From mboxrd@z Thu Jan  1 00:00:00 1970
From: Siarhei Siamashka <siarhei.siamashka@gmail.com>
Date: Wed, 15 Oct 2014 13:40:24 +0300
Subject: [U-Boot] [PATCH] ARM: bootm: Allow booting in secure mode on
 hyp capable systems
In-Reply-To: <86iojl62un.fsf@arm.com>
References: <1413367985-4365-1-git-send-email-hdegoede@redhat.com>
	<20141015132510.39ad7cfd@i7> <86iojl62un.fsf@arm.com>
Message-ID: <20141015134024.6c3e3046@i7>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

On Wed, 15 Oct 2014 11:31:44 +0100
Marc Zyngier <marc.zyngier@arm.com> wrote:

> On Wed, Oct 15 2014 at 11:25:10 AM, Siarhei Siamashka <siarhei.siamashka@gmail.com> wrote:
> > On Wed, 15 Oct 2014 12:13:05 +0200
> > Hans de Goede <hdegoede@redhat.com> wrote:
> >
> >> Older Linux kernels will not properly boot in hype mode, add support for a
> >> bootm_boot_mode environment variable, which when set to "sec" will cause
> >> u-boot to boot in secure mode even when build with non-sec (and hyp) support.
> >> 
> >> Signed-off-by: Hans de Goede <hdegoede@redhat.com>
> >> ---
> >>  arch/arm/lib/bootm.c | 23 ++++++++++++++++++-----
> >>  1 file changed, 18 insertions(+), 5 deletions(-)
> >> 
> >> diff --git a/arch/arm/lib/bootm.c b/arch/arm/lib/bootm.c
> >> index 39fe7a1..037fc8d 100644
> >> --- a/arch/arm/lib/bootm.c
> >> +++ b/arch/arm/lib/bootm.c
> >> @@ -235,6 +235,18 @@ static void boot_prep_linux(bootm_headers_t *images)
> >>  	}
> >>  }
> >>  
> >> +#if defined(CONFIG_ARMV7_NONSEC) || defined(CONFIG_ARMV7_VIRT)
> >> +static bool boot_nonsec(void)
> >> +{
> >> +	char *s = getenv("bootm_boot_mode");
> >> +
> >> +	if (s && !strcmp(s, "sec"))
> >> +		return false;
> >> +
> >> +	return true;
> >> +}
> >> +#endif
> >> +
> >>  /* Subcommand: GO */
> >>  static void boot_jump_linux(bootm_headers_t *images, int flag)
> >>  {
> >> @@ -283,12 +295,13 @@ static void boot_jump_linux(bootm_headers_t *images, int flag)
> >>  
> >>  	if (!fake) {
> >>  #if defined(CONFIG_ARMV7_NONSEC) || defined(CONFIG_ARMV7_VIRT)
> >> -		armv7_init_nonsec();
> >> -		secure_ram_addr(_do_nonsec_entry)(kernel_entry,
> >> -						  0, machid, r2);
> >> -#else
> >> -		kernel_entry(0, machid, r2);
> >> +		if (boot_nonsec()) {
> >> +			armv7_init_nonsec();
> >> +			secure_ram_addr(_do_nonsec_entry)(kernel_entry,
> >> +							  0, machid, r2);
> >> +		}
> >>  #endif
> >> +		kernel_entry(0, machid, r2);
> >>  	}
> >>  #endif
> >>  }
> >
> > BTW, I'm currently achieving the same result, but without the need to do
> > extra environment configuration gymnastics for the end users:
> >     https://github.com/ssvb/u-boot-sunxi-dram/commit/e914abe551e712a59a8fc1ac9a4b8490e8e7c866
> 
> And thus preventing kernels with appended DT (not provided by u-boot),
> but still using HYP/non-sec/PSCI from booting.
> 
> Sorry, but using DT as a way to distinguish between all these cases is
> just wrong.
> 
> Thanks,

Do you see the HACK prefix in the summary of that patch?

Or are you saying that it is really impossible to distinguish your
use case of having the appended DT without resorting to the use of the
environment config options?

-- 
Best regards,
Siarhei Siamashka