Neha Malcom Francis <n-fran...@ti.com> writes: > Hi Andrew > > On 18/05/23 22:09, Andrew Davis wrote: >> On 5/18/23 9:27 AM, Neha Malcom Francis wrote: >>> From: Kamlesh Gurudasani <kaml...@ti.com> >>> >>> AM64x family of SoCs by default will have some level of security >>> enforcement checking. Enable CONFIG_TI_SECURE_DEVICE by default so all >>> levels of secure SoCs will boot with binman. >>> >>> Signed-off-by: Kamlesh Gurudasani <kaml...@ti.com> >>> Signed-off-by: Neha Francis <n-fran...@ti.com> >>> Signed-off-by: Neha Malcom Francis <n-fran...@ti.com> > > (apologies for the incorrect tags) > >>> --- >> >> This fix is independent of the binman changes and should go >> in first anyway to keep bisectability. >> >> Andrew >> > > This fix breaks KIG flow though, which is why it was decided to be put > in along with the binman series. > If we do not have TI_SECURE_DEV option enabled, generated tispl.bin_fs will not have capability too parse signed u-boot.img_fs.
tispl.bin_fs will be able to parse u-boot.img_unsigned. If we enable TI_SECURE_DEV in KIG flow, only tispl.bin_HS will be generated, which breaks the GP flow. Unless, the patch to fix the issue of generating tispl.bin is merged.