configs: am62a: use kernel fitImage when using secure bootflow

In order to maintain the chain of trust, each stage of the boot process
will first authenticate each binary it loads before continuing. To
extend this to the kernal and its dtbs we can package the kernal and
its dtbs into another fitImage for Uboot to authenticate and extend the
chain of trust all the way to the kernel.

When 'boot_fit' is set, indicating we're using the secure bootflow, look
for and authenticate the kernel's fitImage.

Signed-off-by: Judith Mendez <jm@ti.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>

1 files changed, 8 insertions, 3 deletions

diff --git a/include/configs/am62ax_evm.h b/include/configs/am62ax_evm.h
index ba67c98693b..cdd639b9309 100644
--- a/include/configs/am62ax_evm.h
+++ b/include/configs/am62ax_evm.h
@@ -59,9 +59,14 @@
 	EXTRA_ENV_AM62A7_BOARD_SETTINGS_MMC				\
 	"bootcmd_ti_mmc="						\
 		"run findfdt; run envboot; run init_mmc;"		\
-		"run get_kern_mmc; run get_fdt_mmc;"			\
-		"run get_overlay_mmc;"					\
-		"run run_kern;\0"
+		"if test ${boot_fit} -eq 1; then;"			\
+			"run get_fit_mmc; run get_overlaystring;"	\
+			"run run_fit;"					\
+		"else;"							\
+			"run get_kern_mmc; run get_fdt_mmc;"		\
+			"run get_overlay_mmc;"				\
+			"run run_kern;"					\
+		"fi;\0"
 
 #define BOOTENV_DEV_NAME_TI_MMC(devtyeu, devtypel, instance)		\
 	"ti_mmc "