configs: am62ax: enable secure device configs by default

Message ID	20230317233711.1382795-1-bb@ti.com
State	Accepted
Commit	411faba7c733cde947d1a61a1d503d39fe7129b2
Delegated to:	Tom Rini
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> From: Bryan Brattlof <bb@ti.com> To: Tom Rini <trini@konsulko.com> CC: UBoot Mailing List <u-boot@lists.denx.de>, Kamlesh Gurudasani <kamlesh@ti.com>, Judith Mendez <jm@ti.com>, Bryan Brattlof <bb@ti.com> Subject: [PATCH] configs: am62ax: enable secure device configs by default Date: Fri, 17 Mar 2023 18:37:11 -0500 Message-ID: <20230317233711.1382795-1-bb@ti.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: list Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	configs: am62ax: enable secure device configs by default \| expand configs: am62ax: enable secure device configs by default

Message ID

20230317233711.1382795-1-bb@ti.com

State

Accepted

Commit

411faba7c733cde947d1a61a1d503d39fe7129b2

Delegated to:

Tom Rini

Headers

show

Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (1024-bit key;
 unprotected) header.d=ti.com header.i=@ti.com header.a=rsa-sha256
 header.s=ti-com-17Q1 header.b=rhS8PAfh;
	dkim-atps=neutral
Received: from phobos.denx.de (phobos.denx.de
 [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4PdgXg6cx4z1yWs
	for <incoming@patchwork.ozlabs.org>; Sat, 18 Mar 2023 10:37:38 +1100 (AEDT)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 7E62A85F41;
	Sat, 18 Mar 2023 00:37:26 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=quarantine dis=none) header.from=ti.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (1024-bit key;
 unprotected) header.d=ti.com header.i=@ti.com header.b="rhS8PAfh";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 2C3B7844BF; Sat, 18 Mar 2023 00:37:25 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
 DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,
 SPF_PASS autolearn=ham autolearn_force=no version=3.4.2
Received: from fllv0016.ext.ti.com (fllv0016.ext.ti.com [198.47.19.142])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 586E285F41
 for <u-boot@lists.denx.de>; Sat, 18 Mar 2023 00:37:21 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=quarantine dis=none) header.from=ti.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=bb@ti.com
Received: from fllv0034.itg.ti.com ([10.64.40.246])
 by fllv0016.ext.ti.com (8.15.2/8.15.2) with ESMTP id 32HNbHaX017134;
 Fri, 17 Mar 2023 18:37:17 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com;
