This is identical to http://patchwork.ozlabs.org/patch/399458/ posted by Tom Rini a month ago. Why is it taking so long for this patch?

I prefer describing the patch dependency in the cover letter to resending the same patch.

On Thu, 13 Nov 2014 20:37:40 +0100 Hans de Goede hdegoede@redhat.com wrote:

From: Tom Rini trini@ti.com

For similar reasons to why the Linux Kernel has an EXPERT option, we too want an option to allow for tweaking of some options that while normally should remain hidden, may need to be changed in some cases.

Signed-off-by: Tom Rini trini@ti.com Acked-by: Hans de Goede hdegoede@redhat.com Signed-off-by: Hans de Goede hdegoede@redhat.com

---

Kconfig | 8 ++++++++ 1 file changed, 8 insertions(+)

diff --git a/Kconfig b/Kconfig index f34f341..405b7a6 100644 --- a/Kconfig +++ b/Kconfig @@ -58,6 +58,14 @@ config CC_OPTIMIZE_FOR_SIZE

endmenu # General setup

+menuconfig EXPERT

•    bool "Configure standard U-Boot features (expert users)"
  

•    help
  

•      This option allows certain base U-Boot options and settings
  

•      to be disabled or tweaked. This is for specialized
  

•      environments which can tolerate a "non-standard" U-Boot.
  

•      Only use this if you really know what you are doing.
  

menu "Boot images"

config SPL_BUILD

2.1.0

---

U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot

Hello Hans,

On Thu, 13 Nov 2014 20:37:40 +0100, Hans de Goede hdegoede@redhat.com wrote:

From: Tom Rini trini@ti.com

For similar reasons to why the Linux Kernel has an EXPERT option, we too want an option to allow for tweaking of some options that while normally should remain hidden, may need to be changed in some cases.

Signed-off-by: Tom Rini trini@ti.com Acked-by: Hans de Goede hdegoede@redhat.com Signed-off-by: Hans de Goede hdegoede@redhat.com

---

Kconfig | 8 ++++++++ 1 file changed, 8 insertions(+)

diff --git a/Kconfig b/Kconfig index f34f341..405b7a6 100644 --- a/Kconfig +++ b/Kconfig @@ -58,6 +58,14 @@ config CC_OPTIMIZE_FOR_SIZE

endmenu # General setup

+menuconfig EXPERT

•    bool "Configure standard U-Boot features (expert users)"
  

•    help
  

•      This option allows certain base U-Boot options and settings
  

•      to be disabled or tweaked. This is for specialized
  

•      environments which can tolerate a "non-standard" U-Boot.
  

•      Only use this if you really know what you are doing.
  

menu "Boot images"

config SPL_BUILD

2.1.0

Applied to u-boot-arm/master, thanks!

Amicalement,

Hello Hans,

On Thu, 13 Nov 2014 20:37:41 +0100, Hans de Goede hdegoede@redhat.com wrote:

Add arch/arm/cpu/armv7/Kconfig with non-secure and virt options, this is a preparation patch for adding an env variable to choose between secure / non-secure boot on non-secure boot capable systems, specifically this prepares for adding CONFIG_CPU_V7_SEC_BY_DEFAULT as a proper Kconfig option.

Does not seem like CONFIG_CPU_V7_SEC_BY_DEFAULT is ever defined once all three patches are applied.

OTOH, patch 3/3 defines CONFIG_ARMV7_BOOT_SEC_DEFAULT (but see my comments on it)

Signed-off-by: Hans de Goede hdegoede@redhat.com

Changes in v2:

-Drop all the FIXME-s, use proper CPU_V7 and CPU_V7_HAS_foo checks instead

arch/arm/Kconfig | 4 ++++ arch/arm/cpu/armv7/Kconfig | 23 +++++++++++++++++++++++ arch/arm/cpu/armv7/exynos/Kconfig | 2 ++ board/sunxi/Kconfig | 2 ++ include/configs/arndale.h | 2 -- include/configs/sun7i.h | 2 -- include/configs/vexpress_ca15_tc2.h | 2 -- 7 files changed, 31 insertions(+), 6 deletions(-) create mode 100644 arch/arm/cpu/armv7/Kconfig

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 79ccc06..43ace2c 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -410,6 +410,8 @@ config TARGET_INTEGRATORCP_CM946ES config TARGET_VEXPRESS_CA15_TC2 bool "Support vexpress_ca15_tc2" select CPU_V7

• select CPU_V7_HAS_NONSEC
• select CPU_V7_HAS_VIRT

config TARGET_VEXPRESS_CA5X2 bool "Support vexpress_ca5x2" @@ -809,6 +811,8 @@ source "arch/arm/cpu/arm926ejs/versatile/Kconfig"

source "arch/arm/cpu/armv7/zynq/Kconfig"

+source "arch/arm/cpu/armv7/Kconfig"

source "board/aristainetos/Kconfig" source "board/BuR/kwb/Kconfig" source "board/BuR/tseries/Kconfig" diff --git a/arch/arm/cpu/armv7/Kconfig b/arch/arm/cpu/armv7/Kconfig new file mode 100644 index 0000000..15c5155 --- /dev/null +++ b/arch/arm/cpu/armv7/Kconfig @@ -0,0 +1,23 @@ +if CPU_V7

+config CPU_V7_HAS_NONSEC

•    bool
  

+config CPU_V7_HAS_VIRT

•    bool
  

+config ARMV7_NONSEC

• boolean "Enable support for booting in non-secure mode" if EXPERT
• depends on CPU_V7_HAS_NONSEC
• default y

I'm not a Kconfig expert, but doesn't this "y" here mean that support for non-secure mode is enabled by default? And should'nt it be more logical / secure that the default b "n" to avoid accidentally building a non-secure-capable U-Boot?

• ---help---
• Say Y here to enable support for booting in non-secure / SVC mode.

+config ARMV7_VIRT

• boolean "Enable support for hardware virtualization" if EXPERT
• depends on CPU_V7_HAS_VIRT && ARMV7_NONSEC
• default y

Same here.

• ---help---
• Say Y here to boot in hypervisor (HYP) mode when booting non-secure.

+endif diff --git a/arch/arm/cpu/armv7/exynos/Kconfig b/arch/arm/cpu/armv7/exynos/Kconfig index 090be93..e9a102c 100644 --- a/arch/arm/cpu/armv7/exynos/Kconfig +++ b/arch/arm/cpu/armv7/exynos/Kconfig @@ -26,6 +26,8 @@ config TARGET_ODROID

config TARGET_ARNDALE bool "Exynos5250 Arndale board"

• select CPU_V7_HAS_NONSEC
• select CPU_V7_HAS_VIRT select SUPPORT_SPL select OF_CONTROL if !SPL_BUILD

diff --git a/board/sunxi/Kconfig b/board/sunxi/Kconfig index 0bab31b..e20ea1b 100644 --- a/board/sunxi/Kconfig +++ b/board/sunxi/Kconfig @@ -21,6 +21,8 @@ config MACH_SUN6I config MACH_SUN7I bool "sun7i (Allwinner A20)" select CPU_V7

• select CPU_V7_HAS_NONSEC
• select CPU_V7_HAS_VIRT select SUPPORT_SPL

config MACH_SUN8I diff --git a/include/configs/arndale.h b/include/configs/arndale.h index f9ee40f..aa6b631 100644 --- a/include/configs/arndale.h +++ b/include/configs/arndale.h @@ -60,6 +60,4 @@ /* The PERIPHBASE in the CBAR register is wrong on the Arndale, so override it */ #define CONFIG_ARM_GIC_BASE_ADDRESS 0x10480000

