ARM: bootm: Allow booting in secure mode on hyp capable systems
Older Linux kernels will not properly boot in hyp mode, add support for a bootm_boot_mode environment variable, which can be set to "sec" or "nonsec" to force booting in secure or non-secure mode when build with non-sec support. The default behavior can be selected through CONFIG_ARMV7_BOOT_SEC_DEFAULT, when this is set booting in secure mode is the default. The default setting for this Kconfig option is N, preserving the current behavior of booting in non-secure mode by default when non-secure mode is supported. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Acked-by: Marc Zyngier <marc.zyngier@arm.com> Acked-by: Siarhei Siamashka <siarhei.siamashka@gmail.com>
This commit is contained in:
Hans de Goede
Albert ARIBAUD
parent
ea624e1951
commit
8bc347e2ec
|
|
@ -13,6 +13,17 @@ config ARMV7_NONSEC
|
||||||
---help---
|
---help---
|
||||||
Say Y here to enable support for booting in non-secure / SVC mode.
|
Say Y here to enable support for booting in non-secure / SVC mode.
|
||||||
|
|
||||||
|
config ARMV7_BOOT_SEC_DEFAULT
|
||||||
|
boolean "Boot in secure mode by default" if EXPERT
|
||||||
|
depends on ARMV7_NONSEC
|
||||||
|
default n
|
||||||
|
---help---
|
||||||
|
Say Y here to boot in secure mode by default even if non-secure mode
|
||||||
|
is supported. This option is useful to boot kernels which do not
|
||||||
|
suppport booting in non-secure mode. Only set this if you need it.
|
||||||
|
This can be overriden at run-time by setting the bootm_boot_mode env.
|
||||||
|
variable to "sec" or "nonsec".
|
||||||
|
|
||||||
config ARMV7_VIRT
|
config ARMV7_VIRT
|
||||||
boolean "Enable support for hardware virtualization" if EXPERT
|
boolean "Enable support for hardware virtualization" if EXPERT
|
||||||
depends on CPU_V7_HAS_VIRT && ARMV7_NONSEC
|
depends on CPU_V7_HAS_VIRT && ARMV7_NONSEC
|
||||||
|
|
|
||||||
|
|
@ -237,6 +237,26 @@ static void boot_prep_linux(bootm_headers_t *images)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(CONFIG_ARMV7_NONSEC) || defined(CONFIG_ARMV7_VIRT)
|
||||||
|
static bool boot_nonsec(void)
|
||||||
|
{
|
||||||
|
char *s = getenv("bootm_boot_mode");
|
||||||
|
#ifdef CONFIG_ARMV7_BOOT_SEC_DEFAULT
|
||||||
|
bool nonsec = false;
|
||||||
|
#else
|
||||||
|
bool nonsec = true;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if (s && !strcmp(s, "sec"))
|
||||||
|
nonsec = false;
|
||||||
|
|
||||||
|
if (s && !strcmp(s, "nonsec"))
|
||||||
|
nonsec = true;
|
||||||
|
|
||||||
|
return nonsec;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Subcommand: GO */
|
/* Subcommand: GO */
|
||||||
static void boot_jump_linux(bootm_headers_t *images, int flag)
|
static void boot_jump_linux(bootm_headers_t *images, int flag)
|
||||||
{
|
{
|
||||||
|
|
@ -285,12 +305,13 @@ static void boot_jump_linux(bootm_headers_t *images, int flag)
|
||||||
|
|
||||||
if (!fake) {
|
if (!fake) {
|
||||||
#if defined(CONFIG_ARMV7_NONSEC) || defined(CONFIG_ARMV7_VIRT)
|
#if defined(CONFIG_ARMV7_NONSEC) || defined(CONFIG_ARMV7_VIRT)
|
||||||
|
if (boot_nonsec()) {
|
||||||
armv7_init_nonsec();
|
armv7_init_nonsec();
|
||||||
secure_ram_addr(_do_nonsec_entry)(kernel_entry,
|
secure_ram_addr(_do_nonsec_entry)(kernel_entry,
|
||||||
0, machid, r2);
|
0, machid, r2);
|
||||||
#else
|
} else
|
||||||
kernel_entry(0, machid, r2);
|
|
||||||
#endif
|
#endif
|
||||||
|
kernel_entry(0, machid, r2);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue