trustfence: ccimx93: disable boot artifacts encryption by default

Encrypting boot artifacts impacts the device's boot time, so disable them
by default. It is still possible to enable it in the project's config
file by setting the TRUSTFENCE_DEK_PATH option.

Signed-off-by: Javier Viguera <javier.viguera@digi.com>

meta-digi-dey/classes/trustfence.bbclass

@@ -23,8 +23,7 @@ TRUSTFENCE_CONSOLE_DISABLE ?= "0"
 # Default secure boot configuration
 TRUSTFENCE_SIGN ?= "1"
 TRUSTFENCE_SIGN_KEYS_PATH ?= "default"
-TRUSTFENCE_DEK_PATH ?= "default"
-TRUSTFENCE_DEK_PATH:ccmp1 ?= "0"
+TRUSTFENCE_DEK_PATH ?= "${TF_DEK_PATH}"
 TRUSTFENCE_ENCRYPT_ENVIRONMENT ?= "1"
 TRUSTFENCE_SRK_REVOKE_MASK ?= "0x0"
 TRUSTFENCE_KEY_INDEX ?= "0"
@@ -45,6 +44,11 @@ TRUSTFENCE_READ_ONLY_ROOTFS ?= "${@bb.utils.contains("IMAGE_FEATURES", "read-onl
 # NOTHING TO CUSTOMIZE BELOW THIS LINE
 #
 
+# Platform specific defaults
+TF_DEK_PATH = "default"
+TF_DEK_PATH:ccimx93 = "0"
+TF_DEK_PATH:ccmp1 = "0"
+
 # NXP-based sign a FIT-format boot artifact
 TRUSTFENCE_SIGN_FIT_NXP = "0"
 TRUSTFENCE_SIGN_FIT_NXP:ccimx93 = "${TRUSTFENCE_SIGN_ARTIFACTS}"