From patchwork Wed Jun 13 22:41:06 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Kettenis X-Patchwork-Id: 929118 X-Patchwork-Delegate: agraf@suse.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=openbsd.org Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 415hZV1v9Wz9s0W for ; Thu, 14 Jun 2018 08:41:54 +1000 (AEST) Received: by lists.denx.de (Postfix, from userid 105) id DBDB1C21CB6; Wed, 13 Jun 2018 22:41:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id ADD12C21DAF; Wed, 13 Jun 2018 22:41:13 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 65A18C21C27; Wed, 13 Jun 2018 22:41:12 +0000 (UTC) Received: from lb3-smtp-cloud8.xs4all.net (lb3-smtp-cloud8.xs4all.net [194.109.24.29]) by lists.denx.de (Postfix) with ESMTPS id 243F3C21C8B for ; Wed, 13 Jun 2018 22:41:12 +0000 (UTC) Received: from barber.sibelius.xs4all.nl ([83.163.83.176]) by smtp-cloud8.xs4all.net with ESMTP id TERyfTNTBtZGaTERzfYsR1; Thu, 14 Jun 2018 00:41:12 +0200 From: Mark Kettenis To: u-boot@lists.denx.de Date: Thu, 14 Jun 2018 00:41:06 +0200 Message-Id: <20180613224108.13372-2-kettenis@openbsd.org> X-Mailer: git-send-email 2.16.2 In-Reply-To: <20180613224108.13372-1-kettenis@openbsd.org> References: <20180613224108.13372-1-kettenis@openbsd.org> X-CMAE-Envelope: MS4wfKXJg+vRPZra4oQtPfMQWi6AGD/9jCzio1B+hpxpxLF9qmgCXcmEUgVkbCRKDnrNYE2WT7evJro9V7hVxq1owdjrCqe1PTzrECGwDUwi1N7v5mOxgWXa SyInE1pgHgQO3i+DuDVQTW9FmMy0e50ZJDowaxq0jnstU1ESCNSaSDl0lxOASiCP77ezn+mkksLVFgfeZJCTa/SAEvNu0VBhjWmuL47eH5NXYfDUQAoAKFl0 bSmg5sii2QfZARY5fsZXbCIAx/jxg+Ju9pKoJZD67w08pZ7o9Qyjds/S2g4KvTK/ApslTly+hE2dIMPGsmTY6fZ5zrVtfwCy8CfN6bOc6n3g1/KVbkF2iXjw bh48/Gv8 Cc: marc.zyngier@arm.com, xypron.glpk@gmx.de, Mark Kettenis , agraf@suse.de, andre.przywara@arm.com Subject: [U-Boot] [PATCH v3 1/3] ARM: HYP/non-sec: migrate stack X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The current code that switches into HYP mode doesn't bother to set up a stack for HYP mode. This doesn't work for EFI applications as they expect a usable stack. Fix this by migrating the stack pointer from SP_svc to SP_hyp while in Monitor mode. This restores the stack pointer when we drop into HYP mode. Signed-off-by: Mark Kettenis --- arch/arm/cpu/armv7/nonsec_virt.S | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm/cpu/armv7/nonsec_virt.S b/arch/arm/cpu/armv7/nonsec_virt.S index 56bdba1d38..1773fae205 100644 --- a/arch/arm/cpu/armv7/nonsec_virt.S +++ b/arch/arm/cpu/armv7/nonsec_virt.S @@ -80,6 +80,8 @@ _secure_monitor: #ifdef CONFIG_ARMV7_VIRT orreq r5, r5, #0x100 @ allow HVC instruction moveq r6, #HYP_MODE @ Enter the kernel as HYP + mrseq r3, sp_svc + msreq sp_hyp, r3 @ migrate SP #endif mcr p15, 0, r5, c1, c1, 0 @ write SCR (with NS bit set) From patchwork Wed Jun 13 22:41:07 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Kettenis X-Patchwork-Id: 929120 X-Patchwork-Delegate: agraf@suse.