-#define CONFIG_ARMV7_VIRT

#endif /* __CONFIG_H */ diff --git a/include/configs/sun7i.h b/include/configs/sun7i.h index ea40790..3629587 100644 --- a/include/configs/sun7i.h +++ b/include/configs/sun7i.h @@ -22,8 +22,6 @@ #define CONFIG_USB_MAX_CONTROLLER_COUNT 2 #endif

-#define CONFIG_ARMV7_VIRT 1 -#define CONFIG_ARMV7_NONSEC 1 #define CONFIG_ARMV7_PSCI 1 #define CONFIG_ARMV7_PSCI_NR_CPUS 2 #define CONFIG_ARMV7_SECURE_BASE SUNXI_SRAM_B_BASE diff --git a/include/configs/vexpress_ca15_tc2.h b/include/configs/vexpress_ca15_tc2.h index 982f4a7..b43afa2 100644 --- a/include/configs/vexpress_ca15_tc2.h +++ b/include/configs/vexpress_ca15_tc2.h @@ -18,6 +18,4 @@ #define CONFIG_SYSFLAGS_ADDR 0x1c010030 #define CONFIG_SMP_PEN_ADDR CONFIG_SYSFLAGS_ADDR

-#define CONFIG_ARMV7_VIRT

#endif

2.1.0

Amicalement,

Hello Hans,

On Thu, 13 Nov 2014 20:37:41 +0100, Hans de Goede hdegoede@redhat.com wrote:

Add arch/arm/cpu/armv7/Kconfig with non-secure and virt options, this is a preparation patch for adding an env variable to choose between secure / non-secure boot on non-secure boot capable systems, specifically this prepares for adding CONFIG_CPU_V7_SEC_BY_DEFAULT as a proper Kconfig option.

Signed-off-by: Hans de Goede hdegoede@redhat.com

Changes in v2:

-Drop all the FIXME-s, use proper CPU_V7 and CPU_V7_HAS_foo checks instead

arch/arm/Kconfig | 4 ++++ arch/arm/cpu/armv7/Kconfig | 23 +++++++++++++++++++++++ arch/arm/cpu/armv7/exynos/Kconfig | 2 ++ board/sunxi/Kconfig | 2 ++ include/configs/arndale.h | 2 -- include/configs/sun7i.h | 2 -- include/configs/vexpress_ca15_tc2.h | 2 -- 7 files changed, 31 insertions(+), 6 deletions(-) create mode 100644 arch/arm/cpu/armv7/Kconfig

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 79ccc06..43ace2c 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -410,6 +410,8 @@ config TARGET_INTEGRATORCP_CM946ES config TARGET_VEXPRESS_CA15_TC2 bool "Support vexpress_ca15_tc2" select CPU_V7

• select CPU_V7_HAS_NONSEC
• select CPU_V7_HAS_VIRT

config TARGET_VEXPRESS_CA5X2 bool "Support vexpress_ca5x2" @@ -809,6 +811,8 @@ source "arch/arm/cpu/arm926ejs/versatile/Kconfig"

source "arch/arm/cpu/armv7/zynq/Kconfig"

+source "arch/arm/cpu/armv7/Kconfig"

source "board/aristainetos/Kconfig" source "board/BuR/kwb/Kconfig" source "board/BuR/tseries/Kconfig" diff --git a/arch/arm/cpu/armv7/Kconfig b/arch/arm/cpu/armv7/Kconfig new file mode 100644 index 0000000..15c5155 --- /dev/null +++ b/arch/arm/cpu/armv7/Kconfig @@ -0,0 +1,23 @@ +if CPU_V7

+config CPU_V7_HAS_NONSEC

•    bool
  

+config CPU_V7_HAS_VIRT

•    bool
  

+config ARMV7_NONSEC

• boolean "Enable support for booting in non-secure mode" if EXPERT
• depends on CPU_V7_HAS_NONSEC
• default y
• ---help---
• Say Y here to enable support for booting in non-secure / SVC mode.

+config ARMV7_VIRT

• boolean "Enable support for hardware virtualization" if EXPERT
• depends on CPU_V7_HAS_VIRT && ARMV7_NONSEC
• default y
• ---help---
• Say Y here to boot in hypervisor (HYP) mode when booting non-secure.

