[Qemu-devel] [PATCH v3 00/15] target-arm: Add CPU security extension enablement

[Qemu-devel] [PATCH v3 00/15] target-arm: Add CPU security extension enablement

[Greg Bellows]

This patchset adds functionality for enabling the ARM CPU security extensions.
At this time, the only machines supported are Versatile Express and the QEMU
ARM virtual machines both with Cortex A9 & A15.

The patchset establishes the default security state along with adding
overriding controls of the state.  Booting with the "-kernel" QEMU command line
option will start by default in non-secure state with EL3 support disabled.
Booting with the "-bios" QEMU command line option will default to
secure state with EL3 features enabled.  An added "secure" machine property
may be set to either 'on' or 'off' to override this default behavior.  For
example, the below command line syntax would enable security extensions...

    aarch64-softmmu/qemu-system-aarch64
            -machine type=vexpress-a15,secure=off -kernel ...

In order to add the machine specific 'secure' property, the vexpress machine
object creation functionality needed to be updated.  The existing QEMU machine
mechanism was replaced with proper type, class, and instance usage.

This patchset is dependent on the following two patchsets for proper operation.
Add these prior to adding this patchset.

    <1418217570-15517-1-git-send-email-marcel.a@redhat.com>
    <1418406450-14961-1-git-send-email-greg.bellows@linaro.org>

v2 -> v3
- Ignore missing has_el3 errors
- Revise secure machine property description
- Fix has_el3 initialization
- Fix typos

v1 -> v2
- Added disablement of CPU EL3 on all machines that could potentially use an
  EL3 enabled CPU.
- Switched/Added default states for vexpress and virt machines
- Made the vexpress machine type abstract
- Removed static declaration of the machine property
- Renamed CPU "secure" property to "has_el3"
- Added arm_boot_info secure_boot field to communicate whether the secure state
  on a Linux boot needs to be updated.  By default Vexpress defaults to secure
  and virt defaults to non-secure.

Fabian Aggeler (1):
  target-arm: add cpu feature EL3 to CPUs with Security Extensions

Greg Bellows (14):
  target-arm: Add vexpress class and machine types
  target-arm: Add vexpress a9 & a15 machine objects
  target-arm: Switch to common vexpress machine init
  target-arm: Add vexpress machine secure property
  target-arm: Change vexpress daughterboard init arg
  target-arm: Add virt class and machine types
  target-arm: Add virt machine secure property
  target-arm: Add feature unset function
  target-arm: Add ARMCPU secure property
  target-arm: Add arm_boot_info secure_boot control
  target-arm: Enable CPU has_el3 prop during VE init
  target-arm: Set CPU has_el3 prop during virt init
  target-arm: Breakout integratorcp and versatilepb cpu init
  target-arm: Disable EL3 on unsupported machines

 hw/arm/boot.c         |  10 ++++
 hw/arm/exynos4210.c   |  11 ++++
 hw/arm/highbank.c     |  12 +++++
 hw/arm/integratorcp.c |  31 ++++++++++-
 hw/arm/realview.c     |  12 +++++
 hw/arm/versatilepb.c  |  32 +++++++++++-
 hw/arm/vexpress.c     | 141 ++++++++++++++++++++++++++++++++++++++++----------
 hw/arm/virt.c         |  75 ++++++++++++++++++++++++---
 hw/arm/xilinx_zynq.c  |  12 +++++
 include/hw/arm/arm.h  |   4 ++
 target-arm/cpu-qom.h  |   2 +
 target-arm/cpu.c      |  32 ++++++++++++
 12 files changed, 336 insertions(+), 38 deletions(-)

--
1.8.3.2

[Qemu-devel] [PATCH v3 01/15] target-arm: Add vexpress class and machine types

[Greg Bellows]

Adds base Vexpress class and machine objects and infrastructure.  This is in
preparation for switching to the full QEMU object model.  The base vexpress
infrastructure is intended to handle common vexpress details.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

---

v1 -> v2
- Made the vexpress class abstract
---
 hw/arm/vexpress.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
index 7cbd13f..01046c2 100644
--- a/hw/arm/vexpress.c
+++ b/hw/arm/vexpress.c
@@ -157,6 +157,23 @@ static hwaddr motherboard_aseries_map[] = {
 
 typedef struct VEDBoardInfo VEDBoardInfo;
 
+typedef struct {
+    MachineClass parent;
+    VEDBoardInfo *daughterboard;
+} VexpressMachineClass;
+
+typedef struct {
+    MachineState parent;
+} VexpressMachineState;
+
+#define TYPE_VEXPRESS_MACHINE   "vexpress"
+#define VEXPRESS_MACHINE(obj) \
+    OBJECT_CHECK(VexpressMachineState, (obj), TYPE_VEXPRESS_MACHINE)
+#define VEXPRESS_MACHINE_GET_CLASS(obj) \
+    OBJECT_GET_CLASS(VexpressMachineClass, obj, TYPE_VEXPRESS_MACHINE)
+#define VEXPRESS_MACHINE_CLASS(klass) \
+    OBJECT_CLASS_CHECK(VexpressMachineClass, klass, TYPE_VEXPRESS_MACHINE)
+
 typedef void DBoardInitFn(const VEDBoardInfo *daughterboard,
                           ram_addr_t ram_size,
                           const char *cpu_model,
@@ -681,6 +698,13 @@ static void vexpress_common_init(VEDBoardInfo *daughterboard,
     arm_load_kernel(ARM_CPU(first_cpu), &daughterboard->bootinfo);
 }
 
+static void vexpress_init(MachineState *machine)
+{
+    VexpressMachineClass *vmc = VEXPRESS_MACHINE_GET_CLASS(machine);
+
+    vexpress_common_init(vmc->daughterboard, machine);
+}
+
 static void vexpress_a9_init(MachineState *machine)
 {
     vexpress_common_init(&a9_daughterboard, machine);
@@ -691,6 +715,26 @@ static void vexpress_a15_init(MachineState *machine)
     vexpress_common_init(&a15_daughterboard, machine);
 }
 
+static void vexpress_class_init(ObjectClass *oc, void *data)
+{
+    MachineClass *mc = MACHINE_CLASS(oc);
+
+    mc->name = TYPE_VEXPRESS_MACHINE;
+    mc->desc = "ARM Versatile Express";
+    mc->init = vexpress_init;
+    mc->block_default_type = IF_SCSI;
+    mc->max_cpus = 4;
+}
+
+static const TypeInfo vexpress_info = {
+    .name = TYPE_VEXPRESS_MACHINE,
+    .parent = TYPE_MACHINE,
+    .abstract = true,
+    .instance_size = sizeof(VexpressMachineState),
+    .class_size = sizeof(VexpressMachineClass),
+    .class_init = vexpress_class_init,
+};
+
 static QEMUMachine vexpress_a9_machine = {
     .name = "vexpress-a9",
     .desc = "ARM Versatile Express for Cortex-A9",
@@ -709,6 +753,7 @@ static QEMUMachine vexpress_a15_machine = {
 
 static void vexpress_machine_init(void)
 {
+    type_register_static(&vexpress_info);
     qemu_register_machine(&vexpress_a9_machine);
     qemu_register_machine(&vexpress_a15_machine);
 }
-- 
1.8.3.2

[Qemu-devel] [PATCH v3 02/15] target-arm: Add vexpress a9 & a15 machine objects

[Greg Bellows]

