Re: [Qemu-devel] [PATCH v2 10/15] target-arm: Add arm_boot_info secure_boot control

Mon, 15 Dec 2014 09:17:47 -0800 

On 11 December 2014 at 23:29, Greg Bellows <greg.bell...@linaro.org> wrote:
> Adds the secure_boot boolean field to the arm_boot_info descriptor.  This
> fields is used to indicate whether Linux should boot into secure or non-secure
> state if the ARM EL3 feature is enabled.  The default is to leave the CPU in 
> an
> unaltered reset state.  On EL3 enabled systems, the reset state is secure and
> can be overridden by setting the added field to false.
>
> Signed-off-by: Greg Bellows <greg.bell...@linaro.org>
> ---
>  hw/arm/boot.c        | 10 ++++++++++
>  include/hw/arm/arm.h |  4 ++++
>  2 files changed, 14 insertions(+)
>
> diff --git a/hw/arm/boot.c b/hw/arm/boot.c
> index e6a3c5b..7ec33f3 100644
> --- a/hw/arm/boot.c
> +++ b/hw/arm/boot.c
> @@ -457,6 +457,16 @@ static void do_cpu_reset(void *opaque)
>                  env->thumb = info->entry & 1;
>              }
>          } else {
> +            /* If we are booting Linux then we need to check whether we are
> +             * booting into secure or non-secure state and adjust the state
> +             * accordingly.  Out of reset, ARM is defined to be in secure 
> state
> +             * (SCR.NS = 0), we change that here is non-secure boot has been

typo: "if"

> +             * requested.
> +             */
> +            if (arm_feature(env, ARM_FEATURE_EL3) && !info->secure_boot) {
> +                env->cp15.scr_el3 |= SCR_NS;
> +            }
> +
>              if (CPU(cpu) == first_cpu) {
>                  if (env->aarch64) {
>                      env->pc = info->loader_start;
> diff --git a/include/hw/arm/arm.h b/include/hw/arm/arm.h
> index cefc9e6..6659562 100644
> --- a/include/hw/arm/arm.h
> +++ b/include/hw/arm/arm.h
> @@ -37,6 +37,10 @@ struct arm_boot_info {
>      hwaddr gic_cpu_if_addr;
>      int nb_cpus;
>      int board_id;
> +    /* ARM machines that support security extensions use this field to 
> control

Strictly, this should say "the Security Extensions".

> +     * whether Linux is booted as securei(true) or non-secure(false).

Typo: "secure".

> +     */
> +    bool secure_boot;
>      int (*atag_board)(const struct arm_boot_info *info, void *p);
>      /* multicore boards that use the default secondary core boot functions
>       * can ignore these two function calls. If the default functions won't
> --
> 1.8.3.2

thanks
-- PMM

Reply via email to