Re: [U-Boot] [PATCH v2] vexpress: disable cci ace slave ports when booting in non-sec/hyp mode
On 26/09/16 14:19, Jon Medhurst (Tixy) wrote:
On Mon, 2016-09-26 at 13:38 +0100, Sudeep Holla wrote:
On 26/09/16 13:30, Jon Medhurst (Tixy) wrote:
On Fri, 2016-09-23 at 17:38 +0100, Sudeep Holla wrote:
Commit f225d39d3093 ("vexpress: Check TC2 firmware support before defaulting
to nonsec booting") added support to check if the firmware on TC2 is
configured appropriately before booting in nonsec/hyp mode.
However when booting in non-secure/hyp mode, CCI control must be done in
secure firmware and can't be done in non-secure/hyp mode. In order to
ensure that, this patch disables the cci slave port inteface so that it
is not accessed at all.
Cc: Jon Medhurst
Acked-by: Marc Zyngier
Signed-off-by: Sudeep Holla
---
Acked-by: Jon Medhurst
Tested-by: Jon Medhurst
So, can I assume the missing kernel patches to be reason for boot hang ?
Just wanted to know if I need to investigate that any further ?
Sorry, yes they were the reason and no further investigation needed. I
remembered getting nonsec mode working some month's ago without such
patches, but I remember now that was by disabling MCPM in the kernel.
This morning I tried these U-Boot patches successfully with:
- Upstream vexpress_defconfig kernel booting with 'sec' mode
- That kernel with Lorenzo's patches in both 'sec' and 'nonsec'
- As above with CONFIG_BL_SWITCHER enabled
When booting in nonsec I also verified the device-tree modifications
made by this patch by seeing the following files existed and contained
the word 'disabled'...
/proc/device-tree/cci@2c09/slave-if@4000/status
/proc/device-tree/cci@2c09/slave-if@5000/status
That was very detailed :), thanks for testing and confirming. I too did
similar examination and didn't find anything odd so far.
--
Regards,
Sudeep
___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] [PATCH v2] vexpress: disable cci ace slave ports when booting in non-sec/hyp mode
On Mon, 2016-09-26 at 13:38 +0100, Sudeep Holla wrote:
>
> On 26/09/16 13:30, Jon Medhurst (Tixy) wrote:
> > On Fri, 2016-09-23 at 17:38 +0100, Sudeep Holla wrote:
> >> Commit f225d39d3093 ("vexpress: Check TC2 firmware support before
> >> defaulting
> >> to nonsec booting") added support to check if the firmware on TC2 is
> >> configured appropriately before booting in nonsec/hyp mode.
> >>
> >> However when booting in non-secure/hyp mode, CCI control must be done in
> >> secure firmware and can't be done in non-secure/hyp mode. In order to
> >> ensure that, this patch disables the cci slave port inteface so that it
> >> is not accessed at all.
> >>
> >> Cc: Jon Medhurst
> >> Acked-by: Marc Zyngier
> >> Signed-off-by: Sudeep Holla
> >> ---
> >
> > Acked-by: Jon Medhurst
> > Tested-by: Jon Medhurst
>
> So, can I assume the missing kernel patches to be reason for boot hang ?
> Just wanted to know if I need to investigate that any further ?
Sorry, yes they were the reason and no further investigation needed. I
remembered getting nonsec mode working some month's ago without such
patches, but I remember now that was by disabling MCPM in the kernel.
This morning I tried these U-Boot patches successfully with:
- Upstream vexpress_defconfig kernel booting with 'sec' mode
- That kernel with Lorenzo's patches in both 'sec' and 'nonsec'
- As above with CONFIG_BL_SWITCHER enabled
When booting in nonsec I also verified the device-tree modifications
made by this patch by seeing the following files existed and contained
the word 'disabled'...
/proc/device-tree/cci@2c09/slave-if@4000/status
/proc/device-tree/cci@2c09/slave-if@5000/status
--
Tixy
___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] [PATCH v2] vexpress: disable cci ace slave ports when booting in non-sec/hyp mode
On 26/09/16 13:30, Jon Medhurst (Tixy) wrote:
On Fri, 2016-09-23 at 17:38 +0100, Sudeep Holla wrote:
Commit f225d39d3093 ("vexpress: Check TC2 firmware support before defaulting
to nonsec booting") added support to check if the firmware on TC2 is
configured appropriately before booting in nonsec/hyp mode.
However when booting in non-secure/hyp mode, CCI control must be done in
secure firmware and can't be done in non-secure/hyp mode. In order to
ensure that, this patch disables the cci slave port inteface so that it
is not accessed at all.
