Message ID | 20180612172748.36790-3-kettenis@openbsd.org |
---|---|
State | Superseded |
Delegated to: | Alexander Graf |
Headers | show |
Series | efi_loader: ARM: add support for ARMV7_NONSEC=y | expand |
On 12.06.18 19:27, Mark Kettenis wrote: > If desired (and possible) switch into HYP mode or non-secure SVC mode > before calling the entry point of an EFI application. This allows > U-Boot to provide a usable PSCI implementation and makes it possible > to boot kernels into hypervisor mode using an EFI bootloader. > > Based on diffs from Heinrich Schuchardt and Alexander Graf. > > Signed-off-by: Mark Kettenis <kettenis@openbsd.org> > --- > cmd/bootefi.c | 32 ++++++++++++++++++++++++++++++++ > 1 file changed, 32 insertions(+) > > diff --git a/cmd/bootefi.c b/cmd/bootefi.c > index 707d159bac..a5d144d9a4 100644 > --- a/cmd/bootefi.c > +++ b/cmd/bootefi.c > @@ -20,6 +20,11 @@ > #include <asm-generic/unaligned.h> > #include <linux/linkage.h> > > +#ifdef CONFIG_ARM Is this the correct guard? CONFIG_ARM is also set for AArch64 for example. Maybe use CONFIG_ARMV7_NONSEC instead? > +#include <asm/armv7.h> > +#include <asm/secure.h> > +#endif > + > DECLARE_GLOBAL_DATA_PTR; > > #define OBJ_LIST_NOT_INITIALIZED 1 > @@ -189,6 +194,18 @@ static efi_status_t efi_run_in_el2(EFIAPI efi_status_t (*entry)( > } > #endif > > +#ifdef CONFIG_ARMV7_NONSEC > +static efi_status_t efi_run_in_hyp(EFIAPI efi_status_t (*entry)( > + efi_handle_t image_handle, struct efi_system_table *st), > + efi_handle_t image_handle, struct efi_system_table *st) > +{ > + /* Enable caches again */ > + dcache_enable(); Are you sure the dcache_enable/disable bits do what you want? IIRC the situation on armv7 wasn't quite as obvious. Alex > + > + return efi_do_enter(image_handle, st, entry); > +} > +#endif > + > /* Carve out DT reserved memory ranges */ > static efi_status_t efi_carve_out_dt_rsv(void *fdt) > { > @@ -338,6 +355,21 @@ static efi_status_t do_bootefi_exec(void *efi, > } > #endif > > +#ifdef CONFIG_ARMV7_NONSEC > + if (armv7_boot_nonsec()) { > + dcache_disable(); /* flush cache before switch to HYP */ > + > + armv7_init_nonsec(); > + secure_ram_addr(_do_nonsec_entry)(efi_run_in_hyp, > + (uintptr_t)entry, > + (uintptr_t)loaded_image_info_obj.handle, > + (uintptr_t)&systab); > + > + /* Should never reach here, efi exits with longjmp */ > + while (1) { } > + } > +#endif > + > ret = efi_do_enter(loaded_image_info_obj.handle, &systab, entry); > > exit: >
diff --git a/cmd/bootefi.c b/cmd/bootefi.c index 707d159bac..a5d144d9a4 100644 --- a/cmd/bootefi.c +++ b/cmd/bootefi.c @@ -20,6 +20,11 @@ #include <asm-generic/unaligned.h> #include <linux/linkage.h> +#ifdef CONFIG_ARM +#include <asm/armv7.h> +#include <asm/secure.h> +#endif + DECLARE_GLOBAL_DATA_PTR; #define OBJ_LIST_NOT_INITIALIZED 1 @@ -189,6 +194,18 @@ static efi_status_t efi_run_in_el2(EFIAPI efi_status_t (*entry)( } #endif +#ifdef CONFIG_ARMV7_NONSEC +static efi_status_t efi_run_in_hyp(EFIAPI efi_status_t (*entry)( + efi_handle_t image_handle, struct efi_system_table *st), + efi_handle_t image_handle, struct efi_system_table *st) +{ + /* Enable caches again */ + dcache_enable(); + + return efi_do_enter(image_handle, st, entry); +} +#endif + /* Carve out DT reserved memory ranges */ static efi_status_t efi_carve_out_dt_rsv(void *fdt) { @@ -338,6 +355,21 @@ static efi_status_t do_bootefi_exec(void *efi, } #endif +#ifdef CONFIG_ARMV7_NONSEC + if (armv7_boot_nonsec()) { + dcache_disable(); /* flush cache before switch to HYP */ + + armv7_init_nonsec(); + secure_ram_addr(_do_nonsec_entry)(efi_run_in_hyp, + (uintptr_t)entry, + (uintptr_t)loaded_image_info_obj.handle, + (uintptr_t)&systab); + + /* Should never reach here, efi exits with longjmp */ + while (1) { } + } +#endif + ret = efi_do_enter(loaded_image_info_obj.handle, &systab, entry); exit:
If desired (and possible) switch into HYP mode or non-secure SVC mode before calling the entry point of an EFI application. This allows U-Boot to provide a usable PSCI implementation and makes it possible to boot kernels into hypervisor mode using an EFI bootloader. Based on diffs from Heinrich Schuchardt and Alexander Graf. Signed-off-by: Mark Kettenis <kettenis@openbsd.org> --- cmd/bootefi.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+)