On 23 June 2016 at 22:33, Peter Maydell <peter.mayd...@linaro.org> wrote: > On 23 June 2016 at 21:03, Ard Biesheuvel <ard.biesheu...@linaro.org> wrote: >> UEFI is guaranteed to leave >> the GIC in a usable state for the OS if it runs from the same >> exception level > > For a no-security-extensions system, leaving the interrupts > in Group 0 is still "a usable state for the OS", because > the OS will receive FIQ (and if it doesn't want the > interrupts to be FIQ it's able to reconfigure them). > Does the UEFI contract with the OS specifically guarantee > group 1, or does it just guarantee "anything that the OS > can't set up itself will be set up" ? >
The UEFI spec does not define anything beyond """ Use the highest 64 bit non secure privilege level available; Non-secure EL2 (Hyp) or Non- secure EL1(Kernel). """ and it is implied (although not mentioned specifically) that the OS is invoked at the same exception level that UEFI runs at, and so UEFI is not expected to run in a context where it can configure GIC state that the OS will not be able to configure for itself. > (for instance a future version of UEFI could hypothetically > decide to run its timer interrupt as Group 0 via FIQ.) > Unlikely, but true. So you are right: the spec does not cover the GIC state at the handover point to the OS, and so the OS should equally be able to cope with configurations that require it to perform configuration on the GIC that it wouldn't have to do when running on the non-secure side of a system that implements EL3, even if we know that the OS will only ever boot via UEFI. -- Ard.