+endif diff --git a/arch/arm/cpu/armv7/exynos/Kconfig b/arch/arm/cpu/armv7/exynos/Kconfig index 090be93..e9a102c 100644 --- a/arch/arm/cpu/armv7/exynos/Kconfig +++ b/arch/arm/cpu/armv7/exynos/Kconfig @@ -26,6 +26,8 @@ config TARGET_ODROID

config TARGET_ARNDALE bool "Exynos5250 Arndale board"

• select CPU_V7_HAS_NONSEC
• select CPU_V7_HAS_VIRT select SUPPORT_SPL select OF_CONTROL if !SPL_BUILD

diff --git a/board/sunxi/Kconfig b/board/sunxi/Kconfig index 0bab31b..e20ea1b 100644 --- a/board/sunxi/Kconfig +++ b/board/sunxi/Kconfig @@ -21,6 +21,8 @@ config MACH_SUN6I config MACH_SUN7I bool "sun7i (Allwinner A20)" select CPU_V7

• select CPU_V7_HAS_NONSEC
• select CPU_V7_HAS_VIRT select SUPPORT_SPL

config MACH_SUN8I diff --git a/include/configs/arndale.h b/include/configs/arndale.h index f9ee40f..aa6b631 100644 --- a/include/configs/arndale.h +++ b/include/configs/arndale.h @@ -60,6 +60,4 @@ /* The PERIPHBASE in the CBAR register is wrong on the Arndale, so override it */ #define CONFIG_ARM_GIC_BASE_ADDRESS 0x10480000

-#define CONFIG_ARMV7_VIRT

#endif /* __CONFIG_H */ diff --git a/include/configs/sun7i.h b/include/configs/sun7i.h index ea40790..3629587 100644 --- a/include/configs/sun7i.h +++ b/include/configs/sun7i.h @@ -22,8 +22,6 @@ #define CONFIG_USB_MAX_CONTROLLER_COUNT 2 #endif

-#define CONFIG_ARMV7_VIRT 1 -#define CONFIG_ARMV7_NONSEC 1 #define CONFIG_ARMV7_PSCI 1 #define CONFIG_ARMV7_PSCI_NR_CPUS 2 #define CONFIG_ARMV7_SECURE_BASE SUNXI_SRAM_B_BASE diff --git a/include/configs/vexpress_ca15_tc2.h b/include/configs/vexpress_ca15_tc2.h index 982f4a7..b43afa2 100644 --- a/include/configs/vexpress_ca15_tc2.h +++ b/include/configs/vexpress_ca15_tc2.h @@ -18,6 +18,4 @@ #define CONFIG_SYSFLAGS_ADDR 0x1c010030 #define CONFIG_SMP_PEN_ADDR CONFIG_SYSFLAGS_ADDR

-#define CONFIG_ARMV7_VIRT

#endif

2.1.0

Applied to u-boot-arm/master, thanks!

Amicalement,

Hello Hans,

On Thu, 13 Nov 2014 20:37:42 +0100, Hans de Goede hdegoede@redhat.com wrote:

Older Linux kernels will not properly boot in hyp mode, add support for a bootm_boot_mode environment variable, which can be set to "sec" or "nonsec" to force booting in secure or non-secure mode when build with non-sec support.

The default behavior can be selected through CONFIG_ARMV7_BOOT_SEC_DEFAULT, when this is set booting in secure mode is the default. The default setting for this Kconfig option is N, preserving the current behavior of booting in non-secure mode by default when non-secure mode is supported.