Add Vexpress machine objects for the the Cortex A9 & A15 variants.  The older
style QEMUMachine types were replaced with dedicated TypeInfo objects. The new
objects include dedicated class init functions that currently ustilze dedicated
machine init methods.  The previous qemu_register_machine calls were replaced
with the newer type_register_status calls.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/vexpress.c | 50 ++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 36 insertions(+), 14 deletions(-)

diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
index 01046c2..8f22696 100644
--- a/hw/arm/vexpress.c
+++ b/hw/arm/vexpress.c
@@ -167,6 +167,8 @@ typedef struct {
 } VexpressMachineState;
 
 #define TYPE_VEXPRESS_MACHINE   "vexpress"
+#define TYPE_VEXPRESS_A9_MACHINE   "vexpress-a9"
+#define TYPE_VEXPRESS_A15_MACHINE   "vexpress-a15"
 #define VEXPRESS_MACHINE(obj) \
     OBJECT_CHECK(VexpressMachineState, (obj), TYPE_VEXPRESS_MACHINE)
 #define VEXPRESS_MACHINE_GET_CLASS(obj) \
@@ -726,6 +728,30 @@ static void vexpress_class_init(ObjectClass *oc, void *data)
     mc->max_cpus = 4;
 }
 
+static void vexpress_a9_class_init(ObjectClass *oc, void *data)
+{
+    MachineClass *mc = MACHINE_CLASS(oc);
+    VexpressMachineClass *vmc = VEXPRESS_MACHINE_CLASS(oc);
+
+    mc->name = TYPE_VEXPRESS_A9_MACHINE;
+    mc->desc = "ARM Versatile Express for Cortex-A9";
+    mc->init = vexpress_a9_init;
+
+    vmc->daughterboard = &a9_daughterboard;;
+}
+
+static void vexpress_a15_class_init(ObjectClass *oc, void *data)
+{
+    MachineClass *mc = MACHINE_CLASS(oc);
+    VexpressMachineClass *vmc = VEXPRESS_MACHINE_CLASS(oc);
+
+    mc->name = TYPE_VEXPRESS_A15_MACHINE;
+    mc->desc = "ARM Versatile Express for Cortex-A15";
+    mc->init = vexpress_a15_init;
+
+    vmc->daughterboard = &a15_daughterboard;
+}
+
 static const TypeInfo vexpress_info = {
     .name = TYPE_VEXPRESS_MACHINE,
     .parent = TYPE_MACHINE,
@@ -735,27 +761,23 @@ static const TypeInfo vexpress_info = {
     .class_init = vexpress_class_init,
 };
 
-static QEMUMachine vexpress_a9_machine = {
-    .name = "vexpress-a9",
-    .desc = "ARM Versatile Express for Cortex-A9",
-    .init = vexpress_a9_init,
-    .block_default_type = IF_SCSI,
-    .max_cpus = 4,
+static const TypeInfo vexpress_a9_info = {
+    .name = TYPE_VEXPRESS_A9_MACHINE,
+    .parent = TYPE_VEXPRESS_MACHINE,
+    .class_init = vexpress_a9_class_init,
 };
 
-static QEMUMachine vexpress_a15_machine = {
-    .name = "vexpress-a15",
-    .desc = "ARM Versatile Express for Cortex-A15",
-    .init = vexpress_a15_init,
-    .block_default_type = IF_SCSI,
-    .max_cpus = 4,
+static const TypeInfo vexpress_a15_info = {
+    .name = TYPE_VEXPRESS_A15_MACHINE,
+    .parent = TYPE_VEXPRESS_MACHINE,
+    .class_init = vexpress_a15_class_init,
 };
 
 static void vexpress_machine_init(void)
 {
     type_register_static(&vexpress_info);
-    qemu_register_machine(&vexpress_a9_machine);
-    qemu_register_machine(&vexpress_a15_machine);
+    type_register_static(&vexpress_a9_info);
+    type_register_static(&vexpress_a15_info);
 }
 
 machine_init(vexpress_machine_init);
-- 
1.8.3.2

[Qemu-devel] [PATCH v3 03/15] target-arm: Switch to common vexpress machine init

[Greg Bellows]

Switched the Vexpress machine initialization to use the common function with
the machine pointer to board info.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/vexpress.c | 26 ++++----------------------
 1 file changed, 4 insertions(+), 22 deletions(-)

diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
index 8f22696..a03cb52 100644
--- a/hw/arm/vexpress.c
+++ b/hw/arm/vexpress.c
@@ -532,9 +532,10 @@ static pflash_t *ve_pflash_cfi01_register(hwaddr base, const char *name,
     return OBJECT_CHECK(pflash_t, (dev), "cfi.pflash01");
 }
 
-static void vexpress_common_init(VEDBoardInfo *daughterboard,
-                                 MachineState *machine)
+static void vexpress_common_init(MachineState *machine)
 {
+    VexpressMachineClass *vmc = VEXPRESS_MACHINE_GET_CLASS(machine);
+    VEDBoardInfo *daughterboard = vmc->daughterboard;;
     DeviceState *dev, *sysctl, *pl041;
     qemu_irq pic[64];
     uint32_t sys_id;
@@ -700,30 +701,13 @@ static void vexpress_common_init(VEDBoardInfo *daughterboard,
     arm_load_kernel(ARM_CPU(first_cpu), &daughterboard->bootinfo);
 }
 
-static void vexpress_init(MachineState *machine)
-{
-    VexpressMachineClass *vmc = VEXPRESS_MACHINE_GET_CLASS(machine);
-
-    vexpress_common_init(vmc->daughterboard, machine);
-}
-
-static void vexpress_a9_init(MachineState *machine)
-{
-    vexpress_common_init(&a9_daughterboard, machine);
-}
-
-static void vexpress_a15_init(MachineState *machine)
-{
-    vexpress_common_init(&a15_daughterboard, machine);
-}
-
 static void vexpress_class_init(ObjectClass *oc, void *data)
 {
     MachineClass *mc = MACHINE_CLASS(oc);
 
     mc->name = TYPE_VEXPRESS_MACHINE;
     mc->desc = "ARM Versatile Express";
-    mc->init = vexpress_init;
+    mc->init = vexpress_common_init;
     mc->block_default_type = IF_SCSI;
     mc->max_cpus = 4;
 }
@@ -735,7 +719,6 @@ static void vexpress_a9_class_init(ObjectClass *oc, void *data)
 
     mc->name = TYPE_VEXPRESS_A9_MACHINE;
     mc->desc = "ARM Versatile Express for Cortex-A9";
-    mc->init = vexpress_a9_init;
 
     vmc->daughterboard = &a9_daughterboard;;
 }
@@ -747,7 +730,6 @@ static void vexpress_a15_class_init(ObjectClass *oc, void *data)
 
     mc->name = TYPE_VEXPRESS_A15_MACHINE;
     mc->desc = "ARM Versatile Express for Cortex-A15";
-    mc->init = vexpress_a15_init;
 
     vmc->daughterboard = &a15_daughterboard;
 }
-- 
1.8.3.2

[Qemu-devel] [PATCH v3 04/15] target-arm: Add vexpress machine secure property

[Greg Bellows]

Add "secure" Vexpress machine specific property to allow override of the
default secure state configuration.  By default, when using the QEMU
-kernel command line argument, Vexpress machines boot into NS/SVC.  When using
the QEMU -bios command line argument, Vexpress machines boot into S/SVC.

