configs: am62x: enable secure device configs by default

Message ID	20230405224047.14363-1-praneeth@ti.com
State	Accepted
Commit	8f3e2d14a6cd0fb0441f4c1fcd5b4c7bc5ad54a2
Delegated to:	Tom Rini
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> From: Praneeth Bajjuri <praneeth@ti.com> To: <praneeth@ti.com>, <u-boot@lists.denx.de>, Tom Rini <trini@konsulko.com> CC: Kamlesh Gurudasani <kamlesh@ti.com>, Bryan Brattlof <bb@ti.com> Subject: [PATCH] configs: am62x: enable secure device configs by default Date: Wed, 5 Apr 2023 17:40:47 -0500 Message-ID: <20230405224047.14363-1-praneeth@ti.com> MIME-Version: 1.0 Content-Type: text/plain Precedence: list Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	configs: am62x: enable secure device configs by default \| expand configs: am62x: enable secure device configs by default

Message ID

20230405224047.14363-1-praneeth@ti.com

State

Accepted

Commit

8f3e2d14a6cd0fb0441f4c1fcd5b4c7bc5ad54a2

Delegated to:

Tom Rini

Headers

show

Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (1024-bit key;
 unprotected) header.d=ti.com header.i=@ti.com header.a=rsa-sha256
 header.s=ti-com-17Q1 header.b=ohIGCv+/;
	dkim-atps=neutral
Received: from phobos.denx.de (phobos.denx.de
 [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4PsKNg0H90z1yYy
	for <incoming@patchwork.ozlabs.org>; Thu,  6 Apr 2023 08:41:05 +1000 (AEST)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 6D8A384D00;
	Thu,  6 Apr 2023 00:40:56 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=quarantine dis=none) header.from=ti.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (1024-bit key;
 unprotected) header.d=ti.com header.i=@ti.com header.b="ohIGCv+/";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 3F65A85FA9; Thu,  6 Apr 2023 00:40:55 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
 DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,
 SPF_PASS autolearn=ham autolearn_force=no version=3.4.2
Received: from fllv0016.ext.ti.com (fllv0016.ext.ti.com [198.47.19.142])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id E75E183523
 for <u-boot@lists.denx.de>; Thu,  6 Apr 2023 00:40:51 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=quarantine dis=none) header.from=ti.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=praneeth@ti.com
Received: from fllv0035.itg.ti.com ([10.64.41.0])
 by fllv0016.ext.ti.com (8.15.2/8.15.2) with ESMTP id 335MemqN120008;
 Wed, 5 Apr 2023 17:40:48 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com;
 s=ti-com-17Q1; t=1680734448;
 bh=XEhrVHOUq3dnnBrkhalEBX8uW6xcvLJkWrHqY/12ydA=;
 h=From:To:CC:Subject:Date;
 b=ohIGCv+/U0mBdT3f7u0ckciyLyOMqiNakGvo91Ovi2/IGaFYQyReJguZpfYhXjW0N
 vwsvImM6gs7SZZ2dnP2jdB/yeXDpd/AdKAyimi79UcsbuZCFe3vtyZ4izAFzEN5Ycs
 Y1xOyYGHN0TLELDUXLAH39nq3aF9ZcUeixR+fnyQ=
Received: from DFLE110.ent.ti.com (dfle110.ent.ti.com [10.64.6.31])
 by fllv0035.itg.ti.com (8.15.2/8.15.2) with ESMTPS id 335MemtQ076916
 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL);
 Wed, 5 Apr 2023 17:40:48 -0500
Received: from DFLE104.ent.ti.com (10.64.6.25) by DFLE110.ent.ti.com
 (10.64.6.31) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.16; Wed, 5
 Apr 2023 17:40:48 -0500
Received: from fllv0040.itg.ti.com (10.64.41.20) by DFLE104.ent.ti.com
 (10.64.6.25) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.16 via
 Frontend Transport; Wed, 5 Apr 2023 17:40:48 -0500
Received: from praneethhome (ileaxei01-snat.itg.ti.com [10.180.69.5])
 by fllv0040.itg.ti.com (8.15.2/8.15.2) with ESMTP id 335MemOK091516;
 Wed, 5 Apr 2023 17:40:48 -0500
Received: from praneeth by praneethhome with local (Exim 4.90_1)
 (envelope-from <praneeth@ti.com>)
 id 1pkBo7-0003kL-Va; Wed, 05 Apr 2023 17:40:47 -0500
From: Praneeth Bajjuri <praneeth@ti.com>
To: <praneeth@ti.com>, <u-boot@lists.denx.de>, Tom Rini <trini@konsulko.com>
CC: Kamlesh Gurudasani <kamlesh@ti.com>, Bryan Brattlof <bb@ti.com>
Subject: [PATCH] configs: am62x: enable secure device configs by default
Date: Wed, 5 Apr 2023 17:40:47 -0500
Message-ID: <20230405224047.14363-1-praneeth@ti.com>
X-Mailer: git-send-email 2.17.1
MIME-Version: 1.0
Content-Type: text/plain
X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de
X-Virus-Status: Clean

