From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:51136)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <cov@codeaurora.org>) id 1Wn9A4-0003Wa-N8
	for qemu-devel@nongnu.org; Wed, 21 May 2014 12:14:42 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <cov@codeaurora.org>) id 1Wn99y-0005Yf-QZ
	for qemu-devel@nongnu.org; Wed, 21 May 2014 12:14:36 -0400
Received: from smtp.codeaurora.org ([198.145.11.231]:34281)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <cov@codeaurora.org>) id 1Wn99y-0005YT-Kg
	for qemu-devel@nongnu.org; Wed, 21 May 2014 12:14:30 -0400
Message-ID: <537CD0E3.2090006@codeaurora.org>
Date: Wed, 21 May 2014 12:14:27 -0400
From: Christopher Covington <cov@codeaurora.org>
MIME-Version: 1.0
References: <1399997768-32014-1-git-send-email-aggelerf@ethz.ch>
	<1399997768-32014-2-git-send-email-aggelerf@ethz.ch>
	<CAFEAcA_zqs8GY1LgNw9YoYqGoJhADqS8ke_BYD02=XLT1ChSeg@mail.gmail.com>
In-Reply-To: <CAFEAcA_zqs8GY1LgNw9YoYqGoJhADqS8ke_BYD02=XLT1ChSeg@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH v2 01/23] target-arm: add new CPU feature
 for Security Extensions
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Fabian Aggeler <aggelerf@ethz.ch>, Svetlana Fedoseeva <s.fedoseeva@samsung.com>, Sergey Fedorov <s.fedorov@samsung.com>, QEMU Developers <qemu-devel@nongnu.org>, "Edgar E. Iglesias" <edgar.iglesias@gmail.com>

Hi Peter,

On 05/21/2014 10:46 AM, Peter Maydell wrote:
> On 13 May 2014 17:15, Fabian Aggeler <aggelerf@ethz.ch> wrote:
>> From: Svetlana Fedoseeva <s.fedoseeva@samsung.com>
>>
>> Define Security Extensions CPU feature. Set that feature for relevant CPUs.
> 
> This is potentially tricky because it means that CPUs which we were
> previously implementing without TZ now boot up with TZ and in
> Secure mode; I think this is probably the right thing but we'll need
> to check that we don't break guests which were really expecting
> to run in NS.
> 
> (Also I'm not sure what the semantics of -kernel should be for
> TZ-supporting CPUs -- boot the kernel in S or NS ?)

While Linux works in secure mode, non-secure hypervisor mode is required for
KVM to work in the guest.

"[Entry] in HYP mode ... is the recommended boot method ...."

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/arm/Booting#n183

Christopher

-- 
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
hosted by the Linux Foundation.