 s=ti-com-17Q1; t=1679096237;
 bh=lBFR6SBgwg2FAHbKs/iDPr+5q/F3bmX0b7wwDbtlmbI=;
 h=From:To:CC:Subject:Date;
 b=rhS8PAfhtL7q2m/QqNVpuJaW4MImOOLslPf2LyTnCA94lYkbqQerfE0UScxej8nZG
 rPkqmTf7epOlldv6dXgrAfgNBxnhEUmRjvnGGnXaiTpAjckdOOhh0K4WQJFAGcg0Fs
 tZMYm5B+TZQ0k9fH+dGr+KxT0v58v8x4u/EHTiFw=
Received: from DFLE114.ent.ti.com (dfle114.ent.ti.com [10.64.6.35])
 by fllv0034.itg.ti.com (8.15.2/8.15.2) with ESMTPS id 32HNbHUb057188
 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL);
 Fri, 17 Mar 2023 18:37:17 -0500
Received: from DFLE101.ent.ti.com (10.64.6.22) by DFLE114.ent.ti.com
 (10.64.6.35) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.16; Fri, 17
 Mar 2023 18:37:17 -0500
Received: from lelv0326.itg.ti.com (10.180.67.84) by DFLE101.ent.ti.com
 (10.64.6.22) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.16 via
 Frontend Transport; Fri, 17 Mar 2023 18:37:17 -0500
Received: from localhost (ileaxei01-snat2.itg.ti.com [10.180.69.6])
 by lelv0326.itg.ti.com (8.15.2/8.15.2) with ESMTP id 32HNbHvl026306;
 Fri, 17 Mar 2023 18:37:17 -0500
From: Bryan Brattlof <bb@ti.com>
To: Tom Rini <trini@konsulko.com>
CC: UBoot Mailing List <u-boot@lists.denx.de>, Kamlesh Gurudasani
 <kamlesh@ti.com>, Judith Mendez <jm@ti.com>, Bryan Brattlof <bb@ti.com>
Subject: [PATCH] configs: am62ax: enable secure device configs by default
Date: Fri, 17 Mar 2023 18:37:11 -0500
Message-ID: <20230317233711.1382795-1-bb@ti.com>
X-Mailer: git-send-email 2.40.0
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=1664; i=bb@ti.com;
 h=from:subject; bh=j6VSETzohEw2KTALj4YgH7BGSCMRd9L5nPkIpU9ugGg=;
 b=owNCWmg5MUFZJlNZEBY0NgAAbv//////738m/d3/vdV+duO+/7f2Q2Utzd5v+UrfvvDn13ewA
 RtqB2poNAyANGjRo00BoYQPUNABiAaAAB6ho0DTRoDTRoNAA0GgNMnqeoaBgZJ6hkmhiBppoGjQ
 DTEA0yBppkA000wQaADRjRNDQNAzU0AZA0NGTRoyaDJoNA0AHQZqDEMQyYg0aANMEwIAaNGg00A
 GhkYID0EaMIANAAyaBpiADRkAAFCtQ6izABz+YAXtxUbS0E0BsU0ngB6xwNFhLW5DDXYQGDyGX0
 Yn522y9cGcwwKDYehgQPqInNAjpLzzxUfUy4Cs7+C/FM/N5WD0Dv6m5IY90sSbYsRfLQfaBrwgc
 Fh0GiSdltazFYp1JlqOlbl4AQReGfBzz5Sexnvm3Olbl6tsPGETfxylI5jjm7LGRmJYHib7ISKH
 QNsws+OmHoSZlop1hn9Pv1HVqM8+7yCDxprhR9aAj20jssCoStuOgs2afd19tc1WBiLXIItWeDO
 GK9FK0fuVb7KogzC7ULNe3HAt0IbBGv7kQyrIw2J5W4/WCRVfPJ3zCpJ+qTlXGIILvGUwRd+ImN
 H1Mtvn2UyDhokAXOcKw+/QCXVtAdNrJnPr8NvhM0dcigDJiaDNFdBX7KsGUPG+MLYggEhSBZ1/E
 IpCM6HHR/4u5IpwoSAgLGhs
X-Developer-Key: i=bb@ti.com; a=openpgp;
 fpr=D3D177E40A38DF4D1853FEEF41B90D5D71D56CE0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de
X-Virus-Status: Clean

Series

configs: am62ax: enable secure device configs by default | expand

Commit Message

Bryan Brattlof March 17, 2023, 11:37 p.m. UTC

TI's security enforcing SoCs will authenticate each binary it loads by
comparing it's signature with keys etched into the SoC during the boot
up process. The am62ax family of SoCs by default will have some level of
security enforcement checking. To keep things as simple as possible,
enable the CONFIG_TI_SECURE_DEVICE options by default so all levels of
secure SoCs will work out of the box

Enable the CONFIG_TI_SECURE_DEVICE by default

Signed-off-by: Bryan Brattlof <bb@ti.com>
---
 configs/am62ax_evm_a53_defconfig | 1 +
 configs/am62ax_evm_r5_defconfig  | 2 ++
 2 files changed, 3 insertions(+)


base-commit: 318af47668aa2347ca9bbf2114cb9af1d8739aca

Comments

Tom Rini March 20, 2023, 9:50 p.m. UTC | #1

On Fri, Mar 17, 2023 at 06:37:11PM -0500, Bryan Brattlof wrote:

> TI's security enforcing SoCs will authenticate each binary it loads by
> comparing it's signature with keys etched into the SoC during the boot
> up process. The am62ax family of SoCs by default will have some level of
> security enforcement checking. To keep things as simple as possible,
> enable the CONFIG_TI_SECURE_DEVICE options by default so all levels of
> secure SoCs will work out of the box
> 
> Enable the CONFIG_TI_SECURE_DEVICE by default
> 
> Signed-off-by: Bryan Brattlof <bb@ti.com>

Reviewed-by: Tom Rini <trini@konsulko.com>

Kamlesh Gurudasani March 21, 2023, 3:03 p.m. UTC | #2

Bryan Brattlof <bb@ti.com> writes:

> TI's security enforcing SoCs will authenticate each binary it loads by
> comparing it's signature with keys etched into the SoC during the boot
> up process. The am62ax family of SoCs by default will have some level of
> security enforcement checking. To keep things as simple as possible,
> enable the CONFIG_TI_SECURE_DEVICE options by default so all levels of
> secure SoCs will work out of the box
>
> Enable the CONFIG_TI_SECURE_DEVICE by default
>
> Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Kamlesh Gurudasani <kamlesh@ti.com>

Tom Rini March 30, 2023, 1:54 a.m. UTC | #3

On Fri, Mar 17, 2023 at 06:37:11PM -0500, Bryan Brattlof wrote:

> TI's security enforcing SoCs will authenticate each binary it loads by
> comparing it's signature with keys etched into the SoC during the boot
> up process. The am62ax family of SoCs by default will have some level of
> security enforcement checking. To keep things as simple as possible,
> enable the CONFIG_TI_SECURE_DEVICE options by default so all levels of
> secure SoCs will work out of the box
> 
> Enable the CONFIG_TI_SECURE_DEVICE by default
> 
> Signed-off-by: Bryan Brattlof <bb@ti.com>
> Reviewed-by: Tom Rini <trini@konsulko.com>
> Reviewed-by: Kamlesh Gurudasani <kamlesh@ti.com>

Applied to u-boot/next, thanks!

diff --git a/configs/am62ax_evm_a53_defconfig b/configs/am62ax_evm_a53_defconfig
index 8d6428f22eb11..c7aed9ad33520 100644
--- a/configs/am62ax_evm_a53_defconfig
+++ b/configs/am62ax_evm_a53_defconfig
@@ -1,5 +1,6 @@ 
 CONFIG_ARM=y
 CONFIG_ARCH_K3=y
+CONFIG_TI_SECURE_DEVICE=y
 CONFIG_SYS_MALLOC_F_LEN=0x8000
 CONFIG_SPL_LIBCOMMON_SUPPORT=y
 CONFIG_SPL_LIBGENERIC_SUPPORT=y
diff --git a/configs/am62ax_evm_r5_defconfig b/configs/am62ax_evm_r5_defconfig
index fac48fbd12608..e5bee144466ec 100644
--- a/configs/am62ax_evm_r5_defconfig
+++ b/configs/am62ax_evm_r5_defconfig
@@ -1,5 +1,6 @@ 
 CONFIG_ARM=y
 CONFIG_ARCH_K3=y
+CONFIG_TI_SECURE_DEVICE=y
 CONFIG_SYS_MALLOC_F_LEN=0x9000
 CONFIG_SPL_LIBCOMMON_SUPPORT=y
 CONFIG_SPL_LIBGENERIC_SUPPORT=y
@@ -52,6 +53,7 @@  CONFIG_SPL_RAM_SUPPORT=y
 CONFIG_SPL_RAM_DEVICE=y
 CONFIG_SPL_REMOTEPROC=y
 CONFIG_SPL_THERMAL=y
+CONFIG_SPL_YMODEM_SUPPORT=y
 CONFIG_HUSH_PARSER=y
 CONFIG_CMD_ASKENV=y
 CONFIG_CMD_DFU=y

configs: am62ax: enable secure device configs by default

Commit Message

Comments

Patch