[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-arm] [PATCH 0/4] virt: provide secure-only RAM and first flash
From: |
Peter Maydell |
Subject: |
[Qemu-arm] [PATCH 0/4] virt: provide secure-only RAM and first flash |
Date: |
Fri, 12 Feb 2016 14:45:57 +0000 |
This patchset adds some more secure-only devices to the virt board:
(1) a 16MB secure-only RAM
(2) the first flash device is secure-only
The second of these is strictly speaking a breaking change, but I don't
expect it in practice to break anybody:
(a) there's not much use of the secure support in virt yet
(b) anything booting a rom image from that flash if TZ is enabled
will be booting it in Secure mode anyway so will be able to access
the code -- the only thing that would stop working would be if the
guest flipped to NS and still expected to be able to access the flash
The second flash device remains NS-accessible (with the expectation that
it will be used for NS UEFI environment variable storage).
In particular, the ATF+OPTEE+UEFI+Linux stack still works fine with
these changes.
NOTE: to get the -bios option to correctly load to the secure-only
flash I had to implement a new function in loader.c. load_image_mr()
is just like load_image_targphys() except that it requests loading
to a MemoryRegion rather than a physaddr. I think we can also use this
to clean up the Sparc cg3 and tcx display devices, which currently take
a qdev property which is "the address I'm going to be mapped at"
purely so they can use load_image_targphys() to load their ROMs.
I have to say I found the loader.c code a bit confusing (it has some
support for "load image to MR" already, but it seems to be tangled
up with the fw_cfg and PC option rom support); review of that
patch in particular appreciated.
thanks
-- PMM
Peter Maydell (4):
hw/arm/virt: Provide a secure-only RAM if booting in Secure mode
loader: Add load_image_mr() to load ROM image to a MemoryRegion
hw/arm/virt: Load bios image to MemoryRegion, not physaddr
hw/arm/virt: Make first flash device Secure-only if booting secure
hw/arm/virt.c | 118 ++++++++++++++++++++++++++++++++++++++------------
hw/core/loader.c | 35 +++++++++++++--
include/hw/arm/virt.h | 1 +
include/hw/loader.h | 18 +++++++-
4 files changed, 138 insertions(+), 34 deletions(-)
--
1.9.1
- [Qemu-arm] [PATCH 0/4] virt: provide secure-only RAM and first flash,
Peter Maydell <=
- [Qemu-arm] [PATCH 2/4] loader: Add load_image_mr() to load ROM image to a MemoryRegion, Peter Maydell, 2016/02/12
- [Qemu-arm] [PATCH 1/4] hw/arm/virt: Provide a secure-only RAM if booting in Secure mode, Peter Maydell, 2016/02/12
- [Qemu-arm] [PATCH 4/4] hw/arm/virt: Make first flash device Secure-only if booting secure, Peter Maydell, 2016/02/12
- [Qemu-arm] [PATCH 3/4] hw/arm/virt: Load bios image to MemoryRegion, not physaddr, Peter Maydell, 2016/02/12
- Re: [Qemu-arm] [Qemu-devel] [PATCH 0/4] virt: provide secure-only RAM and first flash, Mark Cave-Ayland, 2016/02/12
- Re: [Qemu-arm] [Qemu-devel] [PATCH 0/4] virt: provide secure-only RAM and first flash, Peter Maydell, 2016/02/25