[U-Boot] [PATCH v3 2/3] efi_loader: ARM: run EFI payloads non-secure

Mark Kettenis mark.kettenis at xs4all.nl
Sun Sep 23 18:22:25 UTC 2018 

> From: Heinrich Schuchardt <xypron.glpk at gmx.de>
> Date: Sun, 23 Sep 2018 05:38:29 +0200
> 
> On 09/23/2018 04:39 AM, Jonathan Gray wrote:
> > On Sun, Sep 23, 2018 at 01:30:11AM +0200, Heinrich Schuchardt wrote:
> >> On 09/01/2018 12:21 PM, Alexander Graf wrote:
> >>>
> >>>
> >>> On 31.08.18 20:45, Mark Kettenis wrote:
> >>>>> From: Heinrich Schuchardt <xypron.glpk at gmx.de>
> >>>>> Date: Fri, 31 Aug 2018 19:37:25 +0200
> >>>>>
> >>>>> On 06/14/2018 12:41 AM, Mark Kettenis wrote:
> >>>>>> If desired (and possible) switch into HYP mode or non-secure SVC mode
> >>>>>> before calling the entry point of an EFI application.  This allows
> >>>>>> U-Boot to provide a usable PSCI implementation and makes it possible
> >>>>>> to boot kernels into hypervisor mode using an EFI bootloader.
> >>>>>>
> >>>>>> Based on diffs from Heinrich Schuchardt and Alexander Graf.
> >>>>>>
> >>>>>> Signed-off-by: Mark Kettenis <kettenis at openbsd.org>
> >>>>>
> >>>>> bootefi hello fails on vexpress_ca15_tc2_defconfig when run on qemu with
> >>>>>
> >>>>>         QEMU_AUDIO_DRV=none qemu-system-arm \
> >>>>>         -M vexpress-a15 -cpu cortex-a15 -kernel u-boot \
> >>>>>         -net user -net nic,model=lan9118 \
> >>>>>         -m 1024M --nographic \
> >>>>>         -drive if=sd,file=img.vexpress,media=disk,format=raw
> >>>>
> >>>> Works for me with:
> >>>>
> >>>> $ qemu-system-arm --version
> >>>> QEMU emulator version 3.0.0
> >>>> Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers
> >>>>
> >>>> => bootefi hello
> >>>> Scanning disks on mmc...
> >>>> MMC Device 1 not found
> >>>> MMC Device 2 not found
> >>>> MMC Device 3 not found
> >>>> Found 3 disks
> >>>> WARNING: booting without device tree
> >>>> ## Starting EFI application at a0008000 ...
> >>>> WARNING: using memory device/image path, this may confuse some payloads!
> >>>> Hello, world!
> >>>> Running on UEFI 2.7
> >>>> Have SMBIOS table
> >>>> Load options: <none>
> >>>> ## Application terminated, r = 0
> >>>>
> >>>> That is with CONFIG_CMD_BOOTEFI_HELLO=y added to the
> >>>> vexpress_ca15_tc2_defconfig of course.
> >>>>
> >>>>> Bisection points to
> >>>>> efi_loader: ARM: run EFI payloads non-secure
> >>>>> commit dc500c369486fbe04000fd325c46bb309e4a1827
> >>>>
> >>>> That suggests an issue with emulation if the mode switching
> >>>> instructions or HYP support in qemu.  Or a toolchain issue of course.
> >>>
> >>> Or maybe Heinrich's QEMU version starts up in a different EL mode?
> >>>
> >>>
> >>> Alex
> >>> _______________________________________________
> >>> U-Boot mailing list
> >>> U-Boot at lists.denx.de
> >>> https://lists.denx.de/listinfo/u-boot
> >>>
> >> The problem is reproducible with qemu 3.0.0.
> >>
> >> git reset --hard dc500c369486fbe04000fd325c46bb309e4a1827
> >>
> >> --- a/lib/efi_loader/Kconfig
> >> +++ b/lib/efi_loader/Kconfig
> >> @@ -2,7 +2,6 @@ config EFI_LOADER
> >>         bool "Support running EFI Applications in U-Boot"
> >>         depends on (ARM || X86 || RISCV) && OF_LIBFDT
> >>         # We do not support bootefi booting ARMv7 in non-secure mode
> >> -       depends on !ARMV7_NONSEC
> >>         # We need EFI_STUB_64BIT to be set on x86_64 with EFI_STUB
> >>         depends on !EFI_STUB || !X86_64 || EFI_STUB_64BIT
> >>         # We need EFI_STUB_32BIT to be set on x86_32 with EFI_STUB
> >>
> >> make vexpress_ca15_tc2_defconfig
> >>
> >> Set CONFIG_CMD_BOOTEFI_HELLO=y
> >>
> >> export CROSS_COMPILE=arm-linux-gnueabihf-
> >> make
> >>
> >> QEMU_AUDIO_DRV=none qemu-system-arm \
