This patchset adds functionality for enabling the ARM CPU security extensions.
At this time, the only machines supported are Versatile Express and the QEMU
ARM virtual machines both with Cortex A9 & A15.
The patchset establishes the default security state along with adding
overriding controls of the state. Booting with the "-kernel" QEMU command line
option will start by default in non-secure state with EL3 support disabled.
Booting with the "-bios" QEMU command line option will default to
secure state with EL3 features enabled. An added "secure" machine property
may be set to either 'on' or 'off' to override this default behavior. For
example, the below command line syntax would enable security extensions...
aarch64-softmmu/qemu-system-aarch64
-machine type=vexpress-a15,secure=on -kernel ...
In order to add the machine specific 'secure' property, the vexpress machine
object creation functionality needed to be updated. The existing QEMU machine
mechanism was replaced with proper type, class, and instance usage.
v1 -> v2
- Added disablement of CPU EL3 on all machines that could potentially use an
EL3 enabled CPU.
- Switched/Added default states for vexpress and virt machines
- Made the vexpress machine type abstract
- Removed static declaration of the machine property
- Renamed CPU "secure" property to "has_el3"
- Added arm_boot_info secure_boot field to communicate whether the secure state
on a Linux boot needs to be updated. By default Vexpress defaults to secure
and virt defaults to non-secure.
Fabian Aggeler (1):
target-arm: add cpu feature EL3 to CPUs with Security Extensions
Greg Bellows (14):
target-arm: Add vexpress class and machine types
target-arm: Add vexpress a9 & a15 machine objects
target-arm: Switch to common vexpress machine init
target-arm: Add vexpress machine secure property
target-arm: Change vexpress daughterboard init arg
target-arm: Add virt class and machine types
target-arm: Add virt machine secure property
target-arm: Add feature unset function
target-arm: Add ARMCPU secure property
target-arm: Add arm_boot_info secure_boot control
target-arm: Enable CPU has_el3 prop during VE init
target-arm: Set CPU has_el3 prop during virt init
target-arm: Breakout integratorcp and versatilepb cpu init
target-arm: Disable EL3 on unsupported machines
hw/arm/boot.c | 10 ++++
hw/arm/exynos4210.c | 11 ++++
hw/arm/highbank.c | 12 +++++
hw/arm/integratorcp.c | 31 ++++++++++-
hw/arm/realview.c | 12 +++++
hw/arm/versatilepb.c | 32 ++++++++++-
hw/arm/vexpress.c | 145 ++++++++++++++++++++++++++++++++++++++++----------
hw/arm/virt.c | 82 +++++++++++++++++++++++++---
hw/arm/xilinx_zynq.c | 12 +++++
include/hw/arm/arm.h | 4 ++
target-arm/cpu-qom.h | 2 +
target-arm/cpu.c | 33 ++++++++++++
12 files changed, 348 insertions(+), 38 deletions(-)
--
1.8.3.2
