[RFC PATCH] bootwrapper: Add --secure option to boot the kernel in the Secure world - linaro-dev

3 Oct 2012

Currently, the bootwrapper switches unconditionally to NS Hyp mode,
which prevents successful execution of a kernel which expects to
start in the Secure world.
This patch adds a --secure command-line option to enable Secure
world booting.
NS HYP remains the default.
Signed-off-by: Dave Martin dave.martin@linaro.org
---
Note that this is just an RFC -- I've not tested it yet.
With some additional CCI and CPU reset related hacks, I hope to get the
in-kernel switcher kernel booting with this.
boot.S        |   36 ++++++++++++++++++++++++++++--------
 boot.h        |   29 +++++++++++++++++++++++++++++
 semi_loader.c |   11 +++++++++++
 3 files changed, 68 insertions(+), 8 deletions(-)
 create mode 100644 boot.h

diff --git a/boot.S b/boot.S
index 727119a..64cd0fa 100644
--- a/boot.S
+++ b/boot.S
@@ -7,18 +7,28 @@
  * found in the LICENSE.txt file.
  */
+#include "boot.h"
+
    .syntax	unified
    .arch_extension sec
    .arch_extension virt
    .text
-.macro enter_hyp
-	@ We assume we're entered in Secure Supervisor mode. To
-	@ get to Hyp mode we have to pass through Monitor mode
-	@ and NS-Supervisor mode. Note that there is no way to
-	@ return to the Secure world once we've done this.
-	@
+.macro enter_kernel_state
    @ This will trash r10 and r11.
+	@ We assume we're entered in Secure Supervisor mode.
+
+	@ If requested, stay in Secure SVC to enter the kernel:
+
+	ldr	r10, =kernel_boot_mode
+	ldr	r10, [r10]
+	cmp	r10, #BOOT_MODE_S_SVC
+	beq	1f
+
+	@ Otherwise: to get to Hyp mode we have to pass through Monitor
+	@ mode and NS-Supervisor mode. Note that there is no way to
+	@ return to the Secure world once we've done this.
+
    ldr	r10, =vectors
    mcr	p15, 0, r10, c12, c0, 1		@ Monitor vector base address
    @ Switch to monitor mode, which will set up the HVBAR and
@@ -26,7 +36,9 @@
    smc	#0
    @ Now we're in NS-SVC, make a Hyp call to get into Hyp mode
    hvc	#0
+
    @ We will end up here in NS-Hyp.
+1:
 .endm
.align 5
@@ -128,7 +140,7 @@ start:
    @
    @ Secondary CPUs (following the RealView SMP booting protocol)
    @
-	enter_hyp
+	enter_kernel_state
ldr	r1, =fs_start - 0x100
    adr	r2, 1f
@@ -198,7 +210,7 @@ __boot_kernel:
    stmfd	sp!, {r1-r3}
    ldmia	sp, {r0-r3}
-	enter_hyp
+	enter_kernel_state
bx	r4
 .type __boot_kernel, %function
@@ -214,3 +226,11 @@ kernel_cmd:
    .asciz KCMD
 #endif
 kernel_cmd_end:
+
+
+.bss
+.align 2
+
+.globl kernel_boot_mode
+kernel_boot_mode:
+	.skip	4	@ defaults to BOOT_MODE_NS_HYP (0)
diff --git a/boot.h b/boot.h
new file mode 100644
index 0000000..b80227e
--- /dev/null
+++ b/boot.h
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2012 Linaro Limited
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name of Linaro Limited nor the names of its
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ */
+
+#ifndef BOOT_H
+#define BOOT_H
+
+#define BOOT_MODE_NS_HYP 0
+#define BOOT_MODE_S_SVC 1
+
+#ifndef __ASSEMBLER__
+extern int kernel_boot_mode;
+#endif /* ! __ASSEMBLER__ */
+
+#endif /* BOOT_H */
diff --git a/semi_loader.c b/semi_loader.c
index cbe911c..ef927e7 100644
--- a/semi_loader.c
+++ b/semi_loader.c
@@ -17,6 +17,7 @@
  */
#include <string.h>
+#include "boot.h"
 #include "libfdt.h"
 #include "semihosting.h"
 #include "semi_loader.h"
@@ -49,6 +50,7 @@ static void _print_info(char const **strings)
 #define CMDLINE_NOINITRD "--no-initrd"
 #define CMDLINE_DTB "--dtb"
 #define CMDLINE_FDT "--fdt"	/* deprecated */
+#define CMDLINE_SECURE "--secure"
 #define CMDLINE_REST "-- "
static void _usage_fatal(void)
@@ -378,6 +380,7 @@ static char *fdt_arg = (void *)0;
 static char *dtb_arg = (void *)0;
 static char *cmdline_arg = (void *)0;
 static char *noinitrd_arg = (void *)0;
+static char *secure_arg = (void *)0;
static const struct {
    char const *option_string;
@@ -389,6 +392,7 @@ static const struct {
    { CMDLINE_NOINITRD,	&noinitrd_arg,	OPT_BOOL	},
    { CMDLINE_FDT,		&fdt_arg,	OPT_ARG		},
    { CMDLINE_DTB,		&dtb_arg,	OPT_ARG		},
+	{ CMDLINE_SECURE,	&secure_arg,	OPT_BOOL	},
    { CMDLINE_REST,		&cmdline_arg,	OPT_REST	},
 };
@@ -476,6 +480,13 @@ args_done:
    		dtb_arg = fdt_arg;
    }
+	info("Kernel will be booted in ");
+	if(secure_arg) {
+		kernel_boot_mode = BOOT_MODE_S_SVC;
+		info("Secure SVC mode.\n");
+	} else
+		info("HYP mode.\n");
+
    /*
     * Now, proceed to load images and set up ATAGs.
     * For simplicity, ATAGs are generated even if there is a DTB
-- 
1.7.4.1



    