Signed-off-by: Hans de Goede hdegoede@redhat.com Acked-by: Marc Zyngier marc.zyngier@arm.com Acked-by: Siarhei Siamashka siarhei.siamashka@gmail.com -- Changes in v2: -Allow changing the default boot mode to secure through defining CONFIG_ARMV7_BOOT_SEC_DEFAULT, this is useful for archs which have a Kconfig option for compatibility with older kernels Changes in v3: -Add an else at the end of the #ifdef NONSEC block so that if do_nonsec_entry fails we do not end up re-trying in secure mode Changes in v4:

-Add a Kconfig option to select to boot in secure or non-secure mode by default

arch/arm/cpu/armv7/Kconfig | 11 +++++++++++ arch/arm/lib/bootm.c | 31 ++++++++++++++++++++++++++----- 2 files changed, 37 insertions(+), 5 deletions(-)

diff --git a/arch/arm/cpu/armv7/Kconfig b/arch/arm/cpu/armv7/Kconfig index 15c5155..6ee5ff8 100644 --- a/arch/arm/cpu/armv7/Kconfig +++ b/arch/arm/cpu/armv7/Kconfig @@ -13,6 +13,17 @@ config ARMV7_NONSEC ---help--- Say Y here to enable support for booting in non-secure / SVC mode.

+config ARMV7_BOOT_SEC_DEFAULT

• boolean "Boot in secure mode by default" if EXPERT
• depends on ARMV7_NONSEC
• default n
• ---help---
• Say Y here to boot in secure mode by default even if non-secure mode
• is supported. This option is useful to boot kernels which do not
• suppport booting in secure mode. Only set this if you need it.
• This can be overriden at run-time by setting the bootm_boot_mode env.
• variable to "sec" or "nonsec".

Not sure I'm getting this right, but it seems to me that forcing secure boot mode for kernels that don't support secure boot mode is kind of contradictory. Did you mean "... for kernels which do not suport booting in *non*-secure mode..." ?

config ARMV7_VIRT boolean "Enable support for hardware virtualization" if EXPERT depends on CPU_V7_HAS_VIRT && ARMV7_NONSEC diff --git a/arch/arm/lib/bootm.c b/arch/arm/lib/bootm.c index 4949d57..a7f7c67 100644 --- a/arch/arm/lib/bootm.c +++ b/arch/arm/lib/bootm.c @@ -237,6 +237,26 @@ static void boot_prep_linux(bootm_headers_t *images) } }

+#if defined(CONFIG_ARMV7_NONSEC) || defined(CONFIG_ARMV7_VIRT) +static bool boot_nonsec(void) +{

• char *s = getenv("bootm_boot_mode");

+#ifdef CONFIG_ARMV7_BOOT_SEC_DEFAULT

• bool nonsec = false;

+#else

• bool nonsec = true;

+#endif

• if (s && !strcmp(s, "sec"))

• nonsec = false;
  

• if (s && !strcmp(s, "nonsec"))

• nonsec = true;
  

• return nonsec;

+} +#endif

/* Subcommand: GO */ static void boot_jump_linux(bootm_headers_t *images, int flag) { @@ -285,12 +305,13 @@ static void boot_jump_linux(bootm_headers_t *images, int flag)

if (!fake) { #if defined(CONFIG_ARMV7_NONSEC) || defined(CONFIG_ARMV7_VIRT)

• armv7_init_nonsec();
  

• secure_ram_addr(_do_nonsec_entry)(kernel_entry,
  

• 				  0, machid, r2);
  

-#else

• kernel_entry(0, machid, r2);
  

• if (boot_nonsec()) {
  

• 	armv7_init_nonsec();
  

• 	secure_ram_addr(_do_nonsec_entry)(kernel_entry,
  

• 					  0, machid, r2);
  

• } else
  

#endif

• 	kernel_entry(0, machid, r2);
  

  }

#endif } -- 2.1.0

Amicalement,

Hello Hans,

On Thu, 13 Nov 2014 20:37:42 +0100, Hans de Goede hdegoede@redhat.com wrote:

Older Linux kernels will not properly boot in hyp mode, add support for a bootm_boot_mode environment variable, which can be set to "sec" or "nonsec" to force booting in secure or non-secure mode when build with non-sec support.

