[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [Bug 1812091] Re: ARMv8-M boots in wrong security mode
From: |
Thomas Roth |
Subject: |
[Qemu-devel] [Bug 1812091] Re: ARMv8-M boots in wrong security mode |
Date: |
Wed, 16 Jan 2019 18:52:10 -0000 |
** Information type changed from Public Security to Public
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1812091
Title:
ARMv8-M boots in wrong security mode
Status in QEMU:
New
Bug description:
Qemu-commit: b2f7c27f56bf1116ebb7848c75914aa7c5d6a040
The ARMv8-M architecture (with security extensions) contains a SAU, the
Security Attribution Unit. After booting the mps2-an505 and immediately halting
(`-S`), I attempt to read the SAU_TYPE register, located at 0xE000EDD4, using
gdb (x 0xE000EDD4). The returned value is 0, while the expected value is 8
(number of regions).
On further investigation, it seems that `attrs.secure` is set to false
(armv7m_nvic.c - nvic_readl, line 1167). Commenting out the check will
return the correct value.
As the CPU should be in 'secure' mode after reset, I think this
behavior is wrong.
Steps to reproduce:
Example code that loads an endless loop into the beginning of secure memory:
https://github.com/ajblane/armv8m-hello
Commandline: qemu-system-arm -machine mps2-an505 -cpu cortex-m33 \
-m 4096 \
-nographic -serial mon:stdio \
-kernel $(IMAGE) -s -S
Attach with arm-none-eabi-gdb, and run x 0xE000EDD4.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1812091/+subscriptions