feat(security): Generalize boot flow page for non-AM64x SoCs

Currently, the secure boot section is tailored for AM64x. But the same
information is applicable to non-AM64x SoCs, that is AM62x, AM62P. Therefore
generalize the page and add it these other devices' TOCs.

In addition, fix the language in the file to simplify it by changing a few
passive voice statements into active voice, using easier words etc.

Signed-off-by: Suhaas Joshi <s-joshi@ti.com>

Author: jsuhaas22

configs/AM62PX/AM62PX_linux_toc.txt

@@ -103,6 +103,7 @@ linux/Foundational_Components/System_Security/Security_overview
 linux/Foundational_Components/System_Security/SELinux
 linux/Foundational_Components/System_Security/Auth_boot
 linux/Foundational_Components/System_Security/Memory_Firewalls
+linux/Foundational_Components_Secure_Boot
 
 linux/Foundational_Components_Kernel_Users_Guide
 linux/Foundational_Components_Kernel_LTP-DDT_Validation

configs/AM62X/AM62X_linux_toc.txt

@@ -100,6 +100,7 @@ linux/Foundational_Components/System_Security/Security_overview
 linux/Foundational_Components/System_Security/SELinux
 linux/Foundational_Components/System_Security/Auth_boot
 linux/Foundational_Components/System_Security/Memory_Firewalls
+linux/Foundational_Components_Secure_Boot
 
 linux/Foundational_Components_PRU_Subsystem
 linux/Foundational_Components/PRU-ICSS-Linux-Drivers

source/linux/Foundational_Components_Secure_Boot.rst

@@ -30,14 +30,14 @@ The following is an example list where Chain-of-Trust should be maintained.
 - Disable kernel debug options
 - Disable/remove userspace debug tools, devmem disable, etc..
 
-We provide methods for U-Boot's SPL loader to securely verify/encrypt the U-Boot proper. This is accomplished by calling into TIFS via TI-SCI
-(Texas Instruments System Controller Interface). For more infomation using TI_SCI methods refer to the
-`TISCI User Guide <https://software-dl.ti.com/tisci/esd/22_01_02/index.html>`__. U-Boot proper then securely verifies/decrypts the Kernel/DTB/initramfs.
+We offer methods for U-Boot's SPL loader to securely verify and encrypt the U-Boot proper. U-Boot calls TIFS through TI-SCI (Texas Instruments System Controller Interface)
+to accomplish this. For more information about using TI_SCI methods see the
+`TISCI User Guide <https://software-dl.ti.com/tisci/esd/22_01_02/index.html>`__. U-Boot proper then securely verifies and decrypts the kernel, DTB and initramfs.
 
 .. Image:: /images/K3_KF.png
         :scale: 70%
 
-Secure boot has layers. Some layers are trusted more than others. Secure ROM has the highest trust and REE (Run-time Execution
+Secure boot has layers. Some layers are trusted more than others. Secure ROM has the highest trust and REE (Runtime Execution
 Environment) non-trustzone user-space applications have the least. If any higher trust code is to be loaded by a lower trust entity, it must be verified
 by an even higher trust entity and not allowed to be accessed by the lower trust entity after that point. Some such trust inversions are listed below:
 
@@ -69,14 +69,20 @@ The exact location is device dependent. More details can be found in the device
     * DMSC firmware: `Texas Instruments Foundational Security (TIFS)` + Device/Power Manager: After authentication/decryption, DMSC firmware replaces the Secure ROM as the authenticator entity executing on the DMSC core.
     * R5 SPL: The R5 SPL bootloader is executed on the R5 core.
 
-.. ifconfig:: CONFIG_part_variant in ('AM62x')
+.. ifconfig:: CONFIG_part_variant not in ('AM64X')
 
-    - `AM62x TRM <https://www.ti.com/lit/pdf/spruiv7>`_
+   .. ifconfig:: CONFIG_part_variant in ('AM62X')
 
-    The contents of this first stage image are authenticated and decrypted by the Secure ROM. Contents include:
+       - `AM62x TRM <https://www.ti.com/lit/pdf/spruiv7>`_
+
+   .. ifconfig:: CONFIG_part_variant in ('AM62PX')
+
+      - `AM62P TRM <https://www.ti.com/lit/pdf/spruj83>`_
+
+   The contents of this first stage image are authenticated and decrypted by the Secure ROM. Contents include:
 
-    * `Texas Instruments Foundational Security (TIFS)` firmware: After authentication/decryption, TIFS firmware replaces the Secure ROM as the authenticator entity executing on the TIFS core.
-    * R5 SPL`: The R5 SPL bootloader is executed on the R5 core.
+   * `Texas Instruments Foundational Security (TIFS)` firmware: After authentication/decryption, TIFS firmware replaces the Secure ROM as the authenticator entity executing on the TIFS core.
+   * R5 SPL`: The R5 SPL bootloader is executed on the R5 core.
 
 .. rubric:: R5 SPL
 
@@ -195,9 +201,9 @@ HS Boot Flow Tools
 
 U-boot:
 
-    The ti-u-boot source is a project used to create tiboot3.bin, tispl.bin, and u-boot.img. To create  tiboot3.bin for AM64x family devices, u-boot builds R5 SPL and
+    The ti-u-boot source is a project used to create tiboot3.bin, tispl.bin, and u-boot.img. To create  tiboot3.bin for K3 family devices, u-boot builds R5 SPL and
     binman packages it in a `tiboot3.bin` image. To build A53 SPL, binman takes ATF (bl31.bin), OPTEE (bl32.bin), A53 SPL, and A53 DTBs and packages
-    them in a `tispl.bin` image. The openssl library can then then be used to sign each component as specified in k3-am64x-binman.dtsi.
+    them in a `tispl.bin` image. U-Boot can then use the openssl library to sign each component as specified in k3-<soc>-binman.dtsi.
 
     .. code-block:: console
 
@@ -246,7 +252,7 @@ OPTEE:
 Ti-linux-firmware:
 
     The ti-linux-firmware is a TI repository where all firmware releases are stored. Firmwares for a device family can also be found in the pre-built SDK
-    under <path-to-tisdk>/board-support/prebuilt-images/am64xx-evm. Binman expects to find the device firmware with the following appended to u-boot build command:
+    under <path-to-tisdk>/board-support/prebuilt-images/<evm>. Binman expects to find the device firmware with the following appended to u-boot build command:
     BINMAN_INDIRS=<path-to-tisdk>/board-support/prebuilt-images, and expects to find a ti-sysfw directory in this path.
 
     .. code-block:: console