From patchwork Tue Jun 12 17:27:47 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mark Kettenis <kettenis@openbsd.org>
X-Patchwork-Id: 928432
X-Patchwork-Delegate: agraf@suse.de
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.denx.de
	(client-ip=81.169.180.215; helo=lists.denx.de;
	envelope-from=u-boot-bounces@lists.denx.de;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=openbsd.org
Received: from lists.denx.de (dione.denx.de [81.169.180.215])
	by ozlabs.org (Postfix) with ESMTP id 414xhr2Gqwz9s0W
	for <incoming@patchwork.ozlabs.org>;
	Wed, 13 Jun 2018 03:29:48 +1000 (AEST)
Received: by lists.denx.de (Postfix, from userid 105)
	id EB666C21DA6; Tue, 12 Jun 2018 17:28:50 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=unavailable
	autolearn_force=no version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
	by lists.denx.de (Postfix) with ESMTP id A6462C21CB6;
	Tue, 12 Jun 2018 17:28:31 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
	id 6DF70C21C6A; Tue, 12 Jun 2018 17:28:14 +0000 (UTC)
Received: from lb3-smtp-cloud8.xs4all.net (lb3-smtp-cloud8.xs4all.net
	[194.109.24.29])
	by lists.denx.de (Postfix) with ESMTPS id 14191C21D56
	for <u-boot@lists.denx.de>; Tue, 12 Jun 2018 17:28:11 +0000 (UTC)
Received: from barber.sibelius.xs4all.nl ([83.163.83.176])
	by smtp-cloud8.xs4all.net with ESMTP
	id Sn5RfC4VUW4tcSn5Tf1YQ1; Tue, 12 Jun 2018 19:28:10 +0200
From: Mark Kettenis <kettenis@openbsd.org>
To: u-boot@lists.denx.de
Date: Tue, 12 Jun 2018 19:27:47 +0200
Message-Id: <20180612172748.36790-3-kettenis@openbsd.org>
X-Mailer: git-send-email 2.16.2
In-Reply-To: <20180612172748.36790-1-kettenis@openbsd.org>
References: <20180612172748.36790-1-kettenis@openbsd.org>
X-CMAE-Envelope: 
 MS4wfBOx9bsHAaoI5caMzZ9YroVnphD4NMLiSEniFoUhBqekVIECXIysAB0HiDworjd2b99Q8HjjnUcTpoW5rh9APXIVefSmw0rM7UbKYGCYoWbtOj0TW1Kl
	6VhGnICeCVwSY4qp3xk0mKHLCaAEjPDrnpim4qqaSuE9kQxjsUlVRZrahn5H2kTyfSglwQdkOC2tBWFXBTtGIoi1CIWdbK0WPprVx0ZDOUhma1h8NOTTzyOq
	06rqFVK8o99ZLei9GZ/HYnZ8VB5xrm315D9wBbAr7MTL3NYaZjoEYtuPFg0PDzixhekqo6AR0fxuVuOOruJqjcM2Qs2NOMZt8BajwB/XAAmKKwSD2mXzkLEh
	ghbS9sPl
Cc: marc.zyngier@arm.com, xypron.glpk@gmx.de,
	Mark Kettenis <kettenis@openbsd.org>, agraf@suse.de,
	andre.przywara@arm.com
Subject: [U-Boot] [PATCH 2/3] efi_loader: ARM: run EFI payloads non-secure
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

If desired (and possible) switch into HYP mode or non-secure SVC mode
before calling the entry point of an EFI application.  This allows
U-Boot to provide a usable PSCI implementation and makes it possible
to boot kernels into hypervisor mode using an EFI bootloader.

Based on diffs from Heinrich Schuchardt and Alexander Graf.

Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
---
 cmd/bootefi.c | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/cmd/bootefi.c b/cmd/bootefi.c
index 707d159bac..a5d144d9a4 100644
--- a/cmd/bootefi.c
+++ b/cmd/bootefi.c
@@ -20,6 +20,11 @@
 #include <asm-generic/unaligned.h>
 #include <linux/linkage.h>
 
+#ifdef CONFIG_ARM
+#include <asm/armv7.h>
+#include <asm/secure.h>
+#endif
+
 DECLARE_GLOBAL_DATA_PTR;
 
 #define OBJ_LIST_NOT_INITIALIZED 1
@@ -189,6 +194,18 @@ static efi_status_t efi_run_in_el2(EFIAPI efi_status_t (*entry)(
 }
 #endif
 
+#ifdef CONFIG_ARMV7_NONSEC
+static efi_status_t efi_run_in_hyp(EFIAPI efi_status_t (*entry)(
+			efi_handle_t image_handle, struct efi_system_table *st),
+			efi_handle_t image_handle, struct efi_system_table *st)
+{
+	/* Enable caches again */
+	dcache_enable();
+
+	return efi_do_enter(image_handle, st, entry);
+}
+#endif
+
 /* Carve out DT reserved memory ranges */
 static efi_status_t efi_carve_out_dt_rsv(void *fdt)
 {
@@ -338,6 +355,21 @@ static efi_status_t do_bootefi_exec(void *efi,
 	}
 #endif
 
+#ifdef CONFIG_ARMV7_NONSEC
+	if (armv7_boot_nonsec()) {
+		dcache_disable();	/* flush cache before switch to HYP */
+
+		armv7_init_nonsec();
+		secure_ram_addr(_do_nonsec_entry)(efi_run_in_hyp,
+				(uintptr_t)entry,
+				(uintptr_t)loaded_image_info_obj.handle,
+				(uintptr_t)&systab);
+
+		/* Should never reach here, efi exits with longjmp */
+		while (1) { }
+	}
+#endif
+
 	ret = efi_do_enter(loaded_image_info_obj.handle, &systab, entry);
 
 exit: