Patchwork [U-Boot,v4,2/8] ARM: add secure monitor handler to switch to non-secure state

login
register
mail settings
Submitter Andre Przywara
Date Aug. 9, 2013, 3:03 p.m.
Message ID <1376060592-10824-3-git-send-email-andre.przywara@linaro.org>
Download mbox | patch
Permalink /patch/266080/
State Changes Requested
Delegated to: Albert ARIBAUD
Headers show

Comments

Andre Przywara - Aug. 9, 2013, 3:03 p.m.
A prerequisite for using virtualization is to be in HYP mode, which
requires the CPU to be in non-secure state first.
Add a new file in arch/arm/cpu/armv7 to hold a monitor handler routine
which switches the CPU to non-secure state by setting the NS and
associated bits.
According to the ARM architecture reference manual this should not be
done in SVC mode, so we have to setup a SMC handler for this.
We create a new vector table to avoid interference with other boards.
The MVBAR register will be programmed later just before the smc call.

Signed-off-by: Andre Przywara <andre.przywara@linaro.org>
---
 arch/arm/cpu/armv7/Makefile      |  4 +++
 arch/arm/cpu/armv7/nonsec_virt.S | 55 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+)
 create mode 100644 arch/arm/cpu/armv7/nonsec_virt.S
Masahiro Yamada - Aug. 27, 2013, 12:23 a.m.
Hello Andre,

> +/* the vector table for secure state */
> +_monitor_vectors:
> +	.word 0	/* reset */
> +	.word 0 /* undef */
> +	adr pc, _secure_monitor
> +	.word 0
> +	.word 0
> +	.word 0
> +	.word 0
> +	.word 0
> +	.word 0	/* pad */

Could you explain why the last line is needed?


Best Regards
Masahiro Yamada
Andre Przywara - Aug. 27, 2013, 9:51 a.m.
On 08/27/2013 02:23 AM, Masahiro Yamada wrote:
> Hello Andre,
>
>> +/* the vector table for secure state */
>> +_monitor_vectors:
>> +	.word 0	/* reset */
>> +	.word 0 /* undef */
>> +	adr pc, _secure_monitor
>> +	.word 0
>> +	.word 0
>> +	.word 0
>> +	.word 0
>> +	.word 0
>> +	.word 0	/* pad */
>
> Could you explain why the last line is needed?

I guess I cannot explain because it's probably not needed ;-)
I copied this from somewhere else and accidentally this padding somehow 
sneaked in (from the actual addresses array, where the start vector was 
missing and thus the array ended at 7 * 4 bytes)

Do we need another version or is a follow-up patch sufficient?
I'd like to avoid another review round for the sake of the reviewers.

Thanks for spotting this,
Andre.
Tom Rini - Aug. 27, 2013, 12:11 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/27/2013 05:51 AM, Andre Przywara wrote:
> On 08/27/2013 02:23 AM, Masahiro Yamada wrote:
>> Hello Andre,
>> 
>>> +/* the vector table for secure state */ +_monitor_vectors: +
>>> .word 0    /* reset */ +    .word 0 /* undef */ +    adr pc,
>>> _secure_monitor +    .word 0 +    .word 0 +    .word 0 +
>>> .word 0 +    .word 0 +    .word 0    /* pad */
>> 
>> Could you explain why the last line is needed?
> 
> I guess I cannot explain because it's probably not needed ;-) I
> copied this from somewhere else and accidentally this padding
> somehow sneaked in (from the actual addresses array, where the
> start vector was missing and thus the array ended at 7 * 4 bytes)
> 
> Do we need another version or is a follow-up patch sufficient? I'd
> like to avoid another review round for the sake of the reviewers.

Lets do a follow-up and Albert can squash it if desired.