The secure state can be changed from the default specifying the secure
state as a machine property.  For example, the below command line would enable
secure state on a -linux boot:

    aarch64-softmmu/qemu-system-aarch64
        -machine type=vexpress-a15,secure=off
        -kernel ...

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

---

v1 -> v2
- Adapt the machine secure property to Marcel's new dynamic registration
- Change the default machine secure property to true (on).
---
 hw/arm/vexpress.c | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
index a03cb52..7b34f44 100644
--- a/hw/arm/vexpress.c
+++ b/hw/arm/vexpress.c
@@ -164,6 +164,7 @@ typedef struct {
 
 typedef struct {
     MachineState parent;
+    bool secure;
 } VexpressMachineState;
 
 #define TYPE_VEXPRESS_MACHINE   "vexpress"
@@ -701,6 +702,33 @@ static void vexpress_common_init(MachineState *machine)
     arm_load_kernel(ARM_CPU(first_cpu), &daughterboard->bootinfo);
 }
 
+static bool vexpress_get_secure(Object *obj, Error **errp)
+{
+    VexpressMachineState *vms = VEXPRESS_MACHINE(obj);
+
+    return vms->secure;
+}
+
+static void vexpress_set_secure(Object *obj, bool value, Error **errp)
+{
+    VexpressMachineState *vms = VEXPRESS_MACHINE(obj);
+
+    vms->secure = value;
+}
+
+static void vexpress_instance_init(Object *obj)
+{
+    VexpressMachineState *vms = VEXPRESS_MACHINE(obj);
+
+    /* EL3 is enabled by default on vexpress */
+    vms->secure = true;
+    object_property_add_bool(obj, "secure", vexpress_get_secure,
+                             vexpress_set_secure, NULL);
+    object_property_set_description(obj, "secure",
+                             "Set on/off to enable/disable secure state",
+                             NULL);
+}
+
 static void vexpress_class_init(ObjectClass *oc, void *data)
 {
     MachineClass *mc = MACHINE_CLASS(oc);
@@ -739,6 +767,7 @@ static const TypeInfo vexpress_info = {
     .parent = TYPE_MACHINE,
     .abstract = true,
     .instance_size = sizeof(VexpressMachineState),
+    .instance_init = vexpress_instance_init,
     .class_size = sizeof(VexpressMachineClass),
     .class_init = vexpress_class_init,
 };
-- 
1.8.3.2

[Qemu-devel] [PATCH v3 05/15] target-arm: Change vexpress daughterboard init arg

[Greg Bellows]

Change the Vexpress daughterboard initialization method to take a vexpress
machine state pointer instead of the daughterboard struct pointer.  The machine
state now contains the daughterboard pointer.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/vexpress.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
index 7b34f44..c82c32e 100644
--- a/hw/arm/vexpress.c
+++ b/hw/arm/vexpress.c
@@ -177,7 +177,7 @@ typedef struct {
 #define VEXPRESS_MACHINE_CLASS(klass) \
     OBJECT_CLASS_CHECK(VexpressMachineClass, klass, TYPE_VEXPRESS_MACHINE)
 
-typedef void DBoardInitFn(const VEDBoardInfo *daughterboard,
+typedef void DBoardInitFn(const VexpressMachineState *machine,
                           ram_addr_t ram_size,
                           const char *cpu_model,
                           qemu_irq *pic);
@@ -252,7 +252,7 @@ static void init_cpus(const char *cpu_model, const char *privdev,
     }
 }
 
-static void a9_daughterboard_init(const VEDBoardInfo *daughterboard,
+static void a9_daughterboard_init(const VexpressMachineState *vms,
                                   ram_addr_t ram_size,
                                   const char *cpu_model,
                                   qemu_irq *pic)
@@ -342,7 +342,7 @@ static VEDBoardInfo a9_daughterboard = {
     .init = a9_daughterboard_init,
 };
 
-static void a15_daughterboard_init(const VEDBoardInfo *daughterboard,
+static void a15_daughterboard_init(const VexpressMachineState *vms,
                                    ram_addr_t ram_size,
                                    const char *cpu_model,
                                    qemu_irq *pic)
@@ -535,6 +535,7 @@ static pflash_t *ve_pflash_cfi01_register(hwaddr base, const char *name,
 
 static void vexpress_common_init(MachineState *machine)
 {
+    VexpressMachineState *vms = VEXPRESS_MACHINE(machine);
     VexpressMachineClass *vmc = VEXPRESS_MACHINE_GET_CLASS(machine);
     VEDBoardInfo *daughterboard = vmc->daughterboard;;
     DeviceState *dev, *sysctl, *pl041;
@@ -551,8 +552,7 @@ static void vexpress_common_init(MachineState *machine)
     const hwaddr *map = daughterboard->motherboard_map;
     int i;
 
-    daughterboard->init(daughterboard, machine->ram_size, machine->cpu_model,
-                        pic);
+    daughterboard->init(vms, machine->ram_size, machine->cpu_model, pic);
 
     /*
      * If a bios file was provided, attempt to map it into memory
-- 
1.8.3.2

[Qemu-devel] [PATCH v3 06/15] target-arm: Add virt class and machine types

[Greg Bellows]

Switch virt qemu machine support to use the newer object type, class, and
instance model.  Added virt TypeInfo with static registration along with virt
specific class and machine structs.  Also added virt class initialization
method.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/virt.c | 40 ++++++++++++++++++++++++++++++++++------
 1 file changed, 34 insertions(+), 6 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 314e55b..b6bb914 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -86,6 +86,23 @@ typedef struct VirtBoardInfo {
     uint32_t clock_phandle;
 } VirtBoardInfo;
 
+typedef struct {
+    MachineClass parent;
+    VirtBoardInfo *daughterboard;
+} VirtMachineClass;
+
+typedef struct {
+    MachineState parent;
+} VirtMachineState;
+
+#define TYPE_VIRT_MACHINE   "virt"
+#define VIRT_MACHINE(obj) \
+    OBJECT_CHECK(VirtMachineState, (obj), TYPE_VIRT_MACHINE)
+#define VIRT_MACHINE_GET_CLASS(obj) \
+    OBJECT_GET_CLASS(VirtMachineClass, obj, TYPE_VIRT_MACHINE)
+#define VIRT_MACHINE_CLASS(klass) \
+    OBJECT_CLASS_CHECK(VirtMachineClass, klass, TYPE_VIRT_MACHINE)
+
 /* Addresses and sizes of our components.
  * 0..128MB is space for a flash device so we can run bootrom code such as UEFI.
  * 128MB..256MB is used for miscellaneous device I/O.
@@ -615,16 +632,27 @@ static void machvirt_init(MachineState *machine)
     arm_load_kernel(ARM_CPU(first_cpu), &vbi->bootinfo);
 }
 
-static QEMUMachine machvirt_a15_machine = {
-    .name = "virt",
-    .desc = "ARM Virtual Machine",
-    .init = machvirt_init,
-    .max_cpus = 8,
+static void virt_class_init(ObjectClass *oc, void *data)
+{
+    MachineClass *mc = MACHINE_CLASS(oc);
+
+    mc->name = TYPE_VIRT_MACHINE;
+    mc->desc = "ARM Virtual Machine",
+    mc->init = machvirt_init;
+    mc->max_cpus = 8;
+}
+
+static const TypeInfo machvirt_info = {
+    .name = TYPE_VIRT_MACHINE,
+    .parent = TYPE_MACHINE,
+    .instance_size = sizeof(VirtMachineState),
+    .class_size = sizeof(VirtMachineClass),
+    .class_init = virt_class_init,
 };
 
 static void machvirt_machine_init(void)
 {
-    qemu_register_machine(&machvirt_a15_machine);
+    type_register_static(&machvirt_info);
 }
 
 machine_init(machvirt_machine_init);
-- 
1.8.3.2

[Qemu-devel] [PATCH v3 07/15] target-arm: Add virt machine secure property

[Greg Bellows]

Add "secure" virt machine specific property to allow override of the
default secure state configuration.  By default, when using the QEMU
-kernel command line argument, virt machines boot into NS/SVC.  When using
the QEMU -bios command line argument, virt machines boot into S/SVC.

