qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: question regarding vexpress and aarch64 secure boot

From: Peter Maydell
Subject: Re: question regarding vexpress and aarch64 secure boot
Date: Mon, 14 Sep 2020 23:40:30 +0100 
On Mon, 14 Sep 2020 at 20:59, Thomas Meyer <thomas@m3y3r.de> wrote:
> When trying to boot an linux kernel with
>
> qemu-system-aarch64 -s -S -kernel /path/to/kernel -append
> "console=ttyAMA0 loglevel=9 nokaslr" -dtb /path/to/dtb -M vexpress-a15 -cpu 
> cortex-a53 -nographic

This is trying to boot the vexpress-a15 board, which uses a Cortex-A15,
with a Cortex-A53, which is a different CPU and not compatible
with it at all (in particular it is 64 bits).

Unfortunately a lot of our boards don't really sanity check user
arguments; it would be more userfriendly in this case to simply
forbid anything other than '-cpu cortex-a15' (which is the default
anyway).

The general rule of thumb for arm board models is: don't try
to specify the CPU for anything except the 'virt' board,
just use the default. Almost all of them are models of
specific bits of hardware which did not have pluggable CPUs
and which won't work if you try to use a different CPU type.

> I do hit the assertion:
> qemu-system-aarch64: /builddir/build/BUILD/qemu-4.2.1/hw/arm/boot.c:742: 
> do_cpu_reset: Assertion `!info->secure_boot' failed.

This assert fires because the board says "I always boot kernels
in secure state" but the bootloader code knows that AArch64
CPUs don't boot kernels in secure state. The contradiction is
because you've tried to use a 64-bit CPU on this 32-bit-only board.

> So I did try to boot with "-machine secure=off" which makes the kernel
> boot (at least a bit...), but it also seems to drop EL3 support in vexpress.c:
>
>         if (!secure) {
>             object_property_set_bool(cpuobj, "has_el3", false, NULL);
>         }
>
> which triggers arm/cpu.c:
>
>     if (!cpu->has_el3) {
>         /* If the has_el3 CPU property is disabled then we need to disable the
>          * feature.
>          */
>         unset_feature(env, ARM_FEATURE_EL3);

That part is all expected: saying "secure=off" is saying "I don't
want EL3/TrustZone", so we give your guest code a CPU without it,
and then your guest falls over because it assumed it was present.

If you want a board type for AArch64 work, we recommend "virt".

thanks
-- PMM
reply via email to
[Prev in Thread] Current Thread [Next in Thread]