Multi-platform, and secure-only ARM errata workarounds
Peter De Schrijver
pdeschrijver at nvidia.com
Wed Mar 6 03:14:01 EST 2013
On Tue, Mar 05, 2013 at 06:00:26PM +0100, Stephen Warren wrote:
> On 03/05/2013 12:40 AM, Peter De Schrijver wrote:
> > On Mon, Mar 04, 2013 at 06:08:27PM +0100, Stephen Warren wrote:
> >> On 03/04/2013 02:16 AM, Peter De Schrijver wrote:
> >>> On Mon, Mar 04, 2013 at 07:34:36AM +0100, Peter De Schrijver wrote:
> >>>> On Fri, Mar 01, 2013 at 06:37:27PM +0100, Stephen Warren wrote:
> >>>>
> > Unfortunately we can't write to the diag register if we are in non-secure
> > mode. So unless we never want to support running in non-secure mode, we will
> > need to make the distinction somehow and use a different method for non-secure
> > mode. Or assume the secure OS has applied the WARs.
>
> Yes. The secure OS really has to have enabled the appropriate WARs
> before jumping into the kernel's reset vector. If/when we support the
> upstream kernel running on Tegra in non-secure mode, the plan was to use
> a Tegra-specific mechanism to detect secure-vs-normal mode in the Tegra
> reset vector, and skip the application of secure-only WARs based on that.
>
Ok. If we have such a mechanism, that works too ofcourse. I was under the
impression there is no way to know if you're running in secure mode
or non-secure mode.
> > I'm afraid existing secure
> > OS implementations for Tegra don't work that way though. They just offer an
> > SMC which allows the kernel to read and write the diag register.
>
> I had a downstream discussion about this, and Bo Yan said someone had
> verified this was working correctly for at least for some WARs on some
> CPUs and for the one particular secure OS we're using.
>
Ok. That should be good enough indeed.
> I think it's reasonable to require a fixed secure OS (i.e. one that
> correctly enables any required WARs) be used with any upstream kernel,
> since running in normal world would be a new feature that we'd be
> supporting.
>
Sure. But it would be nice if we can support existing systems which have a
secure OS we can't change.
> An SMC to read/write the diag register sounds the opposite of secure...
>
GP OMAP devices provide this, but then again they aren't meant to be secure
even though they run linx in non-secure mode...
Cheers,
Peter.
More information about the linux-arm-kernel
mailing list