On Wed, Aug 06, 2014 at 08:38:13AM +0100, Ian Campbell wrote:
On Mon, 2014-08-04 at 16:14 +0100, Marc Zyngier wrote:
My personal feeling is that booting in secure mode is always the wrong thing to do.
FWIW I agree.
If you want to go down the road of a single bootloader that is able to run on several SOCs, then do it the proper way: parse the device tree and have separate constraints for your SoC. But please don't blacklist random cores just because it fits your environment.
I think there is a CPU feature register which indicates whether support for HYP mode is present, isn't there?
ID_PFR1[15:12] should tell you if the CPU has the virtualization extensions.
In which case a tolerable fix for now (going all the way DT is a big yakk to shave...) would be to use that to decide between booting in NS.HYP vs NS.SVC (nb: not NS.HYP vs S.SVC).
That sounds ideal.
I don't recall if the GIC has a feature bit for the security extensions, but if not then inferring it from the CPUs support wouldn't be the worst thing in the world under the circumstances.
GICD_TYPER[10] (SecurityExtn) should tell you if the GIC has the security extensions. I don't know whether you'll encounter a platform where the CPU and GIC are mismatched w.r.t. security extensions.
Mark.