The default behavior can be selected through CONFIG_ARMV7_BOOT_SEC_DEFAULT, when this is set booting in secure mode is the default. The default setting for this Kconfig option is N, preserving the current behavior of booting in non-secure mode by default when non-secure mode is supported.

Signed-off-by: Hans de Goede hdegoede@redhat.com Acked-by: Marc Zyngier marc.zyngier@arm.com Acked-by: Siarhei Siamashka siarhei.siamashka@gmail.com -- Changes in v2: -Allow changing the default boot mode to secure through defining CONFIG_ARMV7_BOOT_SEC_DEFAULT, this is useful for archs which have a Kconfig option for compatibility with older kernels Changes in v3: -Add an else at the end of the #ifdef NONSEC block so that if do_nonsec_entry fails we do not end up re-trying in secure mode Changes in v4:

-Add a Kconfig option to select to boot in secure or non-secure mode by default

arch/arm/cpu/armv7/Kconfig | 11 +++++++++++ arch/arm/lib/bootm.c | 31 ++++++++++++++++++++++++++----- 2 files changed, 37 insertions(+), 5 deletions(-)

diff --git a/arch/arm/cpu/armv7/Kconfig b/arch/arm/cpu/armv7/Kconfig index 15c5155..6ee5ff8 100644 --- a/arch/arm/cpu/armv7/Kconfig +++ b/arch/arm/cpu/armv7/Kconfig @@ -13,6 +13,17 @@ config ARMV7_NONSEC ---help--- Say Y here to enable support for booting in non-secure / SVC mode.

+config ARMV7_BOOT_SEC_DEFAULT

• boolean "Boot in secure mode by default" if EXPERT
• depends on ARMV7_NONSEC
• default n
• ---help---
• Say Y here to boot in secure mode by default even if non-secure mode
• is supported. This option is useful to boot kernels which do not
• suppport booting in secure mode. Only set this if you need it.
• This can be overriden at run-time by setting the bootm_boot_mode env.
• variable to "sec" or "nonsec".

config ARMV7_VIRT boolean "Enable support for hardware virtualization" if EXPERT depends on CPU_V7_HAS_VIRT && ARMV7_NONSEC diff --git a/arch/arm/lib/bootm.c b/arch/arm/lib/bootm.c index 4949d57..a7f7c67 100644 --- a/arch/arm/lib/bootm.c +++ b/arch/arm/lib/bootm.c @@ -237,6 +237,26 @@ static void boot_prep_linux(bootm_headers_t *images) } }

+#if defined(CONFIG_ARMV7_NONSEC) || defined(CONFIG_ARMV7_VIRT) +static bool boot_nonsec(void) +{

• char *s = getenv("bootm_boot_mode");

+#ifdef CONFIG_ARMV7_BOOT_SEC_DEFAULT

• bool nonsec = false;

+#else

• bool nonsec = true;

+#endif

• if (s && !strcmp(s, "sec"))

• nonsec = false;
  

• if (s && !strcmp(s, "nonsec"))

• nonsec = true;
  

• return nonsec;

+} +#endif

/* Subcommand: GO */ static void boot_jump_linux(bootm_headers_t *images, int flag) { @@ -285,12 +305,13 @@ static void boot_jump_linux(bootm_headers_t *images, int flag)

if (!fake) { #if defined(CONFIG_ARMV7_NONSEC) || defined(CONFIG_ARMV7_VIRT)

• armv7_init_nonsec();
  

• secure_ram_addr(_do_nonsec_entry)(kernel_entry,
  

• 				  0, machid, r2);
  

-#else

• kernel_entry(0, machid, r2);
  

• if (boot_nonsec()) {
  

• 	armv7_init_nonsec();
  

• 	secure_ram_addr(_do_nonsec_entry)(kernel_entry,
  

• 					  0, machid, r2);
  

• } else
  

#endif

• 	kernel_entry(0, machid, r2);
  

  }

#endif } -- 2.1.0

Applied to u-boot-arm/master, thanks!

Amicalement,