[Qemu-devel] [PATCH v4 00/15] target-arm: Add CPU security extension enablement

[Greg Bellows <greg.bellows@linaro.org>]

This patchset adds functionality for enabling the ARM CPU security extensions.
At this time, the only machines supported are Versatile Express and the QEMU
ARM virtual machines both with Cortex A9 & A15.

The patchset establishes the default security state along with adding
overriding controls of the state.  Booting with the "-kernel" QEMU command line
option will start by default in non-secure state with EL3 support disabled.
Booting with the "-bios" QEMU command line option will default to
secure state with EL3 features enabled.  An added "secure" machine property
may be set to either 'on' or 'off' to override this default behavior.  For
example, the below command line syntax would disable security extensions...

    aarch64-softmmu/qemu-system-aarch64
            -machine type=vexpress-a15,secure=off -kernel ...

In order to add the machine specific 'secure' property, the vexpress machine
object creation functionality needed to be updated.  The existing QEMU machine
mechanism was replaced with proper type, class, and instance usage.

This patchset is dependent on the following two patchsets for proper operation.
Add these prior to adding this patchset.

    <1418217570-15517-1-git-send-email-marcel.a@redhat.com>
    <1418406450-14961-1-git-send-email-greg.bellows@linaro.org>

v3 -> v4
- Fix botched message change, move to correct patch.

v2 -> v3
- Ignore missing has_el3 errors
- Revise secure machine property description
- Fix has_el3 initialization
- Fix typos

v1 -> v2
- Added disablement of CPU EL3 on all machines that could potentially use an
  EL3 enabled CPU.
- Switched/Added default states for vexpress and virt machines
- Made the vexpress machine type abstract
- Removed static declaration of the machine property
- Renamed CPU "secure" property to "has_el3"
- Added arm_boot_info secure_boot field to communicate whether the secure state
  on a Linux boot needs to be updated.  By default Vexpress defaults to secure
  and virt defaults to non-secure.

Fabian Aggeler (1):
  target-arm: add cpu feature EL3 to CPUs with Security Extensions

Greg Bellows (14):
  target-arm: Add vexpress class and machine types
  target-arm: Add vexpress a9 & a15 machine objects
  target-arm: Switch to common vexpress machine init
  target-arm: Add vexpress machine secure property
  target-arm: Change vexpress daughterboard init arg
  target-arm: Add virt class and machine types
  target-arm: Add virt machine secure property
  target-arm: Add feature unset function
  target-arm: Add ARMCPU secure property
  target-arm: Add arm_boot_info secure_boot control
  target-arm: Enable CPU has_el3 prop during VE init
  target-arm: Set CPU has_el3 prop during virt init
  target-arm: Breakout integratorcp and versatilepb cpu init
  target-arm: Disable EL3 on unsupported machines

 hw/arm/boot.c         |  10 ++++
 hw/arm/exynos4210.c   |  11 ++++
 hw/arm/highbank.c     |  12 +++++
 hw/arm/integratorcp.c |  31 ++++++++++-
 hw/arm/realview.c     |  12 +++++
 hw/arm/versatilepb.c  |  32 +++++++++++-
 hw/arm/vexpress.c     | 141 ++++++++++++++++++++++++++++++++++++++++----------
 hw/arm/virt.c         |  75 ++++++++++++++++++++++++---
 hw/arm/xilinx_zynq.c  |  12 +++++
 include/hw/arm/arm.h  |   4 ++
 target-arm/cpu-qom.h  |   2 +
 target-arm/cpu.c      |  32 ++++++++++++
 12 files changed, 336 insertions(+), 38 deletions(-)

-- 
1.8.3.2