| Message ID | 1476525795-27483-3-git-send-email-agraf@suse.de |
|---|---|
| State | Accepted |
| Commit | 69bd459d343fe1e5a68a6f187d8c99c78c6fc6ce |
| Delegated to: | Alexander Graf |
| Headers | show |
On 10/15/2016 03:03 AM, Alexander Graf wrote: > Some boards decided not to run ATF or other secure firmware in EL3, so > they instead run U-Boot there. The uEFI spec doesn't know what EL3 is > though - it only knows about EL2 and EL1. So if we see that we're running > in EL3, let's get into EL2 to make payloads happy. > > Signed-off-by: Alexander Graf <agraf@suse.de> > > --- > > v4 -> v5: > > - Remove manual ttbr / tcr copy > - Regenerate page tables in EL2, getting us non-secured page tables > --- > cmd/bootefi.c | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/cmd/bootefi.c b/cmd/bootefi.c > index 8714666..32148d7 100644 > --- a/cmd/bootefi.c > +++ b/cmd/bootefi.c > @@ -224,6 +224,17 @@ static unsigned long do_bootefi_exec(void *efi, void *fdt) > return status == EFI_SUCCESS ? 0 : -EINVAL; > } > > +#ifdef CONFIG_ARM64 > + /* On AArch64 we need to make sure we call our payload in < EL3 */ > + if (current_el() == 3) { > + smp_kick_all_cpus(); > + dcache_disable(); /* flush cache before switch to EL2 */ > + armv8_switch_to_el2(); > + /* Enable caches again */ > + dcache_enable(); > + } > +#endif > + > return entry(&loaded_image_info, &systab); > } > > Reviewed-by: York Sun <york.sun@nxp.com>
diff --git a/cmd/bootefi.c b/cmd/bootefi.c index 8714666..32148d7 100644 --- a/cmd/bootefi.c +++ b/cmd/bootefi.c @@ -224,6 +224,17 @@ static unsigned long do_bootefi_exec(void *efi, void *fdt) return status == EFI_SUCCESS ? 0 : -EINVAL; } +#ifdef CONFIG_ARM64 + /* On AArch64 we need to make sure we call our payload in < EL3 */ + if (current_el() == 3) { + smp_kick_all_cpus(); + dcache_disable(); /* flush cache before switch to EL2 */ + armv8_switch_to_el2(); + /* Enable caches again */ + dcache_enable(); + } +#endif + return entry(&loaded_image_info, &systab); }
Some boards decided not to run ATF or other secure firmware in EL3, so they instead run U-Boot there. The uEFI spec doesn't know what EL3 is though - it only knows about EL2 and EL1. So if we see that we're running in EL3, let's get into EL2 to make payloads happy. Signed-off-by: Alexander Graf <agraf@suse.de> --- v4 -> v5: - Remove manual ttbr / tcr copy - Regenerate page tables in EL2, getting us non-secured page tables --- cmd/bootefi.c | 11 +++++++++++ 1 file changed, 11 insertions(+)