diff mbox

[PULL,10/20] hw/arm/virt: Default to not providing TrustZone support

Message ID 1441731092-6513-11-git-send-email-peter.maydell@linaro.org
State Accepted
Commit 2d710006a0da4a9b7ddf5c02d072e178906d0ef6
Headers show

Commit Message

Peter Maydell Sept. 8, 2015, 4:51 p.m. UTC 
Switch the default for the 'virt' board to not providing TrustZone
support in either the CPU or the GIC. This is primarily for the
benefit of UEFI, which currently assumes there is no TrustZone