The secure state can be changed from the default specifying the secure
state as a machine property.  For example, the below command line would
enable secure state on a -linux boot:

    aarch64-softmmu/qemu-system-aarch64
        -machine type=virt,secure=off
        -kernel ...

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

---

v1 -> v2
- Adapt the machine secure property to Marcel's new dynamic registration
- Change the default machine secure property to true (on).
---
 hw/arm/virt.c | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index b6bb914..3eacc43 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -93,6 +93,7 @@ typedef struct {
 
 typedef struct {
     MachineState parent;
+    bool secure;
 } VirtMachineState;
 
 #define TYPE_VIRT_MACHINE   "virt"
@@ -632,6 +633,33 @@ static void machvirt_init(MachineState *machine)
     arm_load_kernel(ARM_CPU(first_cpu), &vbi->bootinfo);
 }
 
+static bool virt_get_secure(Object *obj, Error **errp)
+{
+    VirtMachineState *vms = VIRT_MACHINE(obj);
+
+    return vms->secure;
+}
+
+static void virt_set_secure(Object *obj, bool value, Error **errp)
+{
+    VirtMachineState *vms = VIRT_MACHINE(obj);
+
+    vms->secure = value;
+}
+
+static void virt_instance_init(Object *obj)
+{
+    VirtMachineState *vms = VIRT_MACHINE(obj);
+
+    /* EL3 is enabled by default on virt */
+    vms->secure = true;
+    object_property_add_bool(obj, "secure", virt_get_secure,
+                             virt_set_secure, NULL);
+    object_property_set_description(obj, "secure",
+                         "Set on/off to enable/disable secure state",
+                         NULL);
+}
+
 static void virt_class_init(ObjectClass *oc, void *data)
 {
     MachineClass *mc = MACHINE_CLASS(oc);
@@ -646,6 +674,7 @@ static const TypeInfo machvirt_info = {
     .name = TYPE_VIRT_MACHINE,
     .parent = TYPE_MACHINE,
     .instance_size = sizeof(VirtMachineState),
+    .instance_init = virt_instance_init,
     .class_size = sizeof(VirtMachineClass),
     .class_init = virt_class_init,
 };
-- 
1.8.3.2

[Qemu-devel] [PATCH v3 08/15] target-arm: Add feature unset function

[Greg Bellows]

Add an unset_feature() function to compliment the set_feature() function.  This
will be used to disable functions after they have been enabled during
initialization.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index d3db279..01afed2 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -327,6 +327,11 @@ static inline void set_feature(CPUARMState *env, int feature)
     env->features |= 1ULL << feature;
 }
 
+static inline void unset_feature(CPUARMState *env, int feature)
+{
+    env->features &= ~(1ULL << feature);
+}
+
 static void arm_cpu_initfn(Object *obj)
 {
     CPUState *cs = CPU(obj);
-- 
1.8.3.2

[Qemu-devel] [PATCH v3 09/15] target-arm: Add ARMCPU secure property

[Greg Bellows]

Added a "has_el3" state property to the ARMCPU descriptor.  This property
indicates whether the ARMCPU has security extensions enabled (EL3) or not.
By default it is disabled at this time.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>

---

v1 -> v2
- Added set of has_el3 to true when EL3 is enabled

v2 -> v3
- Properly init has_el3
- Fixed typo
---
 target-arm/cpu-qom.h |  2 ++
 target-arm/cpu.c     | 23 +++++++++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/target-arm/cpu-qom.h b/target-arm/cpu-qom.h
index dcfda7d..ed5a644 100644
--- a/target-arm/cpu-qom.h
+++ b/target-arm/cpu-qom.h
@@ -100,6 +100,8 @@ typedef struct ARMCPU {
     bool start_powered_off;
     /* CPU currently in PSCI powered-off state */
     bool powered_off;
+    /* CPU has security extension */
+    bool has_el3;
 
     /* PSCI conduit used to invoke PSCI methods
      * 0 - disabled, 1 - smc, 2 - hvc
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index 01afed2..069e090 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -388,6 +388,9 @@ static Property arm_cpu_reset_hivecs_property =
 static Property arm_cpu_rvbar_property =
             DEFINE_PROP_UINT64("rvbar", ARMCPU, rvbar, 0);
 
+static Property arm_cpu_has_el3_property =
+            DEFINE_PROP_BOOL("has_el3", ARMCPU, has_el3, true);
+
 static void arm_cpu_post_init(Object *obj)
 {
     ARMCPU *cpu = ARM_CPU(obj);
@@ -407,6 +410,14 @@ static void arm_cpu_post_init(Object *obj)
         qdev_property_add_static(DEVICE(obj), &arm_cpu_rvbar_property,
                                  &error_abort);
     }
+
+    if (arm_feature(&cpu->env, ARM_FEATURE_EL3)) {
+        /* Add the has_el3 state CPU property only if EL3 is allowed.  This will
+         * prevent "has_el3" from existing on CPUs which cannot support EL3.
+         */
+        qdev_property_add_static(DEVICE(obj), &arm_cpu_has_el3_property,
+                                 &error_abort);
+    }
 }
 
 static void arm_cpu_finalizefn(Object *obj)
@@ -476,6 +487,18 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
             cpu->reset_sctlr |= (1 << 13);
     }
 
+    if (!cpu->has_el3) {
+        /* If the has_el3 CPU property is disabled then we need to disable the
+         * feature.
+         */
+        unset_feature(env, ARM_FEATURE_EL3);
+
+        /* Disable the security extension feature bits in the processor feature
+         * register as well.  This is id_pfr1[7:4].
+         */
+        cpu->id_pfr1 &= ~0xf0;
+    }
+
     register_cp_regs_for_features(cpu);
     arm_cpu_register_gdb_regs_for_features(cpu);
 
-- 
1.8.3.2

[Qemu-devel] [PATCH v3 10/15] target-arm: Add arm_boot_info secure_boot control

[Greg Bellows]

Adds the secure_boot boolean field to the arm_boot_info descriptor.  This
fields is used to indicate whether Linux should boot into secure or non-secure
state if the ARM EL3 feature is enabled.  The default is to leave the CPU in an
unaltered reset state.  On EL3 enabled systems, the reset state is secure and
can be overridden by setting the added field to false.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>