Cc: Jon Medhurst
Acked-by: Marc Zyngier
Signed-off-by: Sudeep Holla
---
Acked-by: Jon Medhurst
Tested-by: Jon Medhurst
So, can I assume the missing kernel patches to be reason for boot hang ?
Just wanted to know if I need to investigate that any further ?
--
Regards,
Sudeep
___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] [PATCH v2] vexpress: disable cci ace slave ports when booting in non-sec/hyp mode
On Fri, 2016-09-23 at 17:38 +0100, Sudeep Holla wrote:
> Commit f225d39d3093 ("vexpress: Check TC2 firmware support before defaulting
> to nonsec booting") added support to check if the firmware on TC2 is
> configured appropriately before booting in nonsec/hyp mode.
>
> However when booting in non-secure/hyp mode, CCI control must be done in
> secure firmware and can't be done in non-secure/hyp mode. In order to
> ensure that, this patch disables the cci slave port inteface so that it
> is not accessed at all.
>
> Cc: Jon Medhurst
> Acked-by: Marc Zyngier
> Signed-off-by: Sudeep Holla
> ---
Acked-by: Jon Medhurst
Tested-by: Jon Medhurst
> board/armltd/vexpress/vexpress_tc2.c | 52
>
> configs/vexpress_ca15_tc2_defconfig | 1 +
> 2 files changed, 53 insertions(+)
>
> Hi,
>
> This change is needed to avoid the kernel panic while attempting to access
> CCI ports when booting in non-sec/HYP mode. The kernel patches to fix
> this are available @[1]
>
> Regards,
> Sudeep
>
> v1->v2:
> - Fix compilation with !CONFIG_ARMV7_NONSEC(Thanks to Tixy)
>
> [1] http://www.spinics.net/lists/arm-kernel/msg533715.html
>
> diff --git a/board/armltd/vexpress/vexpress_tc2.c
> b/board/armltd/vexpress/vexpress_tc2.c
> index ebb41a8833ab..c7adf950f579 100644
> --- a/board/armltd/vexpress/vexpress_tc2.c
> +++ b/board/armltd/vexpress/vexpress_tc2.c
> @@ -7,7 +7,11 @@
> * SPDX-License-Identifier: GPL-2.0+
> */
>
> +#include
> #include
> +#include
> +#include
> +#include
>
> #define SCC_BASE 0x7fff
>
> @@ -31,3 +35,51 @@ bool armv7_boot_nonsec_default(void)
> return (readl((u32 *)(SCC_BASE + 0x700)) & ((1 << 12) | (1 << 13))) ==
> 0;
> #endif
> }
> +
> +#ifdef CONFIG_OF_BOARD_SETUP
> +int ft_board_setup(void *fdt, bd_t *bd)
> +{
> + int offset, tmp, len;
> + const struct fdt_property *prop;
> + const char *cci_compatible = "arm,cci-400-ctrl-if";
> +
> +#ifdef CONFIG_ARMV7_NONSEC
> + if (!armv7_boot_nonsec())
> + return 0;
> +#else
> + return 0;
> +#endif
> + /* Booting in nonsec mode, disable CCI access */
> + offset = fdt_path_offset(fdt, "/cpus");
> + if (offset < 0) {
> + printf("couldn't find /cpus\n");
> + return offset;
> + }
> +
> + /* delete cci-control-port in each cpu node */
> + for (tmp = fdt_first_subnode(fdt, offset); tmp >= 0;
> + tmp = fdt_next_subnode(fdt, tmp))
> + fdt_delprop(fdt, tmp, "cci-control-port");
> +
> + /* disable all ace cci slave ports */
> + offset = fdt_node_offset_by_prop_value(fdt, offset, "compatible",
> +cci_compatible, 20);
> + while (offset > 0) {
> + prop = fdt_get_property(fdt, offset, "interface-type",
> + &len);
> + if (!prop)
> + continue;
> + if (len < 4)
> + continue;
> + if (strcmp(prop->data, "ace"))
> + continue;
> +
> + fdt_setprop_string(fdt, offset, "status", "disabled");
> +
> + offset = fdt_node_offset_by_prop_value(fdt, offset,
> "compatible",
> +cci_compatible, 20);
> + }
> +
> + return 0;
> +}
> +#endif /* CONFIG_OF_BOARD_SETUP */
> diff --git a/configs/vexpress_ca15_tc2_defconfig
> b/configs/vexpress_ca15_tc2_defconfig
> index 2f141dda06c6..5154803b7c65 100644
> --- a/configs/vexpress_ca15_tc2_defconfig
> +++ b/configs/vexpress_ca15_tc2_defconfig
> @@ -1,5 +1,6 @@
> CONFIG_ARM=y
> CONFIG_TARGET_VEXPRESS_CA15_TC2=y
> +CONFIG_OF_BOARD_SETUP=y
> CONFIG_HUSH_PARSER=y
> # CONFIG_CMD_CONSOLE is not set
> # CONFIG_CMD_BOOTD is not set
> --
> 2.7.4
>
___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] [PATCH v2] vexpress: disable cci ace slave ports when booting in non-sec/hyp mode
On 26/09/16 12:35, Sudeep Holla wrote:
On 26/09/16 12:30, Jon Medhurst (Tixy) wrote:
On Fri, 2016-09-23 at 17:38 +0100, Sudeep Holla wrote:
Commit f225d39d3093 ("vexpress: Check TC2 firmware support before
defaulting
to nonsec booting") added support to check if the firmware on TC2 is
configured appropriately before booting in nonsec/hyp mode.
