On Wed, Aug 06, 2014 at 08:38:13AM +0100, Ian Campbell wrote: > On Mon, 2014-08-04 at 16:14 +0100, Marc Zyngier wrote: > > > My personal feeling is that booting in secure mode is always the wrong > > thing to do. > > FWIW I agree. > > > If you want to go down the road of a single bootloader that is able to > > run on several SOCs, then do it the proper way: parse the device tree > > and have separate constraints for your SoC. But please don't blacklist > > random cores just because it fits your environment. > > I think there is a CPU feature register which indicates whether support > for HYP mode is present, isn't there?
ID_PFR1[15:12] should tell you if the CPU has the virtualization extensions. > In which case a tolerable fix for now (going all the way DT is a big > yakk to shave...) would be to use that to decide between booting in > NS.HYP vs NS.SVC (nb: not NS.HYP vs S.SVC). That sounds ideal. > I don't recall if the GIC has a feature bit for the security extensions, > but if not then inferring it from the CPUs support wouldn't be the worst > thing in the world under the circumstances. GICD_TYPER[10] (SecurityExtn) should tell you if the GIC has the security extensions. I don't know whether you'll encounter a platform where the CPU and GIC are mismatched w.r.t. security extensions. Mark. _______________________________________________ U-Boot mailing list [email protected] http://lists.denx.de/mailman/listinfo/u-boot