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=openbsd.org Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 415hbx23nQz9s0W for ; Thu, 14 Jun 2018 08:43:09 +1000 (AEST) Received: by lists.denx.de (Postfix, from userid 105) id E02C5C21CB1; Wed, 13 Jun 2018 22:41:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 82554C21E0D; Wed, 13 Jun 2018 22:41:23 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id DD2B4C21DFA; Wed, 13 Jun 2018 22:41:19 +0000 (UTC) Received: from lb1-smtp-cloud8.xs4all.net (lb1-smtp-cloud8.xs4all.net [194.109.24.21]) by lists.denx.de (Postfix) with ESMTPS id 57015C21DC1 for ; Wed, 13 Jun 2018 22:41:15 +0000 (UTC) Received: from barber.sibelius.xs4all.nl ([83.163.83.176]) by smtp-cloud8.xs4all.net with ESMTP id TERyfTNTBtZGaTES0fYsRA; Thu, 14 Jun 2018 00:41:15 +0200 From: Mark Kettenis To: u-boot@lists.denx.de Date: Thu, 14 Jun 2018 00:41:07 +0200 Message-Id: <20180613224108.13372-3-kettenis@openbsd.org> X-Mailer: git-send-email 2.16.2 In-Reply-To: <20180613224108.13372-1-kettenis@openbsd.org> References: <20180613224108.13372-1-kettenis@openbsd.org> X-CMAE-Envelope: MS4wfHik2NAOXqXCHrKcUA0OquvvhkfyQjB3lsIsHcoIimDtyusyicJjjofQX/DeOLwunHRsrp1lbIa3eP9QshQifGmAzgZPJrKcEuB0U1D2W/vFI3x864N2 21mPZOA14Ra0KAns92L8t79qwiVVVpJusjQ7F3guJ7P/X+ru7XT4GJSiYT3Vh4aJhDl8h910PrxF8W28AQ+xttla4WgXbh9CsC5UI/olAgc//Nx++6zN7wWp cnac/DGoWyPJS/LhYB38phK/mYsu8bWQswNTt9Fw619OC6HX4ykzFLnyla1V5qTRsUCRfzi0zRpnfY0aXSa71ONs5nteWQYdt4ZZDkHMna16oD3JQzJhCnln fgqDD6dn Cc: marc.zyngier@arm.com, xypron.glpk@gmx.de, Mark Kettenis , agraf@suse.de, andre.przywara@arm.com Subject: [U-Boot] [PATCH v3 2/3] efi_loader: ARM: run EFI payloads non-secure X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" If desired (and possible) switch into HYP mode or non-secure SVC mode before calling the entry point of an EFI application. This allows U-Boot to provide a usable PSCI implementation and makes it possible to boot kernels into hypervisor mode using an EFI bootloader. Based on diffs from Heinrich Schuchardt and Alexander Graf. Signed-off-by: Mark Kettenis --- cmd/bootefi.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/cmd/bootefi.c b/cmd/bootefi.c index 707d159bac..12a6b84ce6 100644 --- a/cmd/bootefi.c +++ b/cmd/bootefi.c @@ -20,6 +20,11 @@ #include #include +#ifdef CONFIG_ARMV7_NONSEC +#include +#include +#endif + DECLARE_GLOBAL_DATA_PTR; #define OBJ_LIST_NOT_INITIALIZED 1 @@ -189,6 +194,18 @@ static efi_status_t efi_run_in_el2(EFIAPI efi_status_t (*entry)( } #endif +#ifdef CONFIG_ARMV7_NONSEC +static efi_status_t efi_run_in_hyp(EFIAPI efi_status_t (*entry)( + efi_handle_t image_handle, struct efi_system_table *st), + efi_handle_t image_handle, struct efi_system_table *st) +{ + /* Enable caches again */ + dcache_enable(); + + return efi_do_enter(image_handle, st, entry); +} +#endif + /* Carve out DT reserved memory ranges */ static efi_status_t efi_carve_out_dt_rsv(void *fdt) { @@ -338,6 +355,21 @@ static efi_status_t do_bootefi_exec(void *efi, } #endif +#ifdef CONFIG_ARMV7_NONSEC + if (armv7_boot_nonsec()) { + dcache_disable(); /* flush cache before switch to HYP */ + + armv7_init_nonsec(); + secure_ram_addr(_do_nonsec_entry)(efi_run_in_hyp, + (uintptr_t)entry, + (uintptr_t)loaded_image_info_obj.handle, + (uintptr_t)&systab); + + /* Should never reach here, efi exits with longjmp */ + while (1) { } + } +#endif + ret = efi_do_enter(loaded_image_info_obj.handle, &systab, entry); exit: From patchwork Wed Jun 13 22:41:08 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Kettenis X-Patchwork-Id: 929119 X-Patchwork-Delegate: agraf@suse.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=openbsd.org Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 415hbG2z0Nz9s0W for ; Thu, 14 Jun 2018 08:42:34 +1000 (AEST) Received: by lists.denx.de (Postfix, from userid 105) id 20A9DC21D8A; Wed, 13 Jun 2018 22:42:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 52212C21CB1; Wed, 13 Jun 2018 22:41:28 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 6BE9EC21E1E; Wed, 13 Jun 2018 22:41:19 +0000 (UTC) Received: from lb1-smtp-cloud8.xs4all.net (lb1-smtp-cloud8.xs4all.net [194.109.24.21]) by lists.denx.de (Postfix) with ESMTPS id 81EA0C21E02 for ; Wed, 13 Jun 2018 22:41:15 +0000 (UTC) Received: from barber.sibelius.xs4all.nl ([83.163.83.176]) by smtp-cloud8.xs4all.net with ESMTP id TERyfTNTBtZGaTES3fYsS0; Thu, 14 Jun 2018 00:41:15 +0200 From: Mark Kettenis To: u-boot@lists.denx.de Date: Thu, 14 Jun 2018 00:41:08 +0200 Message-Id: <20180613224108.13372-4-kettenis@openbsd.org> X-Mailer: git-send-email 2.16.2 In-Reply-To: <20180613224108.13372-1-kettenis@openbsd.org> References: <20180613224108.13372-1-kettenis@openbsd.org> X-CMAE-Envelope: MS4wfHik2NAOXqXCHrKcUA0OquvvhkfyQjB3lsIsHcoIimDtyusyicJjjofQX/DeOLwunHRsrp1lbIa3eP9QshQifGmAzgZPJrKcEuB0U1D2W/vFI3x864N2 21mPZOA14Ra0KAns92L8t79qwiVVVpJusjQ7F3guJ7P/X+ru7XT4GJSiYT3Vh4aJhDl8h910PrxF8W28AQ+xttla4WgXbh9CsC5UI/olAgc//Nx++6zN7wWp cnac/DGoWyPJS/LhYB38phK/mYsu8bWQswNTt9Fw619OC6HX4ykzFLnyla1V5qTRsUCRfzi0zRpnfY0aXSa71ONs5nteWQYdt4ZZDkHMna16oD3JQzJhCnln fgqDD6dn Cc: marc.zyngier@arm.com, xypron.glpk@gmx.de, Mark Kettenis , agraf@suse.de, andre.przywara@arm.com Subject: [U-Boot] [PATCH v3 3/3] Revert "efi_loader: no support for ARMV7_NONSEC=y" X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This reverts commit c524997acb3d322e1bbd36c06ad02ef589705e7c. Booting ARMv7 in non-secure mode using bootefi works now. Signed-off-by: Mark Kettenis --- doc/README.uefi | 2 -- lib/efi_loader/Kconfig | 2 -- 2 files changed, 4 deletions(-) diff --git a/doc/README.uefi b/doc/README.uefi index d4031ef8e8..6b9759cfed 100644 --- a/doc/README.uefi +++ b/doc/README.uefi @@ -329,8 +329,6 @@ This driver is only available if U-Boot is configured with * persistence * runtime support -* support bootefi booting ARMv7 in non-secure mode (CONFIG_ARMV7_NONSEC=y) - ## Links * [1](http://uefi.org/specifications) diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index df58e633d1..ce6a09f0b4 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -1,8 +1,6 @@ config EFI_LOADER bool "Support running EFI Applications in U-Boot" depends on (ARM || X86 || RISCV) && OF_LIBFDT - # We do not support bootefi booting ARMv7 in non-secure mode - depends on !ARMV7_NONSEC # We need EFI_STUB_64BIT to be set on x86_64 with EFI_STUB depends on !EFI_STUB || !X86_64 || EFI_STUB_64BIT # We need EFI_STUB_32BIT to be set on x86_32 with EFI_STUB