From: Marc Zyngier <marc.zyngier@arm.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH] ARM: bootm: Allow booting in secure mode on hyp capable systems
Date: Wed, 15 Oct 2014 11:31:44 +0100 [thread overview]
Message-ID: <86iojl62un.fsf@arm.com> (raw)
In-Reply-To: <20141015132510.39ad7cfd@i7> (Siarhei Siamashka's message of "Wed, 15 Oct 2014 11:25:10 +0100")
On Wed, Oct 15 2014 at 11:25:10 AM, Siarhei Siamashka <siarhei.siamashka@gmail.com> wrote:
> On Wed, 15 Oct 2014 12:13:05 +0200
> Hans de Goede <hdegoede@redhat.com> wrote:
>
>> Older Linux kernels will not properly boot in hype mode, add support for a
>> bootm_boot_mode environment variable, which when set to "sec" will cause
>> u-boot to boot in secure mode even when build with non-sec (and hyp) support.
>>
>> Signed-off-by: Hans de Goede <hdegoede@redhat.com>
>> ---
>> arch/arm/lib/bootm.c | 23 ++++++++++++++++++-----
>> 1 file changed, 18 insertions(+), 5 deletions(-)
>>
>> diff --git a/arch/arm/lib/bootm.c b/arch/arm/lib/bootm.c
>> index 39fe7a1..037fc8d 100644
>> --- a/arch/arm/lib/bootm.c
>> +++ b/arch/arm/lib/bootm.c
>> @@ -235,6 +235,18 @@ static void boot_prep_linux(bootm_headers_t *images)
>> }
>> }
>>
>> +#if defined(CONFIG_ARMV7_NONSEC) || defined(CONFIG_ARMV7_VIRT)
>> +static bool boot_nonsec(void)
>> +{
>> + char *s = getenv("bootm_boot_mode");
>> +
>> + if (s && !strcmp(s, "sec"))
>> + return false;
>> +
>> + return true;
>> +}
>> +#endif
>> +
>> /* Subcommand: GO */
>> static void boot_jump_linux(bootm_headers_t *images, int flag)
>> {
>> @@ -283,12 +295,13 @@ static void boot_jump_linux(bootm_headers_t *images, int flag)
>>
>> if (!fake) {
>> #if defined(CONFIG_ARMV7_NONSEC) || defined(CONFIG_ARMV7_VIRT)
>> - armv7_init_nonsec();
>> - secure_ram_addr(_do_nonsec_entry)(kernel_entry,
>> - 0, machid, r2);
>> -#else
>> - kernel_entry(0, machid, r2);
>> + if (boot_nonsec()) {
>> + armv7_init_nonsec();
>> + secure_ram_addr(_do_nonsec_entry)(kernel_entry,
>> + 0, machid, r2);
>> + }
>> #endif
>> + kernel_entry(0, machid, r2);
>> }
>> #endif
>> }
>
> BTW, I'm currently achieving the same result, but without the need to do
> extra environment configuration gymnastics for the end users:
> https://github.com/ssvb/u-boot-sunxi-dram/commit/e914abe551e712a59a8fc1ac9a4b8490e8e7c866
And thus preventing kernels with appended DT (not provided by u-boot),
but still using HYP/non-sec/PSCI from booting.
Sorry, but using DT as a way to distinguish between all these cases is
just wrong.
Thanks,
M.
--
Jazz is not dead. It just smells funny.
next prev parent reply other threads:[~2014-10-15 10:31 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-15 10:13 [U-Boot] [PATCH] ARM: bootm: Allow booting in secure mode on hyp capable systems Hans de Goede
2014-10-15 10:18 ` Marc Zyngier
2014-10-15 10:25 ` Albert ARIBAUD
2014-10-15 10:43 ` Marc Zyngier
2014-10-15 10:25 ` Siarhei Siamashka
2014-10-15 10:31 ` Marc Zyngier [this message]
2014-10-15 10:40 ` Siarhei Siamashka
2014-10-15 12:42 ` Marc Zyngier
2014-10-15 14:05 ` Siarhei Siamashka
2014-10-15 14:39 ` Mark Rutland
2014-10-16 2:30 ` Siarhei Siamashka
2014-10-15 16:40 ` Marc Zyngier
2014-10-16 2:13 ` Siarhei Siamashka
2014-10-16 9:28 ` [U-Boot] " Hans de Goede
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86iojl62un.fsf@arm.com \
--to=marc.zyngier@arm.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox