meta-ibm: p10bmc: Assert that we want the SPL signed by socsec

Configure the SOCSEC_SIGN_* variables to sign the SPL and exploit the
AST2600 hardware root-of-trust.

Note that this doesn't require that secure-boot is enabled on the
system, the SoC will bootstrap just fine with the signature in place
while secure-boot is disabled. Signing the SPL allows us to switch the
systems over to secure-boot at our leisure.

Change-Id: I07b5c4afb7bacc040cbdce6c82a0fb3a57d0f7f8
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
diff --git a/meta-ibm/conf/machine/p10bmc.conf b/meta-ibm/conf/machine/p10bmc.conf
index 2b7463e..19de5ee 100644
--- a/meta-ibm/conf/machine/p10bmc.conf
+++ b/meta-ibm/conf/machine/p10bmc.conf
@@ -55,5 +55,7 @@
 UBOOT_SIGN_KEYDIR = "${WORKDIR}"
 SPL_SIGN_KEYDIR = "${WORKDIR}"
 
+SOCSEC_SIGN_ENABLE = "1"
+
 DEBUG_TRIGGERS = "kcs2"
 PACKAGECONFIG:append:pn-debug-trigger = " triggers"