From: Tinchu <tinchu.nitrpr@gmail.com>
To: "linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>
Cc: linux-rpi-kernel@lists.infradead.org,
lkml <linux-kernel@vger.kernel.org>,
Marc Zyngier <marc.zyngier@arm.com>,
Russell King <rmk+kernel@armlinux.org.uk>
Subject: ARM setting up secure mode vector table
Date: Mon, 1 Jul 2019 23:37:34 -0700 [thread overview]
Message-ID: <4fb7db36-bce6-ea42-7dd8-91d71857697c@gmail.com> (raw)
Hi,
Apologies in advance for extra CC list.
I'm trying to hack linux kernel (v4.14 LTS) for Raspberry PI 3 (ARM32 build), to
enable early boot code switch to secure mode using SMC #0 instruction and return
(and later tinker with some secure mode registers).
While this may generally not be possible, it seems it just might for this platform
(i can do this on a baremetal library, but not kernel proper. Apparently the
current BCM firmware sets up secure, non secure and monitor vector base addresses
to 0x00000000 before calling into zImage and all mem is writable for non secure
mode. See the gory details in ultibo pascal library code comments [1]. The trick
is to copy a vector table with SMC vector to address 0. I'm suspecting this not
working for linux as having to write the code in true position independent way.
Here's a rough hack to arch/arm/kernel/hyp-stub.S
I'm simply hacking in a vector entry into existing hyp vector table and then
copying it over to 0 (I've tried using a completely different table, which fails
in same way).
+ .macro sec_vec_install_run
+
+ mrc p15, #0, r4, c12, c0, #0
+ ldr r5, .LSecureVectorTable
+
+ /* 8 bytes of vector */
+ ldmia r5!, {r6-r7}
+ stmia r4!, {r6-r7}
+
+ ldmia r5!, {r6-r7}
+ stmia r4!, {r6-r7}
+
+ ldmia r5!, {r6-r7}
+ stmia r4!, {r6-r7}
+
+ ldmia r5!, {r6-r7}
+ stmia r4!, {r6-r7}
+
+ /* 1 word for secondary table */
+ ldmia r5!, {r6-r7}
+ stmia r4!, {r6-r7}
+
+ /*Clean Data Cache MVA */
+ mov r5, #0
+ mcr p15, #0, r5, cr7, cr10, #1
+
+ dsb
+
+ //Invalidate Instruction Cache
+ mov r5, #0
+ mcr p15, #0, r5, cr7, cr5, #0
+
+ //Flush Branch Target Cache
+ mov r5, #0
+ mcr p15, #0, r5, cr7, cr5, #6
+
+ dsb
+ isb
+
+ .arch_extension sec
+ smc #0
+
+ .endm
ENTRY(__hyp_stub_install_secondary)
+ sec_vec_install_run
...
+smc_hdlr:
+ /* do stuff later */
+ ret lr
+ENDPROC(smc_hdlr)
.align 5
ENTRY(__hyp_stub_vectors)
__hyp_stub_reset: W(b) .
__hyp_stub_und: W(b) .
+ __hyp_stub_svc: ldr pc, .Lhdlr2
- __hyp_stub_svc: W(b) .
...
+.Lhdlr2:
+ .word smc_hdlr
+.LSecureVectorTable:
+ .long __hyp_stub_vectors
Can someone please tell me what part of code is wrong. Pretty much similar code
works in baremetal setup.
TIA
[1] https://github.com/ultibohub/Core/blob/master/source/rtl/ultibo/core/bootrpi2.pas
reply other threads:[~2019-07-02 6:37 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4fb7db36-bce6-ea42-7dd8-91d71857697c@gmail.com \
--to=tinchu.nitrpr@gmail.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rpi-kernel@lists.infradead.org \
--cc=marc.zyngier@arm.com \
--cc=rmk+kernel@armlinux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox