arm: boot: Add secure_board_setup flag

Add a flag that when set, will cause the primary CPU to start in secure mode, even if the overall boot is non-secure. This is useful for when there is a board-setup blob that needs to run from secure mode, but device and secondary CPU init should still be done as-normal for a non- secure boot. Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-id: d1170774d5446d715fced7739edfc61a5be931f9.1447007690.git.crosthwaite.peter@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-11-10 13:37:33 +00:00 · 2015-11-10 13:37:33 +00:00 · baf6b6815b
commit baf6b6815b
parent b95690c9be
2 changed files with 15 additions and 1 deletions
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@ -11,6 +11,7 @@
 #include "hw/hw.h"
 #include "hw/arm/arm.h"
 #include "hw/arm/linux-boot-if.h"
+#include "sysemu/kvm.h"
 #include "sysemu/sysemu.h"
 #include "hw/boards.h"
 #include "hw/loader.h"
@ -495,7 +496,8 @@ static void do_cpu_reset(void *opaque)
                }

                /* Set to non-secure if not a secure boot */
-                if (!info->secure_boot) {
+                if (!info->secure_boot &&
+                    (cs != first_cpu || !info->secure_board_setup)) {
                    /* Linux expects non-secure state */
                    env->cp15.scr_el3 |= SCR_NS;
                }
@ -598,6 +600,12 @@ static void arm_load_kernel_notify(Notifier *notifier, void *data)
    struct arm_boot_info *info =
        container_of(n, struct arm_boot_info, load_kernel_notifier);

+    /* The board code is not supposed to set secure_board_setup unless
+     * running its code in secure mode is actually possible, and KVM
+     * doesn't support secure.
+     */
+    assert(!(info->secure_board_setup && kvm_enabled()));
+
    /* Load the kernel.  */
    if (!info->kernel_filename || info->firmware_loaded) {

--- a/include/hw/arm/arm.h
+++ b/include/hw/arm/arm.h
@ -97,6 +97,12 @@ struct arm_boot_info {
    hwaddr board_setup_addr;
    void (*write_board_setup)(ARMCPU *cpu,
                              const struct arm_boot_info *info);
+
+    /* If set, the board specific loader/setup blob will be run from secure
+     * mode, regardless of secure_boot. The blob becomes responsible for
+     * changing to non-secure state if implementing a non-secure boot
+     */
+    bool secure_board_setup;
 };

 /**