spl: Force disable non-FIT loading for TI secure devices

Booting of non-FIT images bypass our chain-of-trust boot flow,
these options should not be allowed when high security is set.

Signed-off-by: Andrew Davis <[email protected]>
Reviewed-by: Tom Rini <[email protected]>

diff --git a/common/spl/Kconfig b/common/spl/Kconfig
index 43485af468e1e5e9bc12e895bf65a3c64b66e2f7..50ff113cab21c60ea84e7dbb399ebf50a6ad6496 100644 (file)
--- a/common/spl/Kconfig
+++ b/common/spl/Kconfig
@@ -219,7 +219,8 @@ config SPL_BOOTCOUNT_LIMIT
 config SPL_RAW_IMAGE_SUPPORT
        bool "Support SPL loading and booting of RAW images"
        default n if (ARCH_MX6 && (SPL_MMC || SPL_SATA))
-       default y if !TI_SECURE_DEVICE
+       default y
+       depends on !TI_SECURE_DEVICE
        help
          SPL will support loading and booting a RAW image when this option
          is y. If this is not set, SPL will move on to other available
@@ -227,7 +228,8 @@ config SPL_RAW_IMAGE_SUPPORT
 
 config SPL_LEGACY_IMAGE_FORMAT
        bool "Support SPL loading and booting of Legacy images"
-       default y if !TI_SECURE_DEVICE && !SPL_LOAD_FIT
+       default y if !SPL_LOAD_FIT
+       depends on !TI_SECURE_DEVICE
        help
          SPL will support loading and booting Legacy images when this option
          is y. If this is not set, SPL will move on to other available