Kamlesh Gurudasani <kaml...@ti.com> writes:
> Neha Malcom Francis <n-fran...@ti.com> writes: > >> Hi Andrew >> >> On 18/05/23 22:09, Andrew Davis wrote: >>> On 5/18/23 9:27 AM, Neha Malcom Francis wrote: >>>> From: Kamlesh Gurudasani <kaml...@ti.com> >>>> >>>> AM64x family of SoCs by default will have some level of security >>>> enforcement checking. Enable CONFIG_TI_SECURE_DEVICE by default so all >>>> levels of secure SoCs will boot with binman. >>>> >>>> Signed-off-by: Kamlesh Gurudasani <kaml...@ti.com> >>>> Signed-off-by: Neha Francis <n-fran...@ti.com> >>>> Signed-off-by: Neha Malcom Francis <n-fran...@ti.com> >> >> (apologies for the incorrect tags) >> >>>> --- >>> >>> This fix is independent of the binman changes and should go >>> in first anyway to keep bisectability. >>> >>> Andrew >>> >> >> This fix breaks KIG flow though, which is why it was decided to be put >> in along with the binman series. >> > If we do not have TI_SECURE_DEV option enabled, generated > tispl.bin_fs will not have capability too parse signed u-boot.img_fs. > > tispl.bin_fs will be able to parse u-boot.img_unsigned. > > If we enable TI_SECURE_DEV in KIG flow, only tispl.bin_HS will be > generated, which breaks the GP flow. By GP flow, I mean the scripts to support the GP