[Qemu-arm] [PATCH for-2.5 v3 1/3] arm: boot: Add secure_board

qemu-arm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-arm] [PATCH for-2.5 v3 1/3] arm: boot: Add secure_board_setup flag

From:	Peter Crosthwaite
Subject:	[Qemu-arm] [PATCH for-2.5 v3 1/3] arm: boot: Add secure_board_setup flag
Date:	Mon, 2 Nov 2015 20:30:35 -0800

Add a flag that when set, will cause the primary CPU to start in secure
mode, even if the overall boot is non-secure. This is useful for when
there is a board-setup blob that needs to run from secure mode, but
device and secondary CPU init should still be done as-normal for a non-
secure boot.

Signed-off-by: Peter Crosthwaite <address@hidden>
---
changed since v2:
Assert if running KVM and board_setup_secure is set

 hw/arm/boot.c        | 8 +++++++-
 include/hw/arm/arm.h | 6 ++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index b0879a5..f671454 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -495,7 +495,8 @@ static void do_cpu_reset(void *opaque)
                 }
 
                 /* Set to non-secure if not a secure boot */
-                if (!info->secure_boot) {
+                if (!info->secure_boot &&
+                    (cs != first_cpu || !info->secure_board_setup)) {
                     /* Linux expects non-secure state */
                     env->cp15.scr_el3 |= SCR_NS;
                 }
@@ -598,6 +599,11 @@ static void arm_load_kernel_notify(Notifier *notifier, 
void *data)
     struct arm_boot_info *info =
         container_of(n, struct arm_boot_info, load_kernel_notifier);
 
+    /* It is the boards job to make sure secure_board_setup is actually
+     * possible
+     */
+    assert(!info->secure_board_setup || tcg_enabled());
+
     /* Load the kernel.  */
     if (!info->kernel_filename || info->firmware_loaded) {
 
diff --git a/include/hw/arm/arm.h b/include/hw/arm/arm.h
index 9217b70..60dc919 100644
--- a/include/hw/arm/arm.h
+++ b/include/hw/arm/arm.h
@@ -97,6 +97,12 @@ struct arm_boot_info {
     hwaddr board_setup_addr;
     void (*write_board_setup)(ARMCPU *cpu,
                               const struct arm_boot_info *info);
+
+    /* If set, the board specific loader/setup blob will be run from secure
+     * mode, regardless of secure_boot. The blob becomes responsible for
+     * changing to non-secure state if implementing a non-secure boot
+     */
+    bool secure_board_setup;
 };
 
 /**
-- 
1.9.1

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-arm] [PATCH for-2.5 v3 0/3] ARM: Highbank: Add monitor support, Peter Crosthwaite, 2015/11/02
- [Qemu-arm] [PATCH for-2.5 v3 1/3] arm: boot: Add secure_board_setup flag, Peter Crosthwaite <=
  - Re: [Qemu-arm] [PATCH for-2.5 v3 1/3] arm: boot: Add secure_board_setup flag, Peter Maydell, 2015/11/06
    - Re: [Qemu-arm] [PATCH for-2.5 v3 1/3] arm: boot: Add secure_board_setup flag, Peter Crosthwaite, 2015/11/08
- [Qemu-arm] [PATCH for-2.5 v3 2/3] arm: highbank: Defeature CPU override, Peter Crosthwaite, 2015/11/02
  - Re: [Qemu-arm] [PATCH for-2.5 v3 2/3] arm: highbank: Defeature CPU override, Peter Maydell, 2015/11/06
- [Qemu-arm] [PATCH for-2.5 v3 3/3] arm: highbank: Implement PSCI and dummy monitor, Peter Crosthwaite, 2015/11/02
  - Re: [Qemu-arm] [PATCH for-2.5 v3 3/3] arm: highbank: Implement PSCI and dummy monitor, Peter Maydell, 2015/11/06
    - Re: [Qemu-arm] [PATCH for-2.5 v3 3/3] arm: highbank: Implement PSCI and dummy monitor, Peter Crosthwaite, 2015/11/08

Prev by Date: [Qemu-arm] [PATCH for-2.5 v3 0/3] ARM: Highbank: Add monitor support
Next by Date: [Qemu-arm] [PATCH for-2.5 v3 2/3] arm: highbank: Defeature CPU override
Previous by thread: [Qemu-arm] [PATCH for-2.5 v3 0/3] ARM: Highbank: Add monitor support
Next by thread: Re: [Qemu-arm] [PATCH for-2.5 v3 1/3] arm: boot: Add secure_board_setup flag
Index(es):
- Date
- Thread