[U-Boot] [PATCH v1] colibri_imx7: boot kernel in secure mode

Stefan Agner stefan at agner.ch
Wed Jul 24 11:29:47 UTC 2019


On 2019-07-23 15:29, Tobias Junghans wrote:
> Hi Igor,
> 
> thanks for your comments! Is there any solution, patch or workaround I can try 
> to power on the 2nd CPU core in secure mode with mainline kernel?

I am afraid that is not possible since without PSCI mainline simply
lacks the code how to enable the secondary CPU. You cannot use PSCI and
stay in secure mode.

Anyway, why would you want to boot in secure mode anyway? With
non-secure mode your CPU has more features, e.g. you can actually use
virtualization feature (HYP). You do not have that in secure mode.

Booting in non-secure mode is the proper way(tm) to boot on this CPU.

That CAAM issue is unfortunate. But I think it is possible to enable
CAAM access in non-secure mode by making sure to write the proper
registers while being still in secure mode.

--
Stefan

> 
> Thanks and best regards
> 
> Tobias
> 
>> I'm afraid you're right.
>> Just after a bit of time researching and discussing with Stefan, seems
>> that we need to introduce two different wrappers for booting the
>> mainline kernel and downstream NXP kernel.
>>
>> * NXP kernel has legacy code to enable all cores, which works only when
>> running in secure mode.
>> * Mainline kernel, as you said before, does use PSCI for this, which
>> is provided by U-boot (which adds proper psci nodes to the linux
>> dtb on-fly before transferring control to the linux kernel entry point).
>> When we try to load it in secure mode, it continues running on the same
>> Secure PL1, and communication using SMC calling convention doesn't make
>> sense at this case.
> 
> 
> 
> _______________________________________________
> U-Boot mailing list
> U-Boot at lists.denx.de
> https://lists.denx.de/listinfo/u-boot


More information about the U-Boot mailing list