qemu-discuss
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: How to start an armv8 machine in EL3?

From: ckim
Subject: RE: How to start an armv8 machine in EL3?
Date: Wed, 3 Mar 2021 23:03:32 +0900 
Hi Alex Bennée,

Sorry, machine ab21q is just the copy of machine virt.
I found the pflash.img contained all zero in the beginning so it cause invalid 
instruction trap.
(thanks for the -d int,exec,in_asm option, I have to first learn more about the 
qemu usage than the internal.)
So I did 'cp test.bin pflash.img; truncate -s 67108864 pflash.img' to cut it to 
64MB. 
(The test.bin was almost 67MB, I was confused by the small sized test.elf which 
was only 776KB).
Now with the ' ${QEMU_DIR}/qemu-system-aarch64 -M virt -cpu cortex-a72 
-nographic -smp 1 
-m 2048 -drive if=pflash,file=pflash.img,format=raw,readonly=on -s -S' command, 
And after attaching gdb, I can see the original assembly code is being executed.
But with this method, it still is in EL1 (I can see with 'mrs x8, currentel' 
shortly after the start),
And the 'msr sp_el1, x0' instruction causes trap to 0x200. 
Could you give me more advice on this?
Thank you very much.

Chan Kim

> -----Original Message-----
> From: Alex Bennée <alex.bennee@linaro.org>
> Sent: Wednesday, March 3, 2021 9:01 PM
> To: ckim@etri.re.kr
> Cc: qemu-discuss@nongnu.org
> Subject: Re: How to start an armv8 machine in EL3?
> 
> 
> ckim@etri.re.kr writes:
> 
> > Hello Alex Bennée,
> >
> > Thank you for the help!
> > I didn't know "-kernel xxx.elf" method makes it start at EL1 by the
> > loader stub, and doing "--machine virtualization=on" makes it start at
> EL2. I checked these using gdb.
> >
> > And then I tested your suggestion :
> > ${QEMU_DIR}/qemu-system-aarch64 -M ab21q -cpu cortex-a72 -nographic
> > -smp 1 -m 2048 -drive
> > if=pflash,file=${KER_DIR}/ab21s_test.bin,format=raw,readonly=on -s -S
> 
> Hold on you've just switched from -M virt to -M ab21q? I don't even
> recognise that model.
> 
> > And it gave me :
> > qemu-system-aarch64: device requires 67108864 bytes, block backend
> > provides 776704 bytes
> >
> > Looks like the pflash device size is 64MB and my .bin file (which I made
> with objcopy from .elf file) is not big enough to fill the device.
> > I made the .bin file inside the pflash.img file by doing
> > (https://xnand.netlify.app/2019/10/03/armv8-qemu-efi-aarch64.html )
> >
> >     cp ${KER_DIR}/ab21s_test.bin pflash.img
> >     dd if=/dev/zero of=pflash.img bs=1c count=1 seek=67108863
> >
> > and tried
> > ${QEMU_DIR}/qemu-system-aarch64 -M virt -cpu cortex-a72 -nographic
> > -smp 1 -m 2048 -drive if=pflash,file=pflash.img,format=raw,readonly=on -
> s -S To see how the code works, but it traps from the first instruction.
> 
> Is it the instruction you expect? Try single stepping with gdbstub while
> using -d int,exec,in_asm on your command line for more details.
> 
> >
> > Can you tell me what's wrong with my command? (BTW I made .bin file by
> > aarch64-elf-objcopy -O binary test.elf test.bin )
> >
> > Again thanks for the kind explanation!
> > Best regards,
> >
> > Chan Kim
> >
> >> -----Original Message-----
> >> From: Alex Bennée <alex.bennee@linaro.org>
> >> Sent: Wednesday, March 3, 2021 7:05 PM
> >> To: ckim@etri.re.kr
> >> Cc: qemu-discuss@nongnu.org
> >> Subject: Re: How to start an armv8 machine in EL3?
> >>
> >>
> >> ckim@etri.re.kr writes:
> >>
> >> > Hello all,
> >> >
> >> > I found out in a baremetal program I run for qemu aarch64 'virt'
> >> > machine (cpu is cortex-a72),
> >> >
> >> > the "msr sp_el1, x0" instruction causes trap making PC jump to
> >> > 0x200 which is the vector address for synchronous exception, from
> >> > current EL while using SP_ELx (if the vector base address was 0,
> which is the case).
> >> >
> >> > (Ref :
> >> > https://developer.arm.com/documentation/102412/0100/The-vector-tabl
> >> > es
> >> > )
> >> >
> >> > When I read the 'EL' value by 'msr x8, currentel', x8 became '0x4'
> >> > so it is
> >> > EL1
> >> > (https://community.arm.com/developer/ip-products/processors/f/corte
> >> > x-a
> >> > -forum
> >> > /10303/armv8-a-currentel-register-definition)
> >> >
> >> > How come cortex-a72 machines started at EL1?
> >>
> >> Are you booting a kernel directly? In this case the kernel will boot
> >> into
> >> EL1 unless you specify -machine type=virt,virtualization=on in which
> >> case it will boot into EL2 and allow the kernel to utilise the
> >> virtualisation extensions.
> >>
> >> > And if I want to make the virtual machine start at EL3 (this
> >> > baremetal code assumes it should be in EL3 after reset, and it runs
> >> > ok in rtl sim.), what should I do?
> >>
> >> Generally as only firmware deals with EL3 you would have it running
> >> on some sort of flash device which the model would boot to directly
> >> in EL3 rather than running the stub loader we have for the kernel.
> >> For example to load the EDK firmware you would have:
> >>
> >>    -drive
> >> if=pflash,file=/usr/share/AAVMF/AAVMF_CODE.fd,format=raw,readonly=on \
> >>    -drive
> >> if=pflash,file=/home/alex/models/qemu-arm64-efivars,format=raw
> >>
> >> as part of your command line. You also need to enable secure mode in
> >> the machine options (-machine type=virt,secure=on).
> >>
> >> >
> >> > Thank you very much for reading.
> >> >
> >> > Chan Kim
> >> >
> >> >
> >>
> >>
> >> --
> >> Alex Bennée
> 
> 
> --
> Alex Bennée
reply via email to
[Prev in Thread] Current Thread [Next in Thread]