From: Greg Bellows <greg.bellows@linaro.org>
To: qemu-devel@nongnu.org, serge.fdrv@gmail.com,
edgar.iglesias@gmail.com, aggelerf@ethz.ch,
peter.maydell@linaro.org
Cc: Greg Bellows <greg.bellows@linaro.org>
Subject: [Qemu-devel] [PATCH v2 10/15] target-arm: Add arm_boot_info secure_boot control
Date: Thu, 11 Dec 2014 17:29:24 -0600 [thread overview]
Message-ID: <1418340569-30519-11-git-send-email-greg.bellows@linaro.org> (raw)
In-Reply-To: <1418340569-30519-1-git-send-email-greg.bellows@linaro.org>
Adds the secure_boot boolean field to the arm_boot_info descriptor. This
fields is used to indicate whether Linux should boot into secure or non-secure
state if the ARM EL3 feature is enabled. The default is to leave the CPU in an
unaltered reset state. On EL3 enabled systems, the reset state is secure and
can be overridden by setting the added field to false.
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
---
hw/arm/boot.c | 10 ++++++++++
include/hw/arm/arm.h | 4 ++++
2 files changed, 14 insertions(+)
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index e6a3c5b..7ec33f3 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -457,6 +457,16 @@ static void do_cpu_reset(void *opaque)
env->thumb = info->entry & 1;
}
} else {
+ /* If we are booting Linux then we need to check whether we are
+ * booting into secure or non-secure state and adjust the state
+ * accordingly. Out of reset, ARM is defined to be in secure state
+ * (SCR.NS = 0), we change that here is non-secure boot has been
+ * requested.
+ */
+ if (arm_feature(env, ARM_FEATURE_EL3) && !info->secure_boot) {
+ env->cp15.scr_el3 |= SCR_NS;
+ }
+
if (CPU(cpu) == first_cpu) {
if (env->aarch64) {
env->pc = info->loader_start;
diff --git a/include/hw/arm/arm.h b/include/hw/arm/arm.h
index cefc9e6..6659562 100644
--- a/include/hw/arm/arm.h
+++ b/include/hw/arm/arm.h
@@ -37,6 +37,10 @@ struct arm_boot_info {
hwaddr gic_cpu_if_addr;
int nb_cpus;
int board_id;
+ /* ARM machines that support security extensions use this field to control
+ * whether Linux is booted as securei(true) or non-secure(false).
+ */
+ bool secure_boot;
int (*atag_board)(const struct arm_boot_info *info, void *p);
/* multicore boards that use the default secondary core boot functions
* can ignore these two function calls. If the default functions won't
--
1.8.3.2
next prev parent reply other threads:[~2014-12-11 23:30 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-11 23:29 [Qemu-devel] [PATCH v2 00/15] target-arm: Add CPU security extension enablement Greg Bellows
2014-12-11 23:29 ` [Qemu-devel] [PATCH v2 01/15] target-arm: Add vexpress class and machine types Greg Bellows
2014-12-15 16:54 ` Peter Maydell
2014-12-11 23:29 ` [Qemu-devel] [PATCH v2 02/15] target-arm: Add vexpress a9 & a15 machine objects Greg Bellows
2014-12-15 16:54 ` Peter Maydell
2014-12-11 23:29 ` [Qemu-devel] [PATCH v2 03/15] target-arm: Switch to common vexpress machine init Greg Bellows
2014-12-15 16:55 ` Peter Maydell
2014-12-11 23:29 ` [Qemu-devel] [PATCH v2 04/15] target-arm: Add vexpress machine secure property Greg Bellows
2014-12-15 17:11 ` Peter Maydell
2014-12-15 17:46 ` Greg Bellows
2014-12-11 23:29 ` [Qemu-devel] [PATCH v2 05/15] target-arm: Change vexpress daughterboard init arg Greg Bellows
2014-12-15 16:55 ` Peter Maydell
2014-12-11 23:29 ` [Qemu-devel] [PATCH v2 06/15] target-arm: Add virt class and machine types Greg Bellows
2014-12-15 16:56 ` Peter Maydell
2014-12-11 23:29 ` [Qemu-devel] [PATCH v2 07/15] target-arm: Add virt machine secure property Greg Bellows
2014-12-15 17:12 ` Peter Maydell
2014-12-15 17:51 ` Greg Bellows
2014-12-11 23:29 ` [Qemu-devel] [PATCH v2 08/15] target-arm: Add feature unset function Greg Bellows
2014-12-11 23:29 ` [Qemu-devel] [PATCH v2 09/15] target-arm: Add ARMCPU secure property Greg Bellows
2014-12-15 17:01 ` Peter Maydell
2014-12-15 17:18 ` Greg Bellows
2014-12-15 17:21 ` Peter Maydell
2014-12-15 17:34 ` Greg Bellows
2014-12-11 23:29 ` Greg Bellows [this message]
2014-12-15 17:04 ` [Qemu-devel] [PATCH v2 10/15] target-arm: Add arm_boot_info secure_boot control Peter Maydell
2014-12-15 17:23 ` Greg Bellows
2014-12-11 23:29 ` [Qemu-devel] [PATCH v2 11/15] target-arm: Enable CPU has_el3 prop during VE init Greg Bellows
2014-12-15 17:06 ` Peter Maydell
2014-12-15 17:44 ` Greg Bellows
2014-12-11 23:29 ` [Qemu-devel] [PATCH v2 12/15] target-arm: Set CPU has_el3 prop during virt init Greg Bellows
2014-12-15 17:07 ` Peter Maydell
2014-12-15 17:44 ` Greg Bellows
2014-12-11 23:29 ` [Qemu-devel] [PATCH v2 13/15] target-arm: Breakout integratorcp and versatilepb cpu init Greg Bellows
2014-12-15 17:08 ` Peter Maydell
2014-12-11 23:29 ` [Qemu-devel] [PATCH v2 14/15] target-arm: Disable EL3 on unsupported machines Greg Bellows
2014-12-15 17:09 ` Peter Maydell
2014-12-15 21:45 ` Greg Bellows
2014-12-15 22:39 ` Peter Maydell
2014-12-11 23:29 ` [Qemu-devel] [PATCH v2 15/15] target-arm: add cpu feature EL3 to CPUs with Security Extensions Greg Bellows
2014-12-15 17:10 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1418340569-30519-11-git-send-email-greg.bellows@linaro.org \
--to=greg.bellows@linaro.org \
--cc=aggelerf@ethz.ch \
--cc=edgar.iglesias@gmail.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=serge.fdrv@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).