Series

configs: am62x: enable secure device configs by default | expand

Commit Message

Praneeth Bajjuri April 5, 2023, 10:40 p.m. UTC

Enable the CONFIG_TI_SECURE_DEVICE by default

Non-HS devices will continue to boot due to runtime device type detection.

TI's security enforcing SoCs will authenticate each binary it loads by
comparing it's signature with keys etched into the SoC during the boot
up process. The am62x family of SoCs by default will have some level of
security enforcement checking. To keep things as simple as possible,
enable the CONFIG_TI_SECURE_DEVICE options by default so all levels of
secure SoCs will work out of the box

Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
---
 configs/am62x_evm_a53_defconfig | 1 +
 configs/am62x_evm_r5_defconfig  | 1 +
 2 files changed, 2 insertions(+)

Comments

Tom Rini May 5, 2023, 12:59 a.m. UTC | #1

On Wed, Apr 05, 2023 at 05:40:47PM -0500, Praneeth Bajjuri wrote:

> Enable the CONFIG_TI_SECURE_DEVICE by default
> 
> Non-HS devices will continue to boot due to runtime device type detection.
> 
> TI's security enforcing SoCs will authenticate each binary it loads by
> comparing it's signature with keys etched into the SoC during the boot
> up process. The am62x family of SoCs by default will have some level of
> security enforcement checking. To keep things as simple as possible,
> enable the CONFIG_TI_SECURE_DEVICE options by default so all levels of
> secure SoCs will work out of the box
> 
> Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
> Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
> Signed-off-by: Bryan Brattlof <bb@ti.com>

Applied to u-boot/master, thanks!

diff --git a/configs/am62x_evm_a53_defconfig b/configs/am62x_evm_a53_defconfig
index cc9c8eab3e..fc76d88727 100644
--- a/configs/am62x_evm_a53_defconfig
+++ b/configs/am62x_evm_a53_defconfig
@@ -1,5 +1,6 @@ 
 CONFIG_ARM=y
 CONFIG_ARCH_K3=y
+CONFIG_TI_SECURE_DEVICE=y
 CONFIG_SYS_MALLOC_F_LEN=0x8000
 CONFIG_SPL_LIBCOMMON_SUPPORT=y
 CONFIG_SPL_LIBGENERIC_SUPPORT=y
diff --git a/configs/am62x_evm_r5_defconfig b/configs/am62x_evm_r5_defconfig
index 44a9130d99..cab8c820f9 100644
--- a/configs/am62x_evm_r5_defconfig
+++ b/configs/am62x_evm_r5_defconfig
@@ -1,5 +1,6 @@ 
 CONFIG_ARM=y
 CONFIG_ARCH_K3=y
+CONFIG_TI_SECURE_DEVICE=y
 CONFIG_SYS_MALLOC_LEN=0x08000000
 CONFIG_SYS_MALLOC_F_LEN=0x9000
 CONFIG_SPL_LIBCOMMON_SUPPORT=y

configs: am62x: enable secure device configs by default

Commit Message

Comments

Patch