[U-Boot] [PATCH v4 2/9] efi_loader: AArch64: Run EFI payloads in EL2 if U-Boot runs in EL3
Alexander Graf
agraf at suse.de
Tue Jun 21 19:55:26 CEST 2016
> Am 21.06.2016 um 19:12 schrieb york sun <york.sun at nxp.com>:
>
>> On 06/20/2016 04:07 PM, Alexander Graf wrote:
>> Some boards decided not to run ATF or other secure firmware in EL3, so
>> they instead run U-Boot there. The uEFI spec doesn't know what EL3 is
>> though - it only knows about EL2 and EL1. So if we see that we're running
>> in EL3, let's get into EL2 to make payloads happy.
>>
>> Signed-off-by: Alexander Graf <agraf at suse.de>
>> ---
>> arch/arm/include/asm/armv8/mmu.h | 19 ++++++++++++-------
>> cmd/bootefi.c | 11 +++++++++++
>> 2 files changed, 23 insertions(+), 7 deletions(-)
>>
>> diff --git a/arch/arm/include/asm/armv8/mmu.h b/arch/arm/include/asm/armv8/mmu.h
>> index 0d08ed3..876a2b2 100644
>> --- a/arch/arm/include/asm/armv8/mmu.h
>> +++ b/arch/arm/include/asm/armv8/mmu.h
>> @@ -116,19 +116,24 @@
>> static inline void set_ttbr_tcr_mair(int el, u64 table, u64 tcr, u64 attr)
>> {
>> asm volatile("dsb sy");
>> - if (el == 1) {
>> + switch (el) {
>> + case 1:
>> asm volatile("msr ttbr0_el1, %0" : : "r" (table) : "memory");
>> asm volatile("msr tcr_el1, %0" : : "r" (tcr) : "memory");
>> asm volatile("msr mair_el1, %0" : : "r" (attr) : "memory");
>> - } else if (el == 2) {
>> - asm volatile("msr ttbr0_el2, %0" : : "r" (table) : "memory");
>> - asm volatile("msr tcr_el2, %0" : : "r" (tcr) : "memory");
>> - asm volatile("msr mair_el2, %0" : : "r" (attr) : "memory");
>> - } else if (el == 3) {
>> + break;
>> + case 3:
>> asm volatile("msr ttbr0_el3, %0" : : "r" (table) : "memory");
>> asm volatile("msr tcr_el3, %0" : : "r" (tcr) : "memory");
>> asm volatile("msr mair_el3, %0" : : "r" (attr) : "memory");
>> - } else {
>> +
>> + /* We may switch to EL2 later, so set those too; fall through */
>> + case 2:
>> + asm volatile("msr ttbr0_el2, %0" : : "r" (table) : "memory");
>> + asm volatile("msr tcr_el2, %0" : : "r" (tcr) : "memory");
>> + asm volatile("msr mair_el2, %0" : : "r" (attr) : "memory");
>> + break;
>
>
> This may be problematic. If we use secure memory for EL3, the MMU tables
> have to be within the secure memory. But EL2 will not be able to access
> it. I believe you have verified this patch set actually work. I am
> curious how it work.
That's a good question. I suppose the default config doesn't actually lock secure memory? Or doesn't go secure at all?
Alex
More information about the U-Boot
mailing list