| Message ID | 1437077473-4532-6-git-send-email-peter.maydell@linaro.org |
|---|---|
| State | New |
| Headers | show |
On Thu, Jul 16, 2015 at 1:11 PM, Peter Maydell <peter.maydell@linaro.org> wrote: > Switch the default for the 'virt' board to not providing TrustZone > support in either the CPU or the GIC. This is primarily for the > benefit of UEFI, which currently assumes there is no TrustZone > support, and does not set the GIC up correctly if it is TZ-aware. > It also means the board is consistent about its behaviour whether > we're using KVM or TCG (KVM never has TrustZone support). > > If TrustZone support is required (for instance for running test > suites or TZ-aware firmware) it can be enabled with the > "-machine secure=on" command line option. > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> > --- > hw/arm/virt.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/hw/arm/virt.c b/hw/arm/virt.c > index 95b1a9a..2bcf565 100644 > --- a/hw/arm/virt.c > +++ b/hw/arm/virt.c > @@ -946,8 +946,11 @@ static void virt_instance_init(Object *obj) > { > VirtMachineState *vms = VIRT_MACHINE(obj); > > - /* EL3 is enabled by default on virt */ > - vms->secure = true; > + /* EL3 is disabled by default on virt: this makes us consistent > + * between KVM and TCG for this board, and it also allows us to > + * boot UEFI blobs which assume no TrustZone support. > + */ > + vms->secure = false; > object_property_add_bool(obj, "secure", virt_get_secure, > virt_set_secure, NULL); > object_property_set_description(obj, "secure", > -- > 1.9.1 > >
diff --git a/hw/arm/virt.c b/hw/arm/virt.c index 95b1a9a..2bcf565 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -946,8 +946,11 @@ static void virt_instance_init(Object *obj) { VirtMachineState *vms = VIRT_MACHINE(obj); - /* EL3 is enabled by default on virt */ - vms->secure = true; + /* EL3 is disabled by default on virt: this makes us consistent + * between KVM and TCG for this board, and it also allows us to + * boot UEFI blobs which assume no TrustZone support. + */ + vms->secure = false; object_property_add_bool(obj, "secure", virt_get_secure, virt_set_secure, NULL); object_property_set_description(obj, "secure",
Switch the default for the 'virt' board to not providing TrustZone support in either the CPU or the GIC. This is primarily for the benefit of UEFI, which currently assumes there is no TrustZone support, and does not set the GIC up correctly if it is TZ-aware. It also means the board is consistent about its behaviour whether we're using KVM or TCG (KVM never has TrustZone support). If TrustZone support is required (for instance for running test suites or TZ-aware firmware) it can be enabled with the "-machine secure=on" command line option. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/arm/virt.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)