However when booting in non-secure/hyp mode, CCI control must be done in
secure firmware and can't be done in non-secure/hyp mode. In order to
ensure that, this patch disables the cci slave port inteface so that it
is not accessed at all.
Cc: Jon Medhurst
Acked-by: Marc Zyngier
Signed-off-by: Sudeep Holla
---
This works for me (unsurprisingly) when booting in secure mode. What
kernel and firmware config do I need to use for non-sec mode? I tried
vexpress_defconfig, with bits 12 and 13 cleared in SCC: 0x700
but I get nothing out the console after "Starting kernel ..."
I just flipped bit 12 and 13 in SCC: 0x700 to switch between MCPM/secure
and HYP/non-secure mode. All other images/settings remain the same.
So IIUC, with vexpress_defconfig + above SCC change you are seeing a
hand, I will check that. I am using multi_v7_defconfig.
+ the patches from Lorenzo fixing MCPM code in the kernel [1] as
mentioned first email carrying this patch.
--
Regards,
Sudeep
[1] http://www.spinics.net/lists/arm-kernel/msg533715.html
___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] [PATCH v2] vexpress: disable cci ace slave ports when booting in non-sec/hyp mode
On 26/09/16 12:30, Jon Medhurst (Tixy) wrote:
On Fri, 2016-09-23 at 17:38 +0100, Sudeep Holla wrote:
Commit f225d39d3093 ("vexpress: Check TC2 firmware support before defaulting
to nonsec booting") added support to check if the firmware on TC2 is
configured appropriately before booting in nonsec/hyp mode.
However when booting in non-secure/hyp mode, CCI control must be done in
secure firmware and can't be done in non-secure/hyp mode. In order to
ensure that, this patch disables the cci slave port inteface so that it
is not accessed at all.
Cc: Jon Medhurst
Acked-by: Marc Zyngier
Signed-off-by: Sudeep Holla
---
This works for me (unsurprisingly) when booting in secure mode. What
kernel and firmware config do I need to use for non-sec mode? I tried
vexpress_defconfig, with bits 12 and 13 cleared in SCC: 0x700
but I get nothing out the console after "Starting kernel ..."
I just flipped bit 12 and 13 in SCC: 0x700 to switch between MCPM/secure
and HYP/non-secure mode. All other images/settings remain the same.
So IIUC, with vexpress_defconfig + above SCC change you are seeing a
hand, I will check that. I am using multi_v7_defconfig.
--
Regards,
Sudeep
___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] [PATCH v2] vexpress: disable cci ace slave ports when booting in non-sec/hyp mode
On Fri, 2016-09-23 at 17:38 +0100, Sudeep Holla wrote:
> Commit f225d39d3093 ("vexpress: Check TC2 firmware support before defaulting
> to nonsec booting") added support to check if the firmware on TC2 is
> configured appropriately before booting in nonsec/hyp mode.
>
> However when booting in non-secure/hyp mode, CCI control must be done in
> secure firmware and can't be done in non-secure/hyp mode. In order to
> ensure that, this patch disables the cci slave port inteface so that it
> is not accessed at all.
>
> Cc: Jon Medhurst
> Acked-by: Marc Zyngier
> Signed-off-by: Sudeep Holla
> ---
This works for me (unsurprisingly) when booting in secure mode. What
kernel and firmware config do I need to use for non-sec mode? I tried
vexpress_defconfig, with bits 12 and 13 cleared in SCC: 0x700
but I get nothing out the console after "Starting kernel ..."
--
Tixy
___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
