@@ -457,6 +457,16 @@ static void do_cpu_reset(void *opaque)
env->thumb = info->entry & 1;
}
} else {
+ /* If we are booting Linux then we need to check whether we are
+ * booting into secure or non-secure state and adjust the state
+ * accordingly. Out of reset, ARM is defined to be in secure state
+ * (SCR.NS = 0), we change that here if non-secure boot has been
+ * requested.
+ */
+ if (arm_feature(env, ARM_FEATURE_EL3) && !info->secure_boot) {
+ env->cp15.scr_el3 |= SCR_NS;
+ }
+
if (CPU(cpu) == first_cpu) {
if (env->aarch64) {
env->pc = info->loader_start;
@@ -37,6 +37,10 @@ struct arm_boot_info {
hwaddr gic_cpu_if_addr;
int nb_cpus;
int board_id;
+ /* ARM machines that support the ARM Security Extensions use this field to
+ * control whether Linux is booted as secure(true) or non-secure(false).
+ */
+ bool secure_boot;
int (*atag_board)(const struct arm_boot_info *info, void *p);
/* multicore boards that use the default secondary core boot functions
* can ignore these two function calls. If the default functions won't