On Mon, 2014-08-04 at 16:14 +0100, Marc Zyngier wrote:
My personal feeling is that booting in secure mode is always the wrong thing to do.
FWIW I agree.
If you want to go down the road of a single bootloader that is able to run on several SOCs, then do it the proper way: parse the device tree and have separate constraints for your SoC. But please don't blacklist random cores just because it fits your environment.
I think there is a CPU feature register which indicates whether support for HYP mode is present, isn't there? In which case a tolerable fix for now (going all the way DT is a big yakk to shave...) would be to use that to decide between booting in NS.HYP vs NS.SVC (nb: not NS.HYP vs S.SVC).
I don't recall if the GIC has a feature bit for the security extensions, but if not then inferring it from the CPUs support wouldn't be the worst thing in the world under the circumstances.
Ian.