[RFC PATCH] arm: EFI: Disallow EFI bootmgr when providing PSCI
andre.przywara at arm.com
Fri Jan 22 13:04:20 CET 2021
When "bootefi bootmgr" is run, it switches the CPU into non-secure
state. This breaks platforms like 32-bit Allwinner boards that rely on
running in secure state until late in the process, when they install
the PSCI handler in secure memory and drop into non-secure state.
They hang just before entering the kernel, after the "Starting the
Commit f3866909e350 ("distro_bootcmd: call EFI bootmgr even without
having /EFI/boot") changed the order of EFI probing, so the EFI bootmgr
is now *always* run, resulting in the default distro boot commands now
*always* failing, even in the total absence of any UEFI directories or
So use the newly added build option to disable the EFI bootmgr, which
makes those boards boot again using the distro boot commands.
Explicitly calling "bootefi bootmgr" still breaks the boot, though.
Signed-off-by: Andre Przywara <andre.przywara at arm.com>
Reported-by: Jernej Skrabec <jernej.skrabec at siol.net>
the above is the result of my analysis, happy to stand corrected in
case I missed something. I know that this is not a proper solution,
but it's an effective stop-gap measure to fix all those boards. It looks
like a proper solution would either be:
- Let the EFI bootmgr run in the current security state.
- Install the PSCI handlers early in U-Boot.
Both solutions sound rather involved, so probably require more time.
But we need to fix this breakage now.
lib/efi_loader/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index e729f727df1..a1e453fa605 100644
@@ -30,6 +30,7 @@ if EFI_LOADER
bool "UEFI Boot Manager"
+ depends on !ARMV7_PSCI
Select this option if you want to select the UEFI binary to be booted
via UEFI variables Boot####, BootOrder, and BootNext. This enables the
More information about the U-Boot