qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2 5/6] hw/arm/virt: Default to not providing Tr


From: Peter Crosthwaite
Subject: Re: [Qemu-devel] [PATCH v2 5/6] hw/arm/virt: Default to not providing TrustZone support
Date: Fri, 17 Jul 2015 21:02:15 -0700

On Thu, Jul 16, 2015 at 1:11 PM, Peter Maydell <address@hidden> wrote:
> Switch the default for the 'virt' board to not providing TrustZone
> support in either the CPU or the GIC. This is primarily for the
> benefit of UEFI, which currently assumes there is no TrustZone
> support, and does not set the GIC up correctly if it is TZ-aware.
> It also means the board is consistent about its behaviour whether
> we're using KVM or TCG (KVM never has TrustZone support).
>
> If TrustZone support is required (for instance for running test
> suites or TZ-aware firmware) it can be enabled with the
> "-machine secure=on" command line option.
>
> Signed-off-by: Peter Maydell <address@hidden>

Reviewed-by: Peter Crosthwaite <address@hidden>

> ---
>  hw/arm/virt.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/hw/arm/virt.c b/hw/arm/virt.c
> index 95b1a9a..2bcf565 100644
> --- a/hw/arm/virt.c
> +++ b/hw/arm/virt.c
> @@ -946,8 +946,11 @@ static void virt_instance_init(Object *obj)
>  {
>      VirtMachineState *vms = VIRT_MACHINE(obj);
>
> -    /* EL3 is enabled by default on virt */
> -    vms->secure = true;
> +    /* EL3 is disabled by default on virt: this makes us consistent
> +     * between KVM and TCG for this board, and it also allows us to
> +     * boot UEFI blobs which assume no TrustZone support.
> +     */
> +    vms->secure = false;
>      object_property_add_bool(obj, "secure", virt_get_secure,
>                               virt_set_secure, NULL);
>      object_property_set_description(obj, "secure",
> --
> 1.9.1
>
>



reply via email to

[Prev in Thread] Current Thread [Next in Thread]