Some boards decided not to run ATF or other secure firmware in EL3, so they instead run U-Boot there. The uEFI spec doesn't know what EL3 is though - it only knows about EL2 and EL1. So if we see that we're running in EL3, let's get into EL2 to make payloads happy.
Signed-off-by: Alexander Graf agraf@suse.de Reviewed-by: York Sun york.sun@nxp.com
---
v4 -> v5:
- Remove manual ttbr / tcr copy - Regenerate page tables in EL2, getting us non-secured page tables --- cmd/bootefi.c | 11 +++++++++++ 1 file changed, 11 insertions(+)
diff --git a/cmd/bootefi.c b/cmd/bootefi.c index ae1b713..ca41170 100644 --- a/cmd/bootefi.c +++ b/cmd/bootefi.c @@ -226,6 +226,17 @@ static unsigned long do_bootefi_exec(void *efi, void *fdt) return status == EFI_SUCCESS ? 0 : -EINVAL; }
+#ifdef CONFIG_ARM64 + /* On AArch64 we need to make sure we call our payload in < EL3 */ + if (current_el() == 3) { + smp_kick_all_cpus(); + dcache_disable(); /* flush cache before switch to EL2 */ + armv8_switch_to_el2(); + /* Enable caches again */ + dcache_enable(); + } +#endif + return entry(&loaded_image_info, &systab); }