[U-Boot] [PATCH v3 0/3] efi_loader: ARM: add support for ARMV7_NONSEC=y

Alexander Graf agraf at suse.de
Fri Jun 15 10:49:48 UTC 2018 


On 15.06.18 05:39, Heinrich Schuchardt wrote:
> On 06/14/2018 10:50 PM, Mark Kettenis wrote:
>>> From: Heinrich Schuchardt <xypron.glpk at gmx.de>
>>> Date: Thu, 14 Jun 2018 19:55:51 +0200
>>>
>>> On 06/14/2018 12:41 AM, Mark Kettenis wrote:
>>>> This series makes it possible to run EFI applications in non-secure
>>>> mode.  It allows me to run OpenBSD on the Technexion PICO-PI-IMX7 and
>>>> Banana Pi boards using the PSCI implementation provided by U-Boot.
>>>>
>>>> The second version avoids using r3 to pass the original stack pointer.
>>>> For some reason that register gets clobbered on the Banana Pi.  Instead
>>>> this version just migrates SP_svc to SP_hyp.
>>>>
>>>> This third version avoids saving r3 on the stack and fixes an include
>>>> guard as suggested by Alexander Graf.
>>>>
>>>> Mark Kettenis (3):
>>>>   ARM: HYP/non-sec: migrate stack
>>>>   efi_loader: ARM: run EFI payloads non-secure
>>>>   Revert "efi_loader: no support for ARMV7_NONSEC=y"
>>>>
>>>>  arch/arm/cpu/armv7/nonsec_virt.S |  2 ++
>>>>  cmd/bootefi.c                    | 32 ++++++++++++++++++++++++++++++++
>>>>  doc/README.uefi                  |  2 --
>>>>  lib/efi_loader/Kconfig           |  2 --
>>>>  4 files changed, 34 insertions(+), 4 deletions(-)
>>>>
>>> Hello Mark,
>>>
>>> with this patch series running bootefi hello twice in sequence fails on
>>> the BananaPi.
>>>
>>> => bootefi hello
>>> Scanning disk mmc at 01c0f000.blk...
>>> Found 3 disks
>>> WARNING: booting without device tree
>>> ## Starting EFI application at 42000000 ...
>>> WARNING: using memory device/image path, this may confuse some payloads!
>>> Hello, world!
>>> Running on UEFI 2.7
>>> Have SMBIOS table
>>> Load options: earlyprintk nosmp
>>> ## Application terminated, r = 0
>>> => bootefi hello
>>> WARNING: booting without device tree
>>> ## Starting EFI application at 42000000 ...
>>> WARNING: using memory device/image path, this may confuse some payloads!
>>> <!-- no output after the preceding line -->
>>
>> Yeah.  Trying to enter non-secure mode when we're already in
>> non-secure mode doesn't really work.  We should skip the switching
>> code in that case.  Now checking whether we are in non-secure mode
>> isn't really possible.  But I guess we can set a variable and check it
>> before we go down the switching codepath.  With that in I can exit the
>> OpenBSD bootloader and then reload and run it again.  I'll include
>> that fix in the next respin.
> 
> Hello Mark,
> 
> you might move the call to switch to non-secure mode to efi_init_obj_list().

I would actually prefer to keep it where it is. That way we have the
option to move the object initialization to a different stage later on.

The only thing missing is really a check which level we're on. The
aarch64 code does this with a current_el() == 3 condition.


Alex

More information about the U-Boot mailing list