- -- 
Tom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSHJdtAAoJENk4IS6UOR1WDgcP/1Rz+1U/La9brudy9OyjeVqT
FYdWMtFr/TGELkoaUX/saY/MZoIPBpCO4iW8y5UvQJ3cQAm5WqgPK4/ku3wcbYC6
yaVC91fQ9UQEqzmUBCRGZAGwJuZ+JiElP/9wmqEi7RvnQTYimRYkEpm+XgxRkuX0
l3HH5QLyTO8CbQ4FKm8XeE0JeMfpNqPflMo5oDNMVlWC7a4VXMP49uIGoYt6emPp
d7US4neOZRgL0ANiC/WoV807otl+llFRgZ0zqM7A60th+jJ2YqJIyZlp6QnL2r+Z
YDLlKSvwBliYlmdFWFxxfUoe+4qK27HrOA39PP/Cj5ocQCoEzIRZFTXhlV3AeB9L
CEhXgImSs0BS4AxN7CPdaJLdDGalphthkHOuGP66m+Xb9k7v6gmdNhphusX01FhC
UUgRRKVUT02dS+51tMRxk1wdy805eI6zo34hmvS2SmWWuxAM1kCQhphUl+Ib1ew6
H7V+XoDdOp+iQzABB86TL8J8KtoUgiVA81NqQsvbiW4pR5rUoxBhTTXEYOnZyMYA
qypDCyYepuQCLtz5kxxe0b1Y4tmZsNKtnVuMA55LtPVLHqX1uJ/vXXHBTsO3rGG3
Rz3BTq0o9GVYBg6YLJh496qD8kzqOfnhpu3U+5Fc10H0ldlDcs8YhLU+hzVD+nLD
dDuxa9OzgPsEK/Wc1mWg
=5MkM
-----END PGP SIGNATURE-----

Patch

diff --git a/arch/arm/cpu/armv7/Makefile b/arch/arm/cpu/armv7/Makefile
index 7a8c2d0..11a8ad5 100644
--- a/arch/arm/cpu/armv7/Makefile
+++ b/arch/arm/cpu/armv7/Makefile
@@ -36,6 +36,10 @@  ifneq ($(CONFIG_AM33XX)$(CONFIG_OMAP44XX)$(CONFIG_OMAP54XX)$(CONFIG_TEGRA)$(CONF
 SOBJS	+= lowlevel_init.o
 endif
 
+ifneq ($(CONFIG_ARMV7_NONSEC),)
+SOBJS	+= nonsec_virt.o
+endif
+
 SRCS	:= $(START:.o=.S) $(COBJS:.o=.c)
 OBJS	:= $(addprefix $(obj),$(COBJS) $(SOBJS))
 START	:= $(addprefix $(obj),$(START))
diff --git a/arch/arm/cpu/armv7/nonsec_virt.S b/arch/arm/cpu/armv7/nonsec_virt.S
new file mode 100644
index 0000000..dbe5c0f
--- /dev/null
+++ b/arch/arm/cpu/armv7/nonsec_virt.S
@@ -0,0 +1,55 @@ 
+/*
+ * code for switching cores into non-secure state
+ *
+ * Copyright (c) 2013	Andre Przywara <andre.przywara@linaro.org>
+ *
+ * See file CREDITS for list of people who contributed to this
+ * project.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
+ * MA 02111-1307 USA
+ */
+
+#include <config.h>
+
+/* the vector table for secure state */
+_monitor_vectors:
+	.word 0	/* reset */
+	.word 0 /* undef */
+	adr pc, _secure_monitor
+	.word 0
+	.word 0
+	.word 0
+	.word 0
+	.word 0
+	.word 0	/* pad */
+
+/*
+ * secure monitor handler
+ * U-boot calls this "software interrupt" in start.S
+ * This is executed on a "smc" instruction, we use a "smc #0" to switch
+ * to non-secure state.
+ * We use only r0 and r1 here, due to constraints in the caller.
+ */
+	.align	5
+_secure_monitor:
+	mrc	p15, 0, r1, c1, c1, 0		@ read SCR
+	bic	r1, r1, #0x4e			@ clear IRQ, FIQ, EA, nET bits
+	orr	r1, r1, #0x31			@ enable NS, AW, FW bits
+
+	mcr	p15, 0, r1, c1, c1, 0		@ write SCR (with NS bit set)
+
+	movs	pc, lr				@ return to non-secure SVC
+