From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mark Rutland Date: Wed, 6 Aug 2014 10:49:47 +0100 Subject: [U-Boot] [PATCH] ARM: HYP/non-sec: Add MIDR check to detect unsupported CPUs In-Reply-To: <1407310693.23472.67.camel@dagon.hellion.org.uk> References: <1407033372-24765-1-git-send-email-siarhei.siamashka@gmail.com> <53DFA343.407@arm.com> <1407310693.23472.67.camel@dagon.hellion.org.uk> Message-ID: <20140806094947.GA8330@leverpostej> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On Wed, Aug 06, 2014 at 08:38:13AM +0100, Ian Campbell wrote: > On Mon, 2014-08-04 at 16:14 +0100, Marc Zyngier wrote: > > > My personal feeling is that booting in secure mode is always the wrong > > thing to do. > > FWIW I agree. > > > If you want to go down the road of a single bootloader that is able to > > run on several SOCs, then do it the proper way: parse the device tree > > and have separate constraints for your SoC. But please don't blacklist > > random cores just because it fits your environment. > > I think there is a CPU feature register which indicates whether support > for HYP mode is present, isn't there? ID_PFR1[15:12] should tell you if the CPU has the virtualization extensions. > In which case a tolerable fix for now (going all the way DT is a big > yakk to shave...) would be to use that to decide between booting in > NS.HYP vs NS.SVC (nb: not NS.HYP vs S.SVC). That sounds ideal. > I don't recall if the GIC has a feature bit for the security extensions, > but if not then inferring it from the CPUs support wouldn't be the worst > thing in the world under the circumstances. GICD_TYPER[10] (SecurityExtn) should tell you if the GIC has the security extensions. I don't know whether you'll encounter a platform where the CPU and GIC are mismatched w.r.t. security extensions. Mark.