From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>,
"Peter Crosthwaite" <peter.crosthwaite@xilinx.com>,
"Andreas Färber" <afaerber@suse.de>,
patches@linaro.org
Subject: [Qemu-devel] [PATCH v2 5/6] hw/arm/virt: Default to not providing TrustZone support
Date: Thu, 16 Jul 2015 21:11:12 +0100 [thread overview]
Message-ID: <1437077473-4532-6-git-send-email-peter.maydell@linaro.org> (raw)
In-Reply-To: <1437077473-4532-1-git-send-email-peter.maydell@linaro.org>
Switch the default for the 'virt' board to not providing TrustZone
support in either the CPU or the GIC. This is primarily for the
benefit of UEFI, which currently assumes there is no TrustZone
support, and does not set the GIC up correctly if it is TZ-aware.
It also means the board is consistent about its behaviour whether
we're using KVM or TCG (KVM never has TrustZone support).
If TrustZone support is required (for instance for running test
suites or TZ-aware firmware) it can be enabled with the
"-machine secure=on" command line option.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/arm/virt.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 95b1a9a..2bcf565 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -946,8 +946,11 @@ static void virt_instance_init(Object *obj)
{
VirtMachineState *vms = VIRT_MACHINE(obj);
- /* EL3 is enabled by default on virt */
- vms->secure = true;
+ /* EL3 is disabled by default on virt: this makes us consistent
+ * between KVM and TCG for this board, and it also allows us to
+ * boot UEFI blobs which assume no TrustZone support.
+ */
+ vms->secure = false;
object_property_add_bool(obj, "secure", virt_get_secure,
virt_set_secure, NULL);
object_property_set_description(obj, "secure",
--
1.9.1
next prev parent reply other threads:[~2015-07-16 20:21 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-16 20:11 [Qemu-devel] [PATCH v2 0/6] ARM: enable TZ in the GIC Peter Maydell
2015-07-16 20:11 ` [Qemu-devel] [PATCH v2 1/6] qom: Add recursive version of object_child_for_each Peter Maydell
2015-07-16 20:11 ` [Qemu-devel] [PATCH v2 2/6] hw/arm: new interface for devices which need to behave differently for kernel boot Peter Maydell
2015-07-18 3:55 ` Peter Crosthwaite
2015-07-18 9:00 ` Peter Maydell
2015-08-14 12:44 ` Peter Maydell
2015-08-14 12:48 ` Peter Maydell
2015-07-16 20:11 ` [Qemu-devel] [PATCH v2 3/6] hw/intc/arm_gic_common: Configure IRQs as NS if doing direct NS " Peter Maydell
2015-07-18 3:57 ` Peter Crosthwaite
2015-07-16 20:11 ` [Qemu-devel] [PATCH v2 4/6] hw/cpu/{a15mpcore, a9mpcore}: enable TrustZone in GIC if it is enabled in CPUs Peter Maydell
2015-07-18 4:00 ` Peter Crosthwaite
2015-07-16 20:11 ` Peter Maydell [this message]
2015-07-18 4:02 ` [Qemu-devel] [PATCH v2 5/6] hw/arm/virt: Default to not providing TrustZone support Peter Crosthwaite
2015-07-16 20:11 ` [Qemu-devel] [PATCH v2 6/6] hw/arm/virt: Enable TZ extensions on the GIC if we are using them Peter Maydell
2015-07-18 4:04 ` Peter Crosthwaite
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1437077473-4532-6-git-send-email-peter.maydell@linaro.org \
--to=peter.maydell@linaro.org \
--cc=afaerber@suse.de \
--cc=edgar.iglesias@gmail.com \
--cc=patches@linaro.org \
--cc=peter.crosthwaite@xilinx.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).