[U-Boot] [PATCH 2/2] ARM: bootm: Allow booting in secure mode on hyp capable systems
Hans de Goede
hdegoede at redhat.com
Fri Oct 24 20:34:16 CEST 2014
Older Linux kernels will not properly boot in hyp mode, add support for a
bootm_boot_mode environment variable, which can be set to "sec" or "nonsec"
to force booting in secure or non-secure mode when build with non-sec support.
The default behavior can be selected through CONFIG_ARMV7_BOOT_SEC_DEFAULT,
when this is set booting in secure mode is the default. The default setting
for this Kconfig option is N, preserving the current behavior of booting in
non-secure mode by default when non-secure mode is supported.
Signed-off-by: Hans de Goede <hdegoede at redhat.com>
Acked-by: Marc Zyngier <marc.zyngier at arm.com>
Acked-by: Siarhei Siamashka <siarhei.siamashka at gmail.com>
--
Changes in v2:
-Allow changing the default boot mode to secure through defining
CONFIG_ARMV7_BOOT_SEC_DEFAULT, this is useful for archs which have a Kconfig
option for compatibility with older kernels
Changes in v3:
-Add an else at the end of the #ifdef NONSEC block so that if do_nonsec_entry
fails we do not end up re-trying in secure mode
Changes in v4:
-Add a Kconfig option to select to boot in secure or non-secure mode by default
---
arch/arm/cpu/armv7/Kconfig | 11 +++++++++++
arch/arm/lib/bootm.c | 31 ++++++++++++++++++++++++++-----
2 files changed, 37 insertions(+), 5 deletions(-)
diff --git a/arch/arm/cpu/armv7/Kconfig b/arch/arm/cpu/armv7/Kconfig
index 84e3edb..18a4ff3 100644
--- a/arch/arm/cpu/armv7/Kconfig
+++ b/arch/arm/cpu/armv7/Kconfig
@@ -9,6 +9,17 @@ config ARMV7_NONSEC
---help---
Say Y here to enable support for booting in non-secure / SVC mode.
+config ARMV7_BOOT_SEC_DEFAULT
+ boolean "Boot in secure mode by default" if EXPERT
+ depends on ARMV7_NONSEC
+ default n
+ ---help---
+ Say Y here to boot in secure mode by default even if non-secure mode
+ is supported. This option is useful to boot kernels which do not
+ suppport booting in secure mode. Only set this if you need it.
+ This can be overriden at run-time by setting the bootm_boot_mode env.
+ variable to "sec" or "nonsec".
+
# FIXME, needs a "depends on ARMV7_HAS_VIRT"
config ARMV7_VIRT
boolean "Enable support for hardware virtualization" if EXPERT
diff --git a/arch/arm/lib/bootm.c b/arch/arm/lib/bootm.c
index 39fe7a1..d2a956c 100644
--- a/arch/arm/lib/bootm.c
+++ b/arch/arm/lib/bootm.c
@@ -235,6 +235,26 @@ static void boot_prep_linux(bootm_headers_t *images)
}
}
+#if defined(CONFIG_ARMV7_NONSEC) || defined(CONFIG_ARMV7_VIRT)
+static bool boot_nonsec(void)
+{
+ char *s = getenv("bootm_boot_mode");
+#ifdef CONFIG_ARMV7_BOOT_SEC_DEFAULT
+ bool nonsec = false;
+#else
+ bool nonsec = true;
+#endif
+
+ if (s && !strcmp(s, "sec"))
+ nonsec = false;
+
+ if (s && !strcmp(s, "nonsec"))
+ nonsec = true;
+
+ return nonsec;
+}
+#endif
+
/* Subcommand: GO */
static void boot_jump_linux(bootm_headers_t *images, int flag)
{
@@ -283,12 +303,13 @@ static void boot_jump_linux(bootm_headers_t *images, int flag)
if (!fake) {
#if defined(CONFIG_ARMV7_NONSEC) || defined(CONFIG_ARMV7_VIRT)
- armv7_init_nonsec();
- secure_ram_addr(_do_nonsec_entry)(kernel_entry,
- 0, machid, r2);
-#else
- kernel_entry(0, machid, r2);
+ if (boot_nonsec()) {
+ armv7_init_nonsec();
+ secure_ram_addr(_do_nonsec_entry)(kernel_entry,
+ 0, machid, r2);
+ } else
#endif
+ kernel_entry(0, machid, r2);
}
#endif
}
--
2.1.0
More information about the U-Boot
mailing list