[RFC] schemas: chosen: describe new arm,security-state property #163
Conversation
We once again stumbled over errata fixups that were applied twice, first in the barebox bootloader and then in the Linux kernel. This went unnoticed at first, but with OP-TEE enabled as a secure monitor, the system hangs very early before regular console output is available. The Linux kernel errata fixes for non-ARCH_MULTIPLATFORM will likely never go away, because bootloaders may not be updatable in the field and sometimes don't even suffer from the consequences, e.g. because they affect only SMP. Therefore, let's add at least a way for the bootloader to tell the OS about whether it's running in the secure world or not. Signed-off-by: Ahmad Fatoum <[email protected]>
|
The enumeration is not exhaustive even for ARMv7, but I think it doesn't need to be. If bootloader starts the kernel in hypervisor state, it can still say |
|
What platforms and errata fixes are we talking about specifically. I'd like to see what the response is to adding this to the kernel. |
|
|
||
| arm,security-state: | ||
| $ref: types.yaml#/definitions/string | ||
| enum: [ non-secure, secure ] |
There was a problem hiding this comment.
"non-secure" is the default for what's expected, so I don't think we should have a value for it. Then it becomes a question of whether we'd ever need something beyond "secure" and this could just be a boolean.
There was a problem hiding this comment.
From my experience, the default for ARMv7 is the kernel first starting in secure mode, because there's no OP-TEE or TF-A that switches to normal world.
@bith3ad had inherited a kernel that enabled
I did not start the discussion upstream yet. I wanted to test waters with the property and then take the discussion to linux-arm-kernel. |
3 participants
We once again stumbled over errata fixups that were applied twice, first in the barebox bootloader and then in the Linux kernel. This went unnoticed at first, but with OP-TEE enabled as a secure monitor, the system hangs very early before regular console output is available.
The Linux kernel errata fixes for non-ARCH_MULTIPLATFORM will likely never go away, because bootloaders may not be updatable in the field and sometimes don't even suffer from the consequences, e.g. because they affect only SMP.
Therefore, let's add at least a way for the bootloader to tell the OS about whether it's running in the secure world or not.