feat(stm32mp1): add a check on TRUSTED_BOARD_BOOT with secure chip

Add a security check to enforce the usage of TRUSTED_BOARD_BOOT
on closed device. It will guarantee the secure bootchain.

Change-Id: Id6120d0e5041e8f2d3866e5710876ec96b6d0216
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
diff --git a/plat/st/stm32mp1/bl2_plat_setup.c b/plat/st/stm32mp1/bl2_plat_setup.c
index 57efb80..c64a618 100644
--- a/plat/st/stm32mp1/bl2_plat_setup.c
+++ b/plat/st/stm32mp1/bl2_plat_setup.c
@@ -341,6 +341,14 @@
 	}
 
 skip_console_init:
+#if !TRUSTED_BOARD_BOOT
+	if (stm32mp_is_closed_device()) {
+		/* Closed chip mandates authentication */
+		ERROR("Secure chip: TRUSTED_BOARD_BOOT must be enabled\n");
+		panic();
+	}
+#endif
+
 	if (fixed_regulator_register() != 0) {
 		panic();
 	}