On 5 May 2015 at 03:08, Edgar E. Iglesias <edgar.igles...@gmail.com> wrote: > On Fri, May 01, 2015 at 06:50:26PM +0100, Peter Maydell wrote: >> This patch series adds support for GICv1 and GICv2 security >> extensions, as well as support for GIC interrupt grouping on GICv2. > > A question. Once we enable the the security extensions on the GICs, > do you have any suggestions on howto best handle direct boots into > NS EL2/1 (Linux)? > > The GIC resets to all interrupts configured for Group0 and Linux running > in NS mode cannot change that so we need some kind of boot-loader > code or magic to do what firmware would have been expected to do > at boot time (switch some irqs to NS).
This is what I had in mind with the bit about: >> * if boot.c is starting the CPUs directly in NonSecure >> mode (because we're booting a kernel directly rather than >> starting firmware, and arm_boot_info::secure_boot is false) >> then it must also manually configure the GIC distributor >> to put all interrupts into Group1. This is boot.c having >> to do a firmware configuration job since it's effectively >> acting as lightweight builtin firmware. I hadn't made up my mind whether this was easier to do via boot.c writing a bunch of values to GICD registers or by having the GIC provide a function/method to call to do the job. -- PMM