> >> -M vexpress-a15 -cpu cortex-a15 -kernel u-boot \
> >> -netdev \
> >> user,id=net0,tftp=tftp,net=192.168.76.0/24,dhcpstart=192.168.76.9 \
> >> -net nic,model=lan9118,netdev=net0 \
> >> -m 1024M --nographic \
> >> -drive if=sd,file=img.vexpress,media=disk,format=raw
> >>
> >> => bootefi hello
> >> Scanning disks on mmc...
> >> MMC Device 1 not found
> >> MMC Device 2 not found
> >> MMC Device 3 not found
> >> Found 2 disks
> >> WARNING: booting without device tree
> >> ## Starting EFI application at a0008000 ...
> >> WARNING: using memory device/image path, this may confuse some payloads!
> >>
> >> No further output after this line :(
> > 
> > bootefi hello works fine with 2018.09 and qemu 3.0 here
> > 
> > gmake PYTHON=python2.7 CROSS_COMPILE=arm-none-eabi- vexpress_ca15_tc2_defconfig O=build/vexpress
> > gmake PYTHON=python2.7 CROSS_COMPILE=arm-none-eabi- O=build/vexpress menuconfig
> > gmake PYTHON=python2.7 CROSS_COMPILE=arm-none-eabi- O=build/vexpress all
> > 
> > $ arm-none-eabi-gcc -v
> > Using built-in specs.
> > COLLECT_GCC=arm-none-eabi-gcc
> > COLLECT_LTO_WRAPPER=/usr/local/libexec/gcc/arm-none-eabi/6.3.1/lto-wrapper
> > Target: arm-none-eabi
> > Configured with: /usr/obj/ports/arm-none-eabi-gcc-linaro-6.3.2017.02-arm/gcc-linaro-6.3-2017.02/configure --enable-languages=c,c++ --enable-multilib --enable-interwork --with-gmp=/usr/local --with-newlib --disable-lto --enable-cpp --target=arm-none-eabi --disable-shared --disable-nls --disable-werror --prefix=/usr/local --sysconfdir=/etc --mandir=/usr/local/man --infodir=/usr/local/info --localstatedir=/var --disable-silent-rules --disable-gtk-doc
> > Thread model: single
> > gcc version 6.3.1 20170109 (Linaro GCC 6.3-2017.02)
> > 
> > $ qemu-system-arm --version
> > QEMU emulator version 3.0.0
> > Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers
> > 
> > qemu-system-arm -m 1024 -M vexpress-a15 -kernel build/vexpress/u-boot -serial stdio
> > 
> > U-Boot 2018.09-00001-g2a9fbd55c3 (Sep 23 2018 - 12:24:33 +1000)
> > 
> > DRAM:  1 GiB
> > WARNING: Caches not enabled
> > Flash: 128 MiB
> > MMC:   MMC: 0
> > *** Warning - bad CRC, using default environment
> > 
> > In:    serial
> > Out:   serial
> > Err:   serial
> > Net:   smc911x-0
> > Hit any key to stop autoboot:  0
> > => bootefi hellopi
> > Scanning disks on mmc...
> > Card did not respond to voltage select!
> > MMC Device 1 not found
> > MMC Device 2 not found
> > MMC Device 3 not found
> > Found 0 disks
> > WARNING: booting without device tree
> > ## Starting EFI application at a0008000 ...
> > WARNING: using memory device/image path, this may confuse some payloads!
> > Hello, world!
> > Running on UEFI 2.7
> > Have SMBIOS table
> > Load options: <none>
> > ## Application terminated, r = 0
> > => 
> > 
> The difference seems to be in the compiler:
> With the recipe above arm-none-eabi-gcc 6.3.1 is working but
> arm-linux-gnueabihf-gcc 8.2.0 (as supplied with Debian Buster) is still
> failing.

Are you sure it's the compiler that causes the breakage and not the
linker?  Apparently there was a recent change in binutils that affects
sectipn alignment.  See commit
792b204798453d96b00e0817e8472c19455e92a2 for a workaround.  It
wouldn't surprise me more tweaks like that are necessary.

> Errors like out of bound accesses may become apparent or disappearing
> depending of generated addresses. So it may be by chance that we do not
> see the error with gcc 6.3.1. This does not imply that the code is correct.

Everything is possible.  But there is very little C code involved
here.  It's mostly scary assembly code...

Cheers,

Mark

More information about the U-Boot mailing list