TI's security enforcing SoCs will authenticate each binary it loads by
comparing it's signature with keys etched into the SoC during the boot
up process. The am62ax family of SoCs by default will have some level of
security enforcement checking. To keep things as simple as possible,
enable the CONFIG_TI_SECURE_DEVICE options by default so all levels of
secure SoCs will work out of the box
Enable the CONFIG_TI_SECURE_DEVICE by default
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Kamlesh Gurudasani <kamlesh@ti.com>
Texas Instruments has begun enabling security setting on the SoCs they
produce to instruct ROM and TIFS to begin protecting the Security
Management Subsystem (SMS) from other binaries we load into the chip by
default.
One way ROM does this is by enabling firewalls to protect the OCSRAM
region it's using during bootup. Only after TIFS has started (and had
time to disable the OCSRAM firewall region) will we have write access to
the region.
This means we will need to move the stack & heap from OCSRAM to HSM RAM
and reduce the size of BSS and the SPL to allow it to fit properly.
Signed-off-by: Bryan Brattlof <bb@ti.com>
In its current form, the am62a's wakeup SPL is fairly small, however
this will not remain as more boot modes are eventually added. To protect
us from overflowing our ~256k of HSM SRAM, add limits and check during
the wakeup SPL build.
Signed-off-by: Bryan Brattlof <bb@ti.com>
Introduce the minimum configs, only SD-MMC and UART boot related
settings, to serve as a good starting point for the am62a as we add more
functionality.
Signed-off-by: Bryan Brattlof <bb@ti.com>
[trini: Disable CONFIG_NET as it's not used, in both platforms]
Signed-off-by: Tom Rini <trini@konsulko.com>
