[U-Boot] [PATCH v4 0/2] ARM: Add non-secure / virt Kconfig options and allow secure boot on non-secure configs

[U-Boot] [PATCH v4 0/2] ARM: Add non-secure / virt Kconfig options and allow secure boot on non-secure configs

[Hans de Goede]

Hi Albert,

Here is the 4th version of my patch to allow secure-boot on u-boot builds
build with non-secure boot support enabled. The first patch is new and it
moves the enablement of ARMV7_NONSEC and ARMV7_VIRT to
arch/arm/cpu/armv7/Kconfig.

This allows adding a Kconfig option in the second patch to select whether
to boot in secure or non-secure mode by default for builds with non-secure
boot mode support.

These patches depend on Tom's "Kconfig: Add EXPERT option" and Ian's
"sunxi: kconfig: Add top-level ARCH_SUNXI" patches, as such I believe it is
best to merge these through the sunxi tree. If I can get your Acked-by for
these 2 patches then I'll take care of getting them merged.

Thanks & Regards,

Hans

[U-Boot] [PATCH 1/2] ARM: Add arch/arm/cpu/armv7/Kconfig with non-secure and virt options

[Hans de Goede]

Add arch/arm/cpu/armv7/Kconfig with non-secure and virt options, so that
we can have CONFIG_ARMV7_SEC_BY_DEFAULT as a proper Kconfig option.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
 arch/arm/Kconfig                    |  2 ++
 arch/arm/cpu/armv7/Kconfig          | 20 ++++++++++++++++++++
 include/configs/arndale.h           |  2 --
 include/configs/sun7i.h             |  2 --
 include/configs/vexpress_ca15_tc2.h |  2 --
 5 files changed, 22 insertions(+), 6 deletions(-)
 create mode 100644 arch/arm/cpu/armv7/Kconfig

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 0644917..d057dcc 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -560,6 +560,8 @@ source "arch/arm/cpu/arm926ejs/versatile/Kconfig"
 
 source "arch/arm/cpu/armv7/zynq/Kconfig"
 
+source "arch/arm/cpu/armv7/Kconfig"
+
 source "board/aristainetos/Kconfig"
 source "board/BuR/kwb/Kconfig"
 source "board/BuR/tseries/Kconfig"
diff --git a/arch/arm/cpu/armv7/Kconfig b/arch/arm/cpu/armv7/Kconfig
new file mode 100644
index 0000000..84e3edb
--- /dev/null
+++ b/arch/arm/cpu/armv7/Kconfig
@@ -0,0 +1,20 @@
+# FIXME, Once overything in u-boot is properly Kconfig-ified
+# this entire file should be "if ARMV7"
+if ARCH_SUNXI || TARGET_ARNDALE || TARGET_VEXPRESS_CA15_TC2
+
+# FIXME, needs a "depends on ARMV7_HAS_NONSEC"
+config ARMV7_NONSEC
+	boolean "Enable support for booting in non-secure mode" if EXPERT
+	default y
+	---help---
+	Say Y here to enable support for booting in non-secure / SVC mode.
+
+# FIXME, needs a "depends on ARMV7_HAS_VIRT"
+config ARMV7_VIRT
+	boolean "Enable support for hardware virtualization" if EXPERT
+	depends on ARMV7_NONSEC
+	default y
+	---help---
+	Say Y here to boot in hypervisor (HYP) mode when booting non-secure.
+
+endif
diff --git a/include/configs/arndale.h b/include/configs/arndale.h
index f9ee40f..aa6b631 100644
--- a/include/configs/arndale.h
+++ b/include/configs/arndale.h
@@ -60,6 +60,4 @@
 /* The PERIPHBASE in the CBAR register is wrong on the Arndale, so override it */
 #define CONFIG_ARM_GIC_BASE_ADDRESS	0x10480000
 
-#define CONFIG_ARMV7_VIRT
-
 #endif	/* __CONFIG_H */
diff --git a/include/configs/sun7i.h b/include/configs/sun7i.h
index 7f7369c..5531dfd 100644
--- a/include/configs/sun7i.h
+++ b/include/configs/sun7i.h
@@ -30,8 +30,6 @@
 #endif
 #endif
 
