[U-Boot] [PATCH 3/9] ARM: HYP/non-sec switch in bootm.c

Christoffer Dall christoffer.dall at linaro.org
Mon Dec 30 06:22:15 CET 2013


On 29 December 2013 21:15,  <TigerLiu at viatech.com.cn> wrote:
> Hi, Dall:
> Thanks for your quick response!
>>It depends on the board.  Which ARM doc are you referring to?
> ARM Security Technology : Building a Secure System using TrustZone
> Technology.
> (PRD29-GENC-009492C)
> Figure 5-2 in Chapter 5.2.1 Boot Sequence.
> Based on my understanding, U-boot is classfied as normal world boot
> loader.
> Maybe my understanding is wrong! :)

I am not an authority on classifying software according to some
specification.  All I know is how the architecture and hardware works
to some limited degree.  My take on this would be that it depends on
your use of TrustZone.

>
>>In general, there are three options for how u-boot is booted:
>>1. In secure mode
>>2. In non-secure hyp mode
>>3. in non-secure svc mode
>
>>for (1) you can just switch to non-secure hyp.  for (2) you don't have
>>to do anything.  for (3) you're screwed, unless there's a backdoor
>>call to enter Hyp mode (typically found on TI hardware).
> For (1), i didn't get it totally:
> On a platform with a CA7 supporting TZ tech, but this SOC not support
> VT,

If it's a Cortex-A7 you have both virtualization extensions and the
security extensions.  If it does not, it's not a Cortex-A7.

> usually cpu is powered on in secure mode.

yes, a CPU is powered on in secure mode, but it varies what the first
piece of software that runs is.  If we are talking u-boot:

> So, i could only switch it to non-sec state?

if there is no virtualization support on your SoC, then there is no
Hyp mode, and you can not switch to it.

> If this CA7 also supports VT, so i could select 2 goals:
> Switch to non-sec state, or swith to non-sec hyp mode?
>
> I think non-sec state is not identical with non-sec hyp mode.
>

I think you need to look at the ARM ARM more carefully:

non-secure *state* includes several non-secure CPU modes (usr, svc,
und, abt, irq, fiq, hyp).  You can choose to switch to either of them
as you want, but if you want to boot Linux you should choose Hyp mode
so KVM will work, unless you are writing your own hypervisor or use
Hyp for something else, in which case you can fall back to booting
Linux in svc mode.

-Christoffer


More information about the U-Boot mailing list