[RFC PATCH] bootwrapper: Add --secure option to boot the kernel in the Secure world

Wed, 03 Oct 2012 09:29:41 -0700 

Currently, the bootwrapper switches unconditionally to NS Hyp mode,
which prevents successful execution of a kernel which expects to
start in the Secure world.

This patch adds a --secure command-line option to enable Secure
world booting.

NS HYP remains the default.

Signed-off-by: Dave Martin <dave.mar...@linaro.org>
---
Note that this is just an RFC -- I've not tested it yet.

With some additional CCI and CPU reset related hacks, I hope to get the
in-kernel switcher kernel booting with this.

 boot.S        |   36 ++++++++++++++++++++++++++++--------
 boot.h        |   29 +++++++++++++++++++++++++++++
 semi_loader.c |   11 +++++++++++
 3 files changed, 68 insertions(+), 8 deletions(-)
 create mode 100644 boot.h

diff --git a/boot.S b/boot.S
index 727119a..64cd0fa 100644
--- a/boot.S
+++ b/boot.S
@@ -7,18 +7,28 @@
  * found in the LICENSE.txt file.
  */
 
+#include "boot.h"
+
        .syntax unified
        .arch_extension sec
        .arch_extension virt
        .text
 
-.macro enter_hyp
-       @ We assume we're entered in Secure Supervisor mode. To
-       @ get to Hyp mode we have to pass through Monitor mode
-       @ and NS-Supervisor mode. Note that there is no way to
-       @ return to the Secure world once we've done this.
-       @
+.macro enter_kernel_state
        @ This will trash r10 and r11.
+       @ We assume we're entered in Secure Supervisor mode.
+
+       @ If requested, stay in Secure SVC to enter the kernel:
+
+       ldr     r10, =kernel_boot_mode
+       ldr     r10, [r10]
+       cmp     r10, #BOOT_MODE_S_SVC
+       beq     1f
+
+       @ Otherwise: to get to Hyp mode we have to pass through Monitor
+       @ mode and NS-Supervisor mode. Note that there is no way to
+       @ return to the Secure world once we've done this.
+
        ldr     r10, =vectors
        mcr     p15, 0, r10, c12, c0, 1         @ Monitor vector base address
        @ Switch to monitor mode, which will set up the HVBAR and
@@ -26,7 +36,9 @@
        smc     #0
        @ Now we're in NS-SVC, make a Hyp call to get into Hyp mode
        hvc     #0
+
        @ We will end up here in NS-Hyp.
+1:
 .endm
 
 .align 5
@@ -128,7 +140,7 @@ start:
        @
        @ Secondary CPUs (following the RealView SMP booting protocol)
        @
-       enter_hyp
+       enter_kernel_state
 
        ldr     r1, =fs_start - 0x100
        adr     r2, 1f
@@ -198,7 +210,7 @@ __boot_kernel:
        stmfd   sp!, {r1-r3}
        ldmia   sp, {r0-r3}
 
-       enter_hyp
+       enter_kernel_state
 
        bx      r4
 .type __boot_kernel, %function
@@ -214,3 +226,11 @@ kernel_cmd:
        .asciz KCMD
 #endif
 kernel_cmd_end:
+
+
+.bss
+.align 2
+
+.globl kernel_boot_mode
+kernel_boot_mode:
+       .skip   4       @ defaults to BOOT_MODE_NS_HYP (0)
diff --git a/boot.h b/boot.h
new file mode 100644
index 0000000..b80227e
--- /dev/null
+++ b/boot.h
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2012 Linaro Limited
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name of Linaro Limited nor the names of its
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ */
+
+#ifndef BOOT_H
+#define BOOT_H
+
+#define BOOT_MODE_NS_HYP 0
+#define BOOT_MODE_S_SVC 1
+
+#ifndef __ASSEMBLER__
+extern int kernel_boot_mode;
+#endif /* ! __ASSEMBLER__ */
+
+#endif /* BOOT_H */
diff --git a/semi_loader.c b/semi_loader.c
index cbe911c..ef927e7 100644
--- a/semi_loader.c
+++ b/semi_loader.c
@@ -17,6 +17,7 @@
  */
 
 #include <string.h>
+#include "boot.h"
 #include "libfdt.h"
 #include "semihosting.h"
 #include "semi_loader.h"
@@ -49,6 +50,7 @@ static void _print_info(char const **strings)
 #define CMDLINE_NOINITRD "--no-initrd"
 #define CMDLINE_DTB "--dtb"
 #define CMDLINE_FDT "--fdt"    /* deprecated */
+#define CMDLINE_SECURE "--secure"
 #define CMDLINE_REST "-- "
 
 static void _usage_fatal(void)
@@ -378,6 +380,7 @@ static char *fdt_arg = (void *)0;
 static char *dtb_arg = (void *)0;
 static char *cmdline_arg = (void *)0;
 static char *noinitrd_arg = (void *)0;
+static char *secure_arg = (void *)0;
 
 static const struct {
        char const *option_string;
@@ -389,6 +392,7 @@ static const struct {
        { CMDLINE_NOINITRD,     &noinitrd_arg,  OPT_BOOL        },
        { CMDLINE_FDT,          &fdt_arg,       OPT_ARG         },
        { CMDLINE_DTB,          &dtb_arg,       OPT_ARG         },
+       { CMDLINE_SECURE,       &secure_arg,    OPT_BOOL        },
        { CMDLINE_REST,         &cmdline_arg,   OPT_REST        },
 };
 
@@ -476,6 +480,13 @@ args_done:
                        dtb_arg = fdt_arg;
        }
 
+       info("Kernel will be booted in ");
+       if(secure_arg) {
+               kernel_boot_mode = BOOT_MODE_S_SVC;
+               info("Secure SVC mode.\n");
+       } else
+               info("HYP mode.\n");
+
        /*
         * Now, proceed to load images and set up ATAGs.
         * For simplicity, ATAGs are generated even if there is a DTB
-- 
1.7.4.1


_______________________________________________
linaro-dev mailing list
linaro-dev@lists.linaro.org
http://lists.linaro.org/mailman/listinfo/linaro-dev

Reply via email to