-#define CONFIG_ARMV7_VIRT		1
-#define CONFIG_ARMV7_NONSEC		1
 #define CONFIG_ARMV7_PSCI		1
 #define CONFIG_ARMV7_SECURE_BASE	SUNXI_SRAM_B_BASE
 #define CONFIG_SYS_CLK_FREQ		24000000
diff --git a/include/configs/vexpress_ca15_tc2.h b/include/configs/vexpress_ca15_tc2.h
index 982f4a7..b43afa2 100644
--- a/include/configs/vexpress_ca15_tc2.h
+++ b/include/configs/vexpress_ca15_tc2.h
@@ -18,6 +18,4 @@
 #define CONFIG_SYSFLAGS_ADDR	0x1c010030
 #define CONFIG_SMP_PEN_ADDR	CONFIG_SYSFLAGS_ADDR
 
-#define CONFIG_ARMV7_VIRT
-
 #endif
-- 
2.1.0

[U-Boot] [PATCH 2/2] ARM: bootm: Allow booting in secure mode on hyp capable systems

[Hans de Goede]

Older Linux kernels will not properly boot in hyp mode, add support for a
bootm_boot_mode environment variable, which can be set to "sec" or "nonsec"
to force booting in secure or non-secure mode when build with non-sec support.

The default behavior can be selected through CONFIG_ARMV7_BOOT_SEC_DEFAULT,
when this is set booting in secure mode is the default. The default setting
for this Kconfig option is N, preserving the current behavior of booting in
non-secure mode by default when non-secure mode is supported.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Acked-by: Siarhei Siamashka <siarhei.siamashka@gmail.com>

--
Changes in v2:
-Allow changing the default boot mode to secure through defining
 CONFIG_ARMV7_BOOT_SEC_DEFAULT, this is useful for archs which have a Kconfig
 option for compatibility with older kernels
Changes in v3:
-Add an else at the end of the #ifdef NONSEC block so that if do_nonsec_entry
 fails we do not end up re-trying in secure mode
Changes in v4:
-Add a Kconfig option to select to boot in secure or non-secure mode by default
---
 arch/arm/cpu/armv7/Kconfig | 11 +++++++++++
 arch/arm/lib/bootm.c       | 31 ++++++++++++++++++++++++++-----
 2 files changed, 37 insertions(+), 5 deletions(-)

diff --git a/arch/arm/cpu/armv7/Kconfig b/arch/arm/cpu/armv7/Kconfig
index 84e3edb..18a4ff3 100644
--- a/arch/arm/cpu/armv7/Kconfig
+++ b/arch/arm/cpu/armv7/Kconfig
@@ -9,6 +9,17 @@ config ARMV7_NONSEC
 	---help---
 	Say Y here to enable support for booting in non-secure / SVC mode.
 
+config ARMV7_BOOT_SEC_DEFAULT
+	boolean "Boot in secure mode by default" if EXPERT
+	depends on ARMV7_NONSEC
+	default n
+	---help---
+	Say Y here to boot in secure mode by default even if non-secure mode
+	is supported. This option is useful to boot kernels which do not
+	suppport booting in secure mode. Only set this if you need it.
+	This can be overriden at run-time by setting the bootm_boot_mode env.
+	variable to "sec" or "nonsec".
+
 # FIXME, needs a "depends on ARMV7_HAS_VIRT"
 config ARMV7_VIRT
 	boolean "Enable support for hardware virtualization" if EXPERT
diff --git a/arch/arm/lib/bootm.c b/arch/arm/lib/bootm.c
index 39fe7a1..d2a956c 100644
--- a/arch/arm/lib/bootm.c
+++ b/arch/arm/lib/bootm.c
@@ -235,6 +235,26 @@ static void boot_prep_linux(bootm_headers_t *images)
 	}
 }
 
+#if defined(CONFIG_ARMV7_NONSEC) || defined(CONFIG_ARMV7_VIRT)
+static bool boot_nonsec(void)
+{
+	char *s = getenv("bootm_boot_mode");
+#ifdef CONFIG_ARMV7_BOOT_SEC_DEFAULT
+	bool nonsec = false;
+#else
+	bool nonsec = true;
+#endif
+
+	if (s && !strcmp(s, "sec"))
+		nonsec = false;
+
+	if (s && !strcmp(s, "nonsec"))
+		nonsec = true;
+
+	return nonsec;
+}
+#endif
+
 /* Subcommand: GO */
 static void boot_jump_linux(bootm_headers_t *images, int flag)
 {
@@ -283,12 +303,13 @@ static void boot_jump_linux(bootm_headers_t *images, int flag)
 
 	if (!fake) {
 #if defined(CONFIG_ARMV7_NONSEC) || defined(CONFIG_ARMV7_VIRT)
-		armv7_init_nonsec();
-		secure_ram_addr(_do_nonsec_entry)(kernel_entry,
-						  0, machid, r2);
-#else
-		kernel_entry(0, machid, r2);
+		if (boot_nonsec()) {
+			armv7_init_nonsec();
+			secure_ram_addr(_do_nonsec_entry)(kernel_entry,
+							  0, machid, r2);
+		} else
 #endif
+			kernel_entry(0, machid, r2);
 	}
 #endif
 }
-- 
2.1.0

