diff options
| author | Hans de Goede <hdegoede@redhat.com> | 2014-11-14 09:34:31 +0100 |
|---|---|---|
| committer | Albert ARIBAUD <albert.u.boot@aribaud.net> | 2014-11-24 09:09:52 +0100 |
| commit | 8bc347e2ec17bca44b1639a001eeed50d042f0db (patch) | |
| tree | ab3fb83f48ec6bc8ec97bae2eba484325544a5b0 /arch | |
| parent | ea624e1951f1208ae619888be4c03f058e65c572 (diff) | |
| download | u-boot-imx-8bc347e2ec17bca44b1639a001eeed50d042f0db.zip u-boot-imx-8bc347e2ec17bca44b1639a001eeed50d042f0db.tar.gz u-boot-imx-8bc347e2ec17bca44b1639a001eeed50d042f0db.tar.bz2 | |
ARM: bootm: Allow booting in secure mode on hyp capable systems
Older Linux kernels will not properly boot in hyp mode, add support for a
bootm_boot_mode environment variable, which can be set to "sec" or "nonsec"
to force booting in secure or non-secure mode when build with non-sec support.
The default behavior can be selected through CONFIG_ARMV7_BOOT_SEC_DEFAULT,
when this is set booting in secure mode is the default. The default setting
for this Kconfig option is N, preserving the current behavior of booting in
non-secure mode by default when non-secure mode is supported.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Acked-by: Siarhei Siamashka <siarhei.siamashka@gmail.com>
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/arm/cpu/armv7/Kconfig | 11 | ||||
| -rw-r--r-- | arch/arm/lib/bootm.c | 31 |
2 files changed, 37 insertions, 5 deletions
diff --git a/arch/arm/cpu/armv7/Kconfig b/arch/arm/cpu/armv7/Kconfig index 15c5155..61e7c82 100644 --- a/arch/arm/cpu/armv7/Kconfig +++ b/arch/arm/cpu/armv7/Kconfig @@ -13,6 +13,17 @@ config ARMV7_NONSEC ---help--- Say Y here to enable support for booting in non-secure / SVC mode. +config ARMV7_BOOT_SEC_DEFAULT + boolean "Boot in secure mode by default" if EXPERT + depends on ARMV7_NONSEC + default n + ---help--- + Say Y here to boot in secure mode by default even if non-secure mode + is supported. This option is useful to boot kernels which do not + suppport booting in non-secure mode. Only set this if you need it. + This can be overriden at run-time by setting the bootm_boot_mode env. + variable to "sec" or "nonsec". + config ARMV7_VIRT boolean "Enable support for hardware virtualization" if EXPERT depends on CPU_V7_HAS_VIRT && ARMV7_NONSEC diff --git a/arch/arm/lib/bootm.c b/arch/arm/lib/bootm.c index 4949d57..a7f7c67 100644 --- a/arch/arm/lib/bootm.c +++ b/arch/arm/lib/bootm.c @@ -237,6 +237,26 @@ static void boot_prep_linux(bootm_headers_t *images) } } +#if defined(CONFIG_ARMV7_NONSEC) || defined(CONFIG_ARMV7_VIRT) +static bool boot_nonsec(void) +{ + char *s = getenv("bootm_boot_mode"); +#ifdef CONFIG_ARMV7_BOOT_SEC_DEFAULT + bool nonsec = false; +#else + bool nonsec = true; +#endif + + if (s && !strcmp(s, "sec")) + nonsec = false; + + if (s && !strcmp(s, "nonsec")) + nonsec = true; + + return nonsec; +} +#endif + /* Subcommand: GO */ static void boot_jump_linux(bootm_headers_t *images, int flag) { @@ -285,12 +305,13 @@ static void boot_jump_linux(bootm_headers_t *images, int flag) if (!fake) { #if defined(CONFIG_ARMV7_NONSEC) || defined(CONFIG_ARMV7_VIRT) - armv7_init_nonsec(); - secure_ram_addr(_do_nonsec_entry)(kernel_entry, - 0, machid, r2); -#else - kernel_entry(0, machid, r2); + if (boot_nonsec()) { + armv7_init_nonsec(); + secure_ram_addr(_do_nonsec_entry)(kernel_entry, + 0, machid, r2); + } else #endif + kernel_entry(0, machid, r2); } #endif } |