[U-Boot] [PATCH] ARM: bootm: do not add PSCI to fdt when booting in secure mode.

Sun Dec 21 10:45:11 CET 2014

Commit 8bc347e2ec17 "ARM: bootm: Allow booting in secure mode on hyp capable
systems" added the capability to select nonsec vs sec mode boot via an
environment var.

There is a subtle gotcha with this functionality, which is that the PSCI nodes
are still created in the fdt (via armv7_update_dt->fdt_psci) even when booting
in secure mode. Which means that if the kernel is PSCI aware then it will fail
to boot because it will try and do PSCI from secure world, which won't work.

This likely didn't get noticed before because the original purpose was to
support booting the legacy linux-sunxi kernels which don't understand PSCI.

To fix expose boot_nonsec (renaming with armv7_ prefix) outside of bootm.c and
use from the virt-dt code.

As well as avoiding the creation of the PSCI nodes we should also avoid
reserving the secure RAM, so do so.

Signed-off-by: Ian Campbell <ijc at hellion.org.uk>
Cc: Hans de Goede <hdegoede at redhat.com>
Cc: Albert ARIBAUD <albert.u.boot at aribaud.net>
Cc: Tom Rini <trini at ti.com>
---
I think this should go into v2015.01 as a bug fix.
---
 arch/arm/cpu/armv7/virt-dt.c | 2 ++
 arch/arm/include/asm/armv7.h | 1 +
 arch/arm/lib/bootm.c         | 4 ++--
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/arch/arm/cpu/armv7/virt-dt.c b/arch/arm/cpu/armv7/virt-dt.c
index 0b0d6a7..ad19e4c 100644
--- a/arch/arm/cpu/armv7/virt-dt.c
+++ b/arch/arm/cpu/armv7/virt-dt.c
@@ -90,6 +90,8 @@ static int fdt_psci(void *fdt)
 
 int armv7_update_dt(void *fdt)
 {
+	if (!armv7_boot_nonsec())
+		return 0;
 #ifndef CONFIG_ARMV7_SECURE_BASE
 	/* secure code lives in RAM, keep it alive */
 	fdt_add_mem_rsv(fdt, (unsigned long)__secure_start,
diff --git a/arch/arm/include/asm/armv7.h b/arch/arm/include/asm/armv7.h
index 323f282..a13da23 100644
--- a/arch/arm/include/asm/armv7.h
+++ b/arch/arm/include/asm/armv7.h
@@ -80,6 +80,7 @@ void v7_outer_cache_inval_range(u32 start, u32 end);
 
 int armv7_init_nonsec(void);
 int armv7_update_dt(void *fdt);
+bool armv7_boot_nonsec(void);
 
 /* defined in assembly file */
 unsigned int _nonsec_init(void);
diff --git a/arch/arm/lib/bootm.c b/arch/arm/lib/bootm.c
index a7f7c67..0c1298a 100644
--- a/arch/arm/lib/bootm.c
+++ b/arch/arm/lib/bootm.c
@@ -238,7 +238,7 @@ static void boot_prep_linux(bootm_headers_t *images)
 }
 
 #if defined(CONFIG_ARMV7_NONSEC) || defined(CONFIG_ARMV7_VIRT)
-static bool boot_nonsec(void)
+bool armv7_boot_nonsec(void)
 {
 	char *s = getenv("bootm_boot_mode");
 #ifdef CONFIG_ARMV7_BOOT_SEC_DEFAULT
@@ -305,7 +305,7 @@ static void boot_jump_linux(bootm_headers_t *images, int flag)
 
 	if (!fake) {
 #if defined(CONFIG_ARMV7_NONSEC) || defined(CONFIG_ARMV7_VIRT)
-		if (boot_nonsec()) {
+		if (armv7_boot_nonsec()) {
 			armv7_init_nonsec();
 			secure_ram_addr(_do_nonsec_entry)(kernel_entry,
 							  0, machid, r2);
-- 
2.1.3

