[U-Boot] [PATCH v3 0/3] efi_loader: ARM: add support for ARMV7_NONSEC=y
Alexander Graf
agraf at suse.de
Fri Jun 15 13:12:31 UTC 2018
Am 15.06.2018 um 15:01 schrieb Mark Kettenis <mark.kettenis at xs4all.nl>:
>> From: Alexander Graf <agraf at suse.de>
>> Date: Fri, 15 Jun 2018 12:49:48 +0200
>>
>>> On 15.06.18 05:39, Heinrich Schuchardt wrote:
>>> On 06/14/2018 10:50 PM, Mark Kettenis wrote:
>>>>> From: Heinrich Schuchardt <xypron.glpk at gmx.de>
>>>>> Date: Thu, 14 Jun 2018 19:55:51 +0200
>>>>>
>>>>>> On 06/14/2018 12:41 AM, Mark Kettenis wrote:
>>>>>> This series makes it possible to run EFI applications in non-secure
>>>>>> mode. It allows me to run OpenBSD on the Technexion PICO-PI-IMX7 and
>>>>>> Banana Pi boards using the PSCI implementation provided by U-Boot.
>>>>>>
>>>>>> The second version avoids using r3 to pass the original stack pointer.
>>>>>> For some reason that register gets clobbered on the Banana Pi. Instead
>>>>>> this version just migrates SP_svc to SP_hyp.
>>>>>>
>>>>>> This third version avoids saving r3 on the stack and fixes an include
>>>>>> guard as suggested by Alexander Graf.
>>>>>>
>>>>>> Mark Kettenis (3):
>>>>>> ARM: HYP/non-sec: migrate stack
>>>>>> efi_loader: ARM: run EFI payloads non-secure
>>>>>> Revert "efi_loader: no support for ARMV7_NONSEC=y"
>>>>>>
>>>>>> arch/arm/cpu/armv7/nonsec_virt.S | 2 ++
>>>>>> cmd/bootefi.c | 32 ++++++++++++++++++++++++++++++++
>>>>>> doc/README.uefi | 2 --
>>>>>> lib/efi_loader/Kconfig | 2 --
>>>>>> 4 files changed, 34 insertions(+), 4 deletions(-)
>>>>>>
>>>>> Hello Mark,
>>>>>
>>>>> with this patch series running bootefi hello twice in sequence fails on
>>>>> the BananaPi.
>>>>>
>>>>> => bootefi hello
>>>>> Scanning disk mmc at 01c0f000.blk...
>>>>> Found 3 disks
>>>>> WARNING: booting without device tree
>>>>> ## Starting EFI application at 42000000 ...
>>>>> WARNING: using memory device/image path, this may confuse some payloads!
>>>>> Hello, world!
>>>>> Running on UEFI 2.7
>>>>> Have SMBIOS table
>>>>> Load options: earlyprintk nosmp
>>>>> ## Application terminated, r = 0
>>>>> => bootefi hello
>>>>> WARNING: booting without device tree
>>>>> ## Starting EFI application at 42000000 ...
>>>>> WARNING: using memory device/image path, this may confuse some payloads!
>>>>> <!-- no output after the preceding line -->
>>>>
>>>> Yeah. Trying to enter non-secure mode when we're already in
>>>> non-secure mode doesn't really work. We should skip the switching
>>>> code in that case. Now checking whether we are in non-secure mode
>>>> isn't really possible. But I guess we can set a variable and check it
>>>> before we go down the switching codepath. With that in I can exit the
>>>> OpenBSD bootloader and then reload and run it again. I'll include
>>>> that fix in the next respin.
>>>
>>> Hello Mark,
>>>
>>> you might move the call to switch to non-secure mode to efi_init_obj_list().
>>
>> I would actually prefer to keep it where it is. That way we have the
>> option to move the object initialization to a different stage later on.
>
> Also I'd rather not touch the aarch64 code in this series and I think
> it makes sense to keep the switching in the same place for aarch32 and
> aarch64.
>
>> The only thing missing is really a check which level we're on. The
>> aarch64 code does this with a current_el() == 3 condition.
>
> As I replied to Heinrich, checking whether we're secure or not isn't
> simple as reading the SCR.NS bit will trap if we're in non-secure
> mode. But using a global variable to remember the state we're in,
> works and isn't too ugly.
Can you figure out something else? Like whether you're in SVC?
> I'm going to look into enabling the MMU for HYP over the weekend.
> I'll do another respin once I've figured that issue out.
It might just be as simple as depending on LPAE in Kconfig when NS is set :)
Alex
More information about the U-Boot
mailing list