ARM processor mode, kernel startup, Hyp / secure state

Will Deacon will.deacon at arm.com
Wed Aug 24 09:51:09 EDT 2011


Hi Ian,

On Tue, Aug 23, 2011 at 06:23:32PM +0100, Ian Jackson wrote:
> Catalin Marinas writes ("Re: ARM processor mode, kernel startup, Hyp / secure state"):
> > (I'll be on holiday from tomorrow, so not able to follow up until September).
> 
> Right.  Let's try to be quick :-).

Ha, you've got enough people interested now that there's no need to rush!

> > We had some discussions both with ARM partners and Christoffer and it
> > is not clear how we go about initialising the Hyp mode. Most SoC
> > vendors would probably just run Linux in non-secure SVC mode and would
> > not touch the Hyp mode at all. Linux would issue an SMC to set the
> > HVBAR (could do HVC but I expect that there is no secure monitor
> > code). Once this is set, assuming that the Hyp MMU is disabled, Linux
> > can invoke an HVC and initialise the Hyp mode.
> 
> Well, yes.  Do SoC vendors all expect to own the secure state ?
> 
> If so then the answer is perhaps simply that they should boot Linux in
> Hyp mode (and expect Linux to drop to ordinary svc mode).

I think it's important to separate the problems of secure boot with the
problems of installing a hypervisor. Whatever happens in secure world, we can
expect to be dropped at either HYP mode or non-secure SVC mode. Sure, on a dev
board you might run directly in the secure world so there's a bit of extra
work to do to get out of that but then we can just drop into HVC mode and
forget about it.

> If we had a more functional bootloader setup (which AIUI is definitely
> planned) we could do.
> 
> > >   (b) If started in Hyp mode:
> > >       * Install a trivial hypervisor vector which unconditionally
> > >         copies r0 to HVBAR and returns
> > >   (c) Rest of startup.



More information about the linux-arm-kernel mailing list