEN=0x200 > CONFIG_SYS_MALLOC_F_LEN=0x8000 > CONFIG_SPL_GPIO=y > diff --git a/configs/j7200_evm_r5_defconfig b/configs/j7200_evm_r5_defconfig > index
Re: [PATCH 2/2] configs: Make TI_SECURE_DEVICE default for K3
On Thu, Aug 03, 2023 at 09:54:41AM -0500, Andrew Davis wrote: > All K3 boards now are secure by default, instead of setting this in each > defconfig, make it implied by the ARCH config. > > The only exception is IOT2050, which I do not believe will have any > problems with being a TI_SECURE_DEVICE, but for now turn it off to keep > its config the same. > > Signed-off-by: Andrew Davis On my J721E GP EVM: Tested-by: Tom Rini -- Tom signature.asc Description: PGP signature
[PATCH 2/2] configs: Make TI_SECURE_DEVICE default for K3
All K3 boards now are secure by default, instead of setting this in each defconfig, make it implied by the ARCH config. The only exception is IOT2050, which I do not believe will have any problems with being a TI_SECURE_DEVICE, but for now turn it off to keep its config the same. Signed-off-by: Andrew Davis --- arch/arm/Kconfig | 1 + configs/am62ax_evm_a53_defconfig | 1 - configs/am62ax_evm_r5_defconfig | 1 - configs/am62x_evm_a53_defconfig | 1 - configs/am62x_evm_r5_defconfig | 1 - configs/am64x_evm_a53_defconfig | 1 - configs/am64x_evm_r5_defconfig | 1 - configs/iot2050_defconfig| 1 + configs/j7200_evm_a72_defconfig | 1 - configs/j7200_evm_r5_defconfig | 1 - configs/j721e_evm_a72_defconfig | 1 - configs/j721e_evm_r5_defconfig | 1 - configs/j721s2_evm_a72_defconfig | 1 - configs/j721s2_evm_r5_defconfig | 1 - 14 files changed, 2 insertions(+), 12 deletions(-) diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 97c25b4f146..8ad6c5582ce 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -787,6 +787,7 @@ config ARCH_K3 select FIT select REGEX select FIT_SIGNATURE if ARM64 + imply TI_SECURE_DEVICE config ARCH_OMAP2PLUS bool "TI OMAP2+" diff --git a/configs/am62ax_evm_a53_defconfig b/configs/am62ax_evm_a53_defconfig index 773cf3a591c..d0a34c75505 100644 --- a/configs/am62ax_evm_a53_defconfig +++ b/configs/am62ax_evm_a53_defconfig @@ -1,6 +1,5 @@ CONFIG_ARM=y CONFIG_ARCH_K3=y -CONFIG_TI_SECURE_DEVICE=y CONFIG_SYS_MALLOC_F_LEN=0x8000 CONFIG_SPL_LIBCOMMON_SUPPORT=y CONFIG_SPL_LIBGENERIC_SUPPORT=y diff --git a/configs/am62ax_evm_r5_defconfig b/configs/am62ax_evm_r5_defconfig index 05c30cbba19..2c1110d227f 100644 --- a/configs/am62ax_evm_r5_defconfig +++ b/configs/am62ax_evm_r5_defconfig @@ -1,6 +1,5 @@ CONFIG_ARM=y CONFIG_ARCH_K3=y -CONFIG_TI_SECURE_DEVICE=y CONFIG_SYS_MALLOC_F_LEN=0x9000 CONFIG_SPL_LIBCOMMON_SUPPORT=y CONFIG_SPL_LIBGENERIC_SUPPORT=y diff --git a/configs/am62x_evm_a53_defconfig b/configs/am62x_evm_a53_defconfig index d55caabe22c..1d05cecbcde 100644 --- a/configs/am62x_evm_a53_defconfig +++ b/configs/am62x_evm_a53_defconfig @@ -1,6 +1,5 @@ CONFIG_ARM=y CONFIG_ARCH_K3=y -CONFIG_TI_SECURE_DEVICE=y CONFIG_SYS_MALLOC_F_LEN=0x8000 CONFIG_SPL_LIBCOMMON_SUPPORT=y CONFIG_SPL_LIBGENERIC_SUPPORT=y diff --git a/configs/am62x_evm_r5_defconfig b/configs/am62x_evm_r5_defconfig index 3c5f3672984..9dd2930dc89 100644 --- a/configs/am62x_evm_r5_defconfig +++ b/configs/am62x_evm_r5_defconfig @@ -1,6 +1,5 @@ CONFIG_ARM=y CONFIG_ARCH_K3=y -CONFIG_TI_SECURE_DEVICE=y CONFIG_SYS_MALLOC_LEN=0x0800 CONFIG_SYS_MALLOC_F_LEN=0x9000 CONFIG_SPL_LIBCOMMON_SUPPORT=y diff --git a/configs/am64x_evm_a53_defconfig b/configs/am64x_evm_a53_defconfig index 9bdb767f9e6..d1d46c61075 100644 --- a/configs/am64x_evm_a53_defconfig +++ b/configs/am64x_evm_a53_defconfig @@ -1,7 +1,6 @@ CONFIG_ARM=y CONFIG_SKIP_LOWLEVEL_INIT=y CONFIG_ARCH_K3=y -CONFIG_TI_SECURE_DEVICE=y CONFIG_SYS_MALLOC_LEN=0x200 CONFIG_SYS_MALLOC_F_LEN=0x8000 CONFIG_SPL_GPIO=y diff --git a/configs/am64x_evm_r5_defconfig b/configs/am64x_evm_r5_defconfig index 45d32658cff..96cb437b10b 100644 --- a/configs/am64x_evm_r5_defconfig +++ b/configs/am64x_evm_r5_defconfig @@ -1,6 +1,5 @@ CONFIG_ARM=y CONFIG_ARCH_K3=y -CONFIG_TI_SECURE_DEVICE=y CONFIG_SYS_MALLOC_LEN=0x200 CONFIG_SYS_MALLOC_F_LEN=0x8 CONFIG_SPL_GPIO=y diff --git a/configs/iot2050_defconfig b/configs/iot2050_defconfig index bcbaa92ee89..ad9217ff86a 100644 --- a/configs/iot2050_defconfig +++ b/configs/iot2050_defconfig @@ -1,6 +1,7 @@ CONFIG_ARM=y CONFIG_SKIP_LOWLEVEL_INIT=y CONFIG_ARCH_K3=y +# CONFIG_TI_SECURE_DEVICE is not set CONFIG_SYS_MALLOC_LEN=0x200 CONFIG_SYS_MALLOC_F_LEN=0x8000 CONFIG_SPL_GPIO=y diff --git a/configs/j7200_evm_a72_defconfig b/configs/j7200_evm_a72_defconfig index c68d52537e5..a9f5d36ffe3 100644 --- a/configs/j7200_evm_a72_defconfig +++ b/configs/j7200_evm_a72_defconfig @@ -1,6 +1,5 @@ CONFIG_ARM=y CONFIG_ARCH_K3=y -CONFIG_TI_SECURE_DEVICE=y CONFIG_SYS_MALLOC_LEN=0x200 CONFIG_SYS_MALLOC_F_LEN=0x8000 CONFIG_SPL_GPIO=y diff --git a/configs/j7200_evm_r5_defconfig b/configs/j7200_evm_r5_defconfig index c4dd33627bd..0da16f25a23 100644 --- a/configs/j7200_evm_r5_defconfig +++ b/configs/j7200_evm_r5_defconfig @@ -1,6 +1,5 @@ CONFIG_ARM=y CONFIG_ARCH_K3=y -CONFIG_TI_SECURE_DEVICE=y CONFIG_SYS_MALLOC_LEN=0x200 CONFIG_SYS_MALLOC_F_LEN=0x7 CONFIG_SPL_GPIO=y diff --git a/configs/j721e_evm_a72_defconfig b/configs/j721e_evm_a72_defconfig index 525f150e91d..af784c4e005 100644 --- a/configs/j721e_evm_a72_defconfig +++ b/configs/j721e_evm_a72_defconfig @@ -1,6 +1,5 @@ CONFIG_ARM=y CONFIG_ARCH_K3=y -CONFIG_TI_SECURE_DEVICE=y CONFIG_SYS_MALLOC_LEN=0x200 CONFIG_SYS_MALLOC_F_LEN=0x8000 CONFIG_SPL_GPIO=y diff --git a/configs/j721e_evm_r5_defconfig b/configs/j721e_evm_r5_defconfig index cf7bc872b5f..f6dba64530c 100644 ---