[U-Boot] [PATCH 1/2] ARM: Add arch/arm/cpu/armv7/Kconfig with non-secure and virt options

[Tom Rini]

On Fri, Oct 24, 2014 at 08:34:15PM +0200, Hans de Goede wrote:

> Add arch/arm/cpu/armv7/Kconfig with non-secure and virt options, so that
> we can have CONFIG_ARMV7_SEC_BY_DEFAULT as a proper Kconfig option.
> 
> Signed-off-by: Hans de Goede <hdegoede@redhat.com>
> ---
>  arch/arm/Kconfig                    |  2 ++
>  arch/arm/cpu/armv7/Kconfig          | 20 ++++++++++++++++++++
>  include/configs/arndale.h           |  2 --
>  include/configs/sun7i.h             |  2 --
>  include/configs/vexpress_ca15_tc2.h |  2 --

The only problem I see is you aren't also updating the defconfigs for
the boards in question, which results in a behavior change which we
don't want.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20141026/adbba8bb/attachment.pgp>

[U-Boot] [PATCH 1/2] ARM: Add arch/arm/cpu/armv7/Kconfig with non-secure and virt options

[Hans de Goede]

Hi,

On 10/27/2014 01:35 AM, Tom Rini wrote:
> On Fri, Oct 24, 2014 at 08:34:15PM +0200, Hans de Goede wrote:
> 
>> Add arch/arm/cpu/armv7/Kconfig with non-secure and virt options, so that
>> we can have CONFIG_ARMV7_SEC_BY_DEFAULT as a proper Kconfig option.
>>
>> Signed-off-by: Hans de Goede <hdegoede@redhat.com>
>> ---
>>  arch/arm/Kconfig                    |  2 ++
>>  arch/arm/cpu/armv7/Kconfig          | 20 ++++++++++++++++++++
>>  include/configs/arndale.h           |  2 --
>>  include/configs/sun7i.h             |  2 --
>>  include/configs/vexpress_ca15_tc2.h |  2 --
> 
> The only problem I see is you aren't also updating the defconfigs for
> the boards in question, which results in a behavior change which we
> don't want.

The new Kconfig options have "default y", and the boards where using
those settings before.

Or are you referring to the fact that CONFIG_ARMV7_NONSEC is getting
set for arndale and vexpress_ca15_tc2 now too ? That is intentional
ARMV7_VIRT depends on CONFIG_ARMV7_NONSEC.

So far this has been somewhat unelegantly solved by writing every
#ifdef CONFIG_ARMV7_NONSEC as:

#if defined(CONFIG_ARMV7_NONSEC) || defined(CONFIG_ARMV7_VIRT)

So that setting CONFIG_ARMV7_VIRT automatically also includes all the
NONSEC bits, note that after this patch we could simply these to just:

#ifdef CONFIG_ARMV7_NONSEC

Which would also more correctly reflect when the code should be enabled.

Regards,

Hans

[U-Boot] [PATCH 1/2] ARM: Add arch/arm/cpu/armv7/Kconfig with non-secure and virt options

[Ian Campbell]

On Fri, 2014-10-24 at 20:34 +0200, Hans de Goede wrote:
> diff --git a/arch/arm/cpu/armv7/Kconfig b/arch/arm/cpu/armv7/Kconfig
> new file mode 100644
> index 0000000..84e3edb
> --- /dev/null
> +++ b/arch/arm/cpu/armv7/Kconfig
> @@ -0,0 +1,20 @@
> +# FIXME, Once overything in u-boot is properly Kconfig-ified

"everything"

> +# this entire file should be "if ARMV7"
> +if ARCH_SUNXI 

Should this not be FOO_SUN7I (FOO depending on when this series lands
wrt my sunxi Kconfig changes). I think we don't want this for any of the
other sun?i, do we?

Ian.