[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v3 10/15] target-arm: Add arm_boot_info secure_boot
From: |
Greg Bellows |
Subject: |
[Qemu-devel] [PATCH v3 10/15] target-arm: Add arm_boot_info secure_boot control |
Date: |
Mon, 15 Dec 2014 12:51:14 -0600 |
Adds the secure_boot boolean field to the arm_boot_info descriptor. This
fields is used to indicate whether Linux should boot into secure or non-secure
state if the ARM EL3 feature is enabled. The default is to leave the CPU in an
unaltered reset state. On EL3 enabled systems, the reset state is secure and
can be overridden by setting the added field to false.
Signed-off-by: Greg Bellows <address@hidden>
---
v2 -> v3
- Fixed typos
---
hw/arm/boot.c | 10 ++++++++++
include/hw/arm/arm.h | 4 ++++
2 files changed, 14 insertions(+)
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index e6a3c5b..c8d1d4e 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -457,6 +457,16 @@ static void do_cpu_reset(void *opaque)
env->thumb = info->entry & 1;
}
} else {
+ /* If we are booting Linux then we need to check whether we are
+ * booting into secure or non-secure state and adjust the state
+ * accordingly. Out of reset, ARM is defined to be in secure state
+ * (SCR.NS = 0), we change that here if non-secure boot has been
+ * requested.
+ */
+ if (arm_feature(env, ARM_FEATURE_EL3) && !info->secure_boot) {
+ env->cp15.scr_el3 |= SCR_NS;
+ }
+
if (CPU(cpu) == first_cpu) {
if (env->aarch64) {
env->pc = info->loader_start;
diff --git a/include/hw/arm/arm.h b/include/hw/arm/arm.h
index cefc9e6..e5a5d8c 100644
--- a/include/hw/arm/arm.h
+++ b/include/hw/arm/arm.h
@@ -37,6 +37,10 @@ struct arm_boot_info {
hwaddr gic_cpu_if_addr;
int nb_cpus;
int board_id;
+ /* ARM machines that support the ARM Security Extensions use this field to
+ * control whether Linux is booted as secure(true) or non-secure(false).
+ */
+ bool secure_boot;
int (*atag_board)(const struct arm_boot_info *info, void *p);
/* multicore boards that use the default secondary core boot functions
* can ignore these two function calls. If the default functions won't
--
1.8.3.2
- [Qemu-devel] [PATCH v3 04/15] target-arm: Add vexpress machine secure property, (continued)
- [Qemu-devel] [PATCH v3 04/15] target-arm: Add vexpress machine secure property, Greg Bellows, 2014/12/15
- [Qemu-devel] [PATCH v3 05/15] target-arm: Change vexpress daughterboard init arg, Greg Bellows, 2014/12/15
- [Qemu-devel] [PATCH v3 06/15] target-arm: Add virt class and machine types, Greg Bellows, 2014/12/15
- [Qemu-devel] [PATCH v3 07/15] target-arm: Add virt machine secure property, Greg Bellows, 2014/12/15
- [Qemu-devel] [PATCH v3 08/15] target-arm: Add feature unset function, Greg Bellows, 2014/12/15
- [Qemu-devel] [PATCH v3 09/15] target-arm: Add ARMCPU secure property, Greg Bellows, 2014/12/15
- [Qemu-devel] [PATCH v3 10/15] target-arm: Add arm_boot_info secure_boot control,
Greg Bellows <=
- [Qemu-devel] [PATCH v3 11/15] target-arm: Enable CPU has_el3 prop during VE init, Greg Bellows, 2014/12/15
- [Qemu-devel] [PATCH v3 12/15] target-arm: Set CPU has_el3 prop during virt init, Greg Bellows, 2014/12/15
- [Qemu-devel] [PATCH v3 13/15] target-arm: Breakout integratorcp and versatilepb cpu init, Greg Bellows, 2014/12/15
- [Qemu-devel] [PATCH v3 14/15] target-arm: Disable EL3 on unsupported machines, Greg Bellows, 2014/12/15
- [Qemu-devel] [PATCH v3 15/15] target-arm: add cpu feature EL3 to CPUs with Security Extensions, Greg Bellows, 2014/12/15