---

v2 -> v3
- Fixed typos
---
 hw/arm/boot.c        | 10 ++++++++++
 include/hw/arm/arm.h |  4 ++++
 2 files changed, 14 insertions(+)

diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index e6a3c5b..c8d1d4e 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -457,6 +457,16 @@ static void do_cpu_reset(void *opaque)
                 env->thumb = info->entry & 1;
             }
         } else {
+            /* If we are booting Linux then we need to check whether we are
+             * booting into secure or non-secure state and adjust the state
+             * accordingly.  Out of reset, ARM is defined to be in secure state
+             * (SCR.NS = 0), we change that here if non-secure boot has been
+             * requested.
+             */
+            if (arm_feature(env, ARM_FEATURE_EL3) && !info->secure_boot) {
+                env->cp15.scr_el3 |= SCR_NS;
+            }
+
             if (CPU(cpu) == first_cpu) {
                 if (env->aarch64) {
                     env->pc = info->loader_start;
diff --git a/include/hw/arm/arm.h b/include/hw/arm/arm.h
index cefc9e6..e5a5d8c 100644
--- a/include/hw/arm/arm.h
+++ b/include/hw/arm/arm.h
@@ -37,6 +37,10 @@ struct arm_boot_info {
     hwaddr gic_cpu_if_addr;
     int nb_cpus;
     int board_id;
+    /* ARM machines that support the ARM Security Extensions use this field to
+     * control whether Linux is booted as secure(true) or non-secure(false).
+     */
+    bool secure_boot;
     int (*atag_board)(const struct arm_boot_info *info, void *p);
     /* multicore boards that use the default secondary core boot functions
      * can ignore these two function calls. If the default functions won't
-- 
1.8.3.2

[Qemu-devel] [PATCH v3 11/15] target-arm: Enable CPU has_el3 prop during VE init

[Greg Bellows]

Adds setting of the CPU has_el3 property based on the vexpress machine
secure state property during initialization.  This enables/disables EL3
state during start-up.  Changes include adding an additional secure state
boolean during vexpress CPU initialization.  Also enables the ARM secure boot
by default.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>

---

v1 -> v2
- Changes CPU property name from "secure" to "has_el3"
- Change conditional to handle machine state default of secure.  The check now
  checks if the machine secure property has been disabled which causes the CPU
  EL3 feautre to be disabled.
- Add setting of arm_boot_info.secure_boot to true

v2 -> v3
- Silently ignore error if "has_el3" does not exist.
- Revise secure machine property description
---
 hw/arm/vexpress.c | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
index c82c32e..19d1f00 100644
--- a/hw/arm/vexpress.c
+++ b/hw/arm/vexpress.c
@@ -167,6 +167,9 @@ typedef struct {
     bool secure;
 } VexpressMachineState;
 
+#define SECURE_PROP_DESC \
+    "Set on/off to enable/disable the ARM Security Extensions (TrustZone)"
+
 #define TYPE_VEXPRESS_MACHINE   "vexpress"
 #define TYPE_VEXPRESS_A9_MACHINE   "vexpress-a9"
 #define TYPE_VEXPRESS_A15_MACHINE   "vexpress-a15"
@@ -196,7 +199,7 @@ struct VEDBoardInfo {
 };
 
 static void init_cpus(const char *cpu_model, const char *privdev,
-                      hwaddr periphbase, qemu_irq *pic)
+                      hwaddr periphbase, qemu_irq *pic, bool secure)
 {
     ObjectClass *cpu_oc = cpu_class_by_name(TYPE_ARM_CPU, cpu_model);
     DeviceState *dev;
@@ -213,6 +216,10 @@ static void init_cpus(const char *cpu_model, const char *privdev,
         Object *cpuobj = object_new(object_class_get_name(cpu_oc));
         Error *err = NULL;
 
+        if (!secure) {
+            object_property_set_bool(cpuobj, false, "has_el3", &err);
+        }
+
         if (object_property_find(cpuobj, "reset-cbar", NULL)) {
             object_property_set_int(cpuobj, periphbase,
                                     "reset-cbar", &error_abort);
@@ -288,7 +295,7 @@ static void a9_daughterboard_init(const VexpressMachineState *vms,
     memory_region_add_subregion(sysmem, 0x60000000, ram);
 
     /* 0x1e000000 A9MPCore (SCU) private memory region */
-    init_cpus(cpu_model, "a9mpcore_priv", 0x1e000000, pic);
+    init_cpus(cpu_model, "a9mpcore_priv", 0x1e000000, pic, vms->secure);
 
     /* Daughterboard peripherals : 0x10020000 .. 0x20000000 */
 
@@ -374,7 +381,7 @@ static void a15_daughterboard_init(const VexpressMachineState *vms,
     memory_region_add_subregion(sysmem, 0x80000000, ram);
 
     /* 0x2c000000 A15MPCore private memory region (GIC) */
-    init_cpus(cpu_model, "a15mpcore_priv", 0x2c000000, pic);
+    init_cpus(cpu_model, "a15mpcore_priv", 0x2c000000, pic, vms->secure);
 
     /* A15 daughterboard peripherals: */
 
@@ -699,6 +706,8 @@ static void vexpress_common_init(MachineState *machine)
     daughterboard->bootinfo.smp_bootreg_addr = map[VE_SYSREGS] + 0x30;
     daughterboard->bootinfo.gic_cpu_if_addr = daughterboard->gic_cpu_if_addr;
     daughterboard->bootinfo.modify_dtb = vexpress_modify_dtb;
+    /* Indicate that when booting Linux we should be in secure state */
+    daughterboard->bootinfo.secure_boot = true;
     arm_load_kernel(ARM_CPU(first_cpu), &daughterboard->bootinfo);
 }
 
@@ -724,9 +733,7 @@ static void vexpress_instance_init(Object *obj)
     vms->secure = true;
     object_property_add_bool(obj, "secure", vexpress_get_secure,
                              vexpress_set_secure, NULL);
-    object_property_set_description(obj, "secure",
-                             "Set on/off to enable/disable secure state",
-                             NULL);
+    object_property_set_description(obj, "secure", SECURE_PROP_DESC, NULL);
 }
 
 static void vexpress_class_init(ObjectClass *oc, void *data)
-- 
1.8.3.2

[Qemu-devel] [PATCH v3 12/15] target-arm: Set CPU has_el3 prop during virt init

[Greg Bellows]

Adds setting of the CPU has_el3 property based on the virt machine
secure state property during initialization.  This enables/disables EL3
state during start-up.  Changes include adding an additional secure state
boolean during virt CPU initialization.  Also disables the ARM secure boot
by default.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>

---

v1 -> v2
- Changes CPU property name from "secure" to "has_el3"
- Change conditional to handle machine state default of secure.  The check
  now checks if the machine secure property has been disabled which causes the
  CPU EL3 feature to be disabled.
- Add setting of arm_boot_info.secure_boot to false

v2 -> v3
- Silently ignore error if "has_el3" does not exist
- Remove board initialization of secure_boot as it is implied.
- Revise secure machine property description
---
 hw/arm/virt.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 3eacc43..3a49ad0 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -96,6 +96,9 @@ typedef struct {
     bool secure;
 } VirtMachineState;
 
+#define SECURE_PROP_DESC \
+    "Set on/off to enable/disable the ARM Security Extensions (TrustZone)"
+
 #define TYPE_VIRT_MACHINE   "virt"
 #define VIRT_MACHINE(obj) \
     OBJECT_CHECK(VirtMachineState, (obj), TYPE_VIRT_MACHINE)
@@ -547,6 +550,7 @@ static void *machvirt_dtb(const struct arm_boot_info *binfo, int *fdt_size)
 
 static void machvirt_init(MachineState *machine)
 {
+    VirtMachineState *vms = VIRT_MACHINE(machine);
     qemu_irq pic[NUM_IRQS];
     MemoryRegion *sysmem = get_system_memory();
     int n;
@@ -584,6 +588,10 @@ static void machvirt_init(MachineState *machine)
         }
         cpuobj = object_new(object_class_get_name(oc));
 
+        if (!vms->secure) {
+            object_property_set_bool(cpuobj, false, "has_el3", NULL);
+        }
+
         object_property_set_int(cpuobj, QEMU_PSCI_CONDUIT_HVC, "psci-conduit",
                                 NULL);
 
@@ -655,9 +663,7 @@ static void virt_instance_init(Object *obj)
     vms->secure = true;
     object_property_add_bool(obj, "secure", virt_get_secure,
                              virt_set_secure, NULL);
-    object_property_set_description(obj, "secure",
-                         "Set on/off to enable/disable secure state",
-                         NULL);
+    object_property_set_description(obj, "secure", SECURE_PROP_DESC, NULL);
 }
 
 static void virt_class_init(ObjectClass *oc, void *data)
-- 
1.8.3.2

[Qemu-devel] [PATCH v3 13/15] target-arm: Breakout integratorcp and versatilepb cpu init

[Greg Bellows]

This commit changes the integratorcp and versatilepb CPU initialization from
using the generic ARM cpu_arm_init function to doing it inline.  This is
necessary in order to allow CPU configuration changes to occur between CPU
instance initialization and realization.  Specifically, this change is in
preparation for disabling CPU EL3 support.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/integratorcp.c | 19 +++++++++++++++++--
 hw/arm/versatilepb.c  | 20 ++++++++++++++++++--
 2 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/hw/arm/integratorcp.c b/hw/arm/integratorcp.c
index 266ec18..f196189 100644
--- a/hw/arm/integratorcp.c
+++ b/hw/arm/integratorcp.c
@@ -15,6 +15,7 @@
 #include "net/net.h"
 #include "exec/address-spaces.h"
 #include "sysemu/sysemu.h"
+#include "qemu/error-report.h"
 
 #define TYPE_INTEGRATOR_CM "integrator_core"
 #define INTEGRATOR_CM(obj) \
@@ -469,6 +470,8 @@ static void integratorcp_init(MachineState *machine)
     const char *kernel_filename = machine->kernel_filename;
     const char *kernel_cmdline = machine->kernel_cmdline;
     const char *initrd_filename = machine->initrd_filename;
+    ObjectClass *cpu_oc;
+    Object *cpuobj;
     ARMCPU *cpu;
     MemoryRegion *address_space_mem = get_system_memory();
     MemoryRegion *ram = g_new(MemoryRegion, 1);
@@ -476,16 +479,28 @@ static void integratorcp_init(MachineState *machine)
     qemu_irq pic[32];
     DeviceState *dev;
     int i;
+    Error *err = NULL;
 
     if (!cpu_model) {
         cpu_model = "arm926";
     }
-    cpu = cpu_arm_init(cpu_model);
-    if (!cpu) {
+
+    cpu_oc = cpu_class_by_name(TYPE_ARM_CPU, cpu_model);
+    if (!cpu_oc) {
         fprintf(stderr, "Unable to find CPU definition\n");
         exit(1);
     }
 
+    cpuobj = object_new(object_class_get_name(cpu_oc));
+
+    object_property_set_bool(cpuobj, true, "realized", &err);
+    if (err) {
+        error_report("%s", error_get_pretty(err));
+        exit(1);
+    }
+
+    cpu = ARM_CPU(cpuobj);
+
     memory_region_init_ram(ram, NULL, "integrator.ram", ram_size, &error_abort);
     vmstate_register_ram_global(ram);
     /* ??? On a real system the first 1Mb is mapped as SSRAM or boot flash.  */
diff --git a/hw/arm/versatilepb.c b/hw/arm/versatilepb.c
index e6ef0a2..b74dc15 100644
--- a/hw/arm/versatilepb.c
+++ b/hw/arm/versatilepb.c
@@ -18,6 +18,7 @@
 #include "sysemu/block-backend.h"
 #include "exec/address-spaces.h"
 #include "hw/block/flash.h"
+#include "qemu/error-report.h"
 
 #define VERSATILE_FLASH_ADDR 0x34000000
 #define VERSATILE_FLASH_SIZE (64 * 1024 * 1024)
@@ -175,6 +176,8 @@ static struct arm_boot_info versatile_binfo;
 
 static void versatile_init(MachineState *machine, int board_id)
 {
+    ObjectClass *cpu_oc;
+    Object *cpuobj;
     ARMCPU *cpu;
     MemoryRegion *sysmem = get_system_memory();
     MemoryRegion *ram = g_new(MemoryRegion, 1);
@@ -189,15 +192,28 @@ static void versatile_init(MachineState *machine, int board_id)
     int n;
     int done_smc = 0;
     DriveInfo *dinfo;
+    Error *err = NULL;
 
     if (!machine->cpu_model) {
         machine->cpu_model = "arm926";
     }
-    cpu = cpu_arm_init(machine->cpu_model);
-    if (!cpu) {
+
+    cpu_oc = cpu_class_by_name(TYPE_ARM_CPU, machine->cpu_model);
+    if (!cpu_oc) {
         fprintf(stderr, "Unable to find CPU definition\n");
         exit(1);
     }
+
+    cpuobj = object_new(object_class_get_name(cpu_oc));
+
+    object_property_set_bool(cpuobj, true, "realized", &err);
+    if (err) {
+        error_report("%s", error_get_pretty(err));
+        exit(1);
+    }
+
+    cpu = ARM_CPU(cpuobj);
+
     memory_region_init_ram(ram, NULL, "versatile.ram", machine->ram_size,
                            &error_abort);
     vmstate_register_ram_global(ram);
-- 
1.8.3.2

[Qemu-devel] [PATCH v3 14/15] target-arm: Disable EL3 on unsupported machines

[Greg Bellows]

Disables the CPU ARM_FEATURE_EL3 featuere on machine models that can be
configured to use Cortex-A9, Cortex-A15, and ARM1176 but don't officially
support EL3.  This preserves backwards compatibility.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/exynos4210.c   | 11 +++++++++++
 hw/arm/highbank.c     | 12 ++++++++++++
 hw/arm/integratorcp.c | 12 ++++++++++++
 hw/arm/realview.c     | 12 ++++++++++++
 hw/arm/versatilepb.c  | 12 ++++++++++++
 hw/arm/xilinx_zynq.c  | 12 ++++++++++++
 6 files changed, 71 insertions(+)

diff --git a/hw/arm/exynos4210.c b/hw/arm/exynos4210.c
index 582794c..97dafca 100644
--- a/hw/arm/exynos4210.c
+++ b/hw/arm/exynos4210.c
@@ -152,6 +152,17 @@ Exynos4210State *exynos4210_init(MemoryRegion *system_mem,
         Object *cpuobj = object_new(object_class_get_name(cpu_oc));
         Error *err = NULL;
 
+        /* By default A9 CPUs have EL3 enabled.  This board does not currently
+         * support EL3 so the CPU EL3 property is disabled before realization.
+         */
+        if (object_property_find(cpuobj, "has_el3", NULL)) {
+            object_property_set_bool(cpuobj, false, "has_el3", &err);
+            if (err) {
+                error_report("%s", error_get_pretty(err));
+                exit(1);
+            }
+        }
+
         s->cpu[n] = ARM_CPU(cpuobj);
         object_property_set_int(cpuobj, EXYNOS4210_SMP_PRIVATE_BASE_ADDR,
                                 "reset-cbar", &error_abort);
diff --git a/hw/arm/highbank.c b/hw/arm/highbank.c
index 30f744a..f67570a 100644
--- a/hw/arm/highbank.c
+++ b/hw/arm/highbank.c
@@ -241,6 +241,18 @@ static void calxeda_init(MachineState *machine, enum cxmachines machine_id)
         cpuobj = object_new(object_class_get_name(oc));
         cpu = ARM_CPU(cpuobj);
 
+        /* By default A9 and A15 CPUs have EL3 enabled.  This board does not
+         * currently support EL3 so the CPU EL3 property is disabled before
+         * realization.
+         */
+        if (object_property_find(cpuobj, "has_el3", NULL)) {
+            object_property_set_bool(cpuobj, false, "has_el3", &err);
+            if (err) {
+                error_report("%s", error_get_pretty(err));
+                exit(1);
+            }
+        }
+
         if (object_property_find(cpuobj, "reset-cbar", NULL)) {
             object_property_set_int(cpuobj, MPCORE_PERIPHBASE,
                                     "reset-cbar", &error_abort);
diff --git a/hw/arm/integratorcp.c b/hw/arm/integratorcp.c
index f196189..8c48b68 100644
--- a/hw/arm/integratorcp.c
+++ b/hw/arm/integratorcp.c
@@ -493,6 +493,18 @@ static void integratorcp_init(MachineState *machine)
 
     cpuobj = object_new(object_class_get_name(cpu_oc));
 
+    /* By default ARM1176 CPUs have EL3 enabled.  This board does not
+     * currently support EL3 so the CPU EL3 property is disabled before
+     * realization.
+     */
+    if (object_property_find(cpuobj, "has_el3", NULL)) {
+        object_property_set_bool(cpuobj, false, "has_el3", &err);
+        if (err) {
+            error_report("%s", error_get_pretty(err));
+            exit(1);
+        }
+    }
+
     object_property_set_bool(cpuobj, true, "realized", &err);
     if (err) {
         error_report("%s", error_get_pretty(err));
diff --git a/hw/arm/realview.c b/hw/arm/realview.c
index d41ec97..66e51ef 100644
--- a/hw/arm/realview.c
+++ b/hw/arm/realview.c
@@ -101,6 +101,18 @@ static void realview_init(MachineState *machine,
         Object *cpuobj = object_new(object_class_get_name(cpu_oc));
         Error *err = NULL;
 
+        /* By default A9,A15 and ARM1176 CPUs have EL3 enabled.  This board
+         * does not currently support EL3 so the CPU EL3 property is disabled
+         * before realization.
+         */
+        if (object_property_find(cpuobj, "has_el3", NULL)) {
+            object_property_set_bool(cpuobj, false, "has_el3", &err);
+            if (err) {
+                error_report("%s", error_get_pretty(err));
+                exit(1);
+            }
+        }
+
         if (is_pb && is_mpcore) {
             object_property_set_int(cpuobj, periphbase, "reset-cbar", &err);
             if (err) {
diff --git a/hw/arm/versatilepb.c b/hw/arm/versatilepb.c
index b74dc15..6c4c2e7 100644
--- a/hw/arm/versatilepb.c
+++ b/hw/arm/versatilepb.c
@@ -206,6 +206,18 @@ static void versatile_init(MachineState *machine, int board_id)
 
     cpuobj = object_new(object_class_get_name(cpu_oc));
 
+    /* By default ARM1176 CPUs have EL3 enabled.  This board does not
+     * currently support EL3 so the CPU EL3 property is disabled before
+     * realization.
+     */
+    if (object_property_find(cpuobj, "has_el3", NULL)) {
+        object_property_set_bool(cpuobj, false, "has_el3", &err);
+        if (err) {
+            error_report("%s", error_get_pretty(err));
+            exit(1);
+        }
+    }
+
     object_property_set_bool(cpuobj, true, "realized", &err);
     if (err) {
         error_report("%s", error_get_pretty(err));
diff --git a/hw/arm/xilinx_zynq.c b/hw/arm/xilinx_zynq.c
index b590392..06e6e24 100644
--- a/hw/arm/xilinx_zynq.c
+++ b/hw/arm/xilinx_zynq.c
@@ -126,6 +126,18 @@ static void zynq_init(MachineState *machine)
 
     cpu = ARM_CPU(object_new(object_class_get_name(cpu_oc)));
 
+    /* By default A9 CPUs have EL3 enabled.  This board does not
+     * currently support EL3 so the CPU EL3 property is disabled before
+     * realization.
+     */
+    if (object_property_find(OBJECT(cpu), "has_el3", NULL)) {
+        object_property_set_bool(OBJECT(cpu), false, "has_el3", &err);
+        if (err) {
+            error_report("%s", error_get_pretty(err));
+            exit(1);
+        }
+    }
+
     object_property_set_int(OBJECT(cpu), ZYNQ_BOARD_MIDR, "midr", &err);
     if (err) {
         error_report("%s", error_get_pretty(err));
-- 
1.8.3.2

[Qemu-devel] [PATCH v3 15/15] target-arm: add cpu feature EL3 to CPUs with Security Extensions

[Greg Bellows]

From: Fabian Aggeler <aggelerf@ethz.ch>

Set ARM_FEATURE_EL3 feature for CPUs that implement Security Extensions.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index 069e090..285947f 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -668,6 +668,7 @@ static void arm1176_initfn(Object *obj)
     set_feature(&cpu->env, ARM_FEATURE_DUMMY_C15_REGS);
     set_feature(&cpu->env, ARM_FEATURE_CACHE_DIRTY_REG);
     set_feature(&cpu->env, ARM_FEATURE_CACHE_BLOCK_OPS);
+    set_feature(&cpu->env, ARM_FEATURE_EL3);
     cpu->midr = 0x410fb767;
     cpu->reset_fpsid = 0x410120b5;
     cpu->mvfr0 = 0x11111111;
@@ -756,6 +757,7 @@ static void cortex_a8_initfn(Object *obj)
     set_feature(&cpu->env, ARM_FEATURE_NEON);
     set_feature(&cpu->env, ARM_FEATURE_THUMB2EE);
     set_feature(&cpu->env, ARM_FEATURE_DUMMY_C15_REGS);
+    set_feature(&cpu->env, ARM_FEATURE_EL3);
     cpu->midr = 0x410fc080;
     cpu->reset_fpsid = 0x410330c0;
     cpu->mvfr0 = 0x11110222;
@@ -823,6 +825,7 @@ static void cortex_a9_initfn(Object *obj)
     set_feature(&cpu->env, ARM_FEATURE_VFP_FP16);
     set_feature(&cpu->env, ARM_FEATURE_NEON);
     set_feature(&cpu->env, ARM_FEATURE_THUMB2EE);
+    set_feature(&cpu->env, ARM_FEATURE_EL3);
     /* Note that A9 supports the MP extensions even for
      * A9UP and single-core A9MP (which are both different
      * and valid configurations; we don't model A9UP).
@@ -890,6 +893,7 @@ static void cortex_a15_initfn(Object *obj)
     set_feature(&cpu->env, ARM_FEATURE_DUMMY_C15_REGS);
     set_feature(&cpu->env, ARM_FEATURE_CBAR_RO);
     set_feature(&cpu->env, ARM_FEATURE_LPAE);
+    set_feature(&cpu->env, ARM_FEATURE_EL3);
     cpu->kvm_target = QEMU_KVM_ARM_TARGET_CORTEX_A15;
     cpu->midr = 0x412fc0f1;
     cpu->reset_fpsid = 0x410430f0;
-- 
1.8.3.2

Re: [Qemu-devel] [PATCH v3 04/15] target-arm: Add vexpress machine secure property

[Peter Maydell]

On 15 December 2014 at 18:51, Greg Bellows <greg.bellows@linaro.org> wrote:
> Add "secure" Vexpress machine specific property to allow override of the
> default secure state configuration.  By default, when using the QEMU
> -kernel command line argument, Vexpress machines boot into NS/SVC.  When using
> the QEMU -bios command line argument, Vexpress machines boot into S/SVC.
>
> The secure state can be changed from the default specifying the secure
> state as a machine property.  For example, the below command line would enable

disable!

> secure state on a -linux boot:
>
>     aarch64-softmmu/qemu-system-aarch64
>         -machine type=vexpress-a15,secure=off
>         -kernel ...
>
> Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

> +    /* EL3 is enabled by default on vexpress */
> +    vms->secure = true;
> +    object_property_add_bool(obj, "secure", vexpress_get_secure,
> +                             vexpress_set_secure, NULL);
> +    object_property_set_description(obj, "secure",
> +                             "Set on/off to enable/disable secure state",
> +                             NULL);

I think we decided on IRC that
"Set on/off to enable/disable the ARM Security Extensions (TrustZone)"

was slightly more explanatory for the user?

-- PMM

Re: [Qemu-devel] [PATCH v3 07/15] target-arm: Add virt machine secure property

[Peter Maydell]

On 15 December 2014 at 18:51, Greg Bellows <greg.bellows@linaro.org> wrote:
> Add "secure" virt machine specific property to allow override of the
> default secure state configuration.  By default, when using the QEMU
> -kernel command line argument, virt machines boot into NS/SVC.  When using
> the QEMU -bios command line argument, virt machines boot into S/SVC.
>
> The secure state can be changed from the default specifying the secure
> state as a machine property.  For example, the below command line would
> enable secure state on a -linux boot:

disable...

Also same property docstring thing.

-- PMM

Re: [Qemu-devel] [PATCH v3 09/15] target-arm: Add ARMCPU secure property

[Peter Maydell]

On 15 December 2014 at 18:51, Greg Bellows <greg.bellows@linaro.org> wrote:
> Added a "has_el3" state property to the ARMCPU descriptor.  This property
> indicates whether the ARMCPU has security extensions enabled (EL3) or not.
> By default it is disabled at this time.
>
> Signed-off-by: Greg Bellows <greg.bellows@linaro.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

thanks
-- PMM

Re: [Qemu-devel] [PATCH v3 10/15] target-arm: Add arm_boot_info secure_boot control

[Peter Maydell]

On 15 December 2014 at 18:51, Greg Bellows <greg.bellows@linaro.org> wrote:
> Adds the secure_boot boolean field to the arm_boot_info descriptor.  This
> fields is used to indicate whether Linux should boot into secure or non-secure
> state if the ARM EL3 feature is enabled.  The default is to leave the CPU in an
> unaltered reset state.  On EL3 enabled systems, the reset state is secure and
> can be overridden by setting the added field to false.
>
> Signed-off-by: Greg Bellows <greg.bellows@linaro.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

thanks
-- PMM

Re: [Qemu-devel] [PATCH v3 11/15] target-arm: Enable CPU has_el3 prop during VE init

[Peter Maydell]

On 15 December 2014 at 18:51, Greg Bellows <greg.bellows@linaro.org> wrote:
> Adds setting of the CPU has_el3 property based on the vexpress machine
> secure state property during initialization.  This enables/disables EL3
> state during start-up.  Changes include adding an additional secure state
> boolean during vexpress CPU initialization.  Also enables the ARM secure boot
> by default.
>
> Signed-off-by: Greg Bellows <greg.bellows@linaro.org>

> @@ -724,9 +733,7 @@ static void vexpress_instance_init(Object *obj)
>      vms->secure = true;
>      object_property_add_bool(obj, "secure", vexpress_get_secure,
>                               vexpress_set_secure, NULL);
> -    object_property_set_description(obj, "secure",
> -                             "Set on/off to enable/disable secure state",
> -                             NULL);
> +    object_property_set_description(obj, "secure", SECURE_PROP_DESC, NULL);

You should squash this fix into the earlier patch, rather
than creating the property with the wrong description and
then fixing it.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v3 12/15] target-arm: Set CPU has_el3 prop during virt init

[Peter Maydell]

On 15 December 2014 at 18:51, Greg Bellows <greg.bellows@linaro.org> wrote:
> -    object_property_set_description(obj, "secure",
> -                         "Set on/off to enable/disable secure state",
> -                         NULL);
> +    object_property_set_description(obj, "secure", SECURE_PROP_DESC, NULL);

Same remarks about squashing here. PS: why the #define ?

-- PMM

Re: [Qemu-devel] [PATCH v3 04/15] target-arm: Add vexpress machine secure property

[Greg Bellows]

[-- Attachment #1: Type: text/plain, Size: 1572 bytes --]

On 15 December 2014 at 13:43, Peter Maydell <peter.maydell@linaro.org>
wrote:
>
> On 15 December 2014 at 18:51, Greg Bellows <greg.bellows@linaro.org>
> wrote:
> > Add "secure" Vexpress machine specific property to allow override of the
> > default secure state configuration.  By default, when using the QEMU
> > -kernel command line argument, Vexpress machines boot into NS/SVC.  When
> using
> > the QEMU -bios command line argument, Vexpress machines boot into S/SVC.
> >
> > The secure state can be changed from the default specifying the secure
> > state as a machine property.  For example, the below command line would
> enable
>
> disable!
>
> > secure state on a -linux boot:
> >
> >     aarch64-softmmu/qemu-system-aarch64
> >         -machine type=vexpress-a15,secure=off
> >         -kernel ...
> >
> > Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
> > Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
>
> > +    /* EL3 is enabled by default on vexpress */
> > +    vms->secure = true;
> > +    object_property_add_bool(obj, "secure", vexpress_get_secure,
> > +                             vexpress_set_secure, NULL);
> > +    object_property_set_description(obj, "secure",
> > +                             "Set on/off to enable/disable secure
> state",
> > +                             NULL);
>
> I think we decided on IRC that
> "Set on/off to enable/disable the ARM Security Extensions (TrustZone)"
>
> was slightly more explanatory for the user?
>

bah... yes we did.  I made the code change, but failed to update the patch.


>
> -- PMM
>

[-- Attachment #2: Type: text/html, Size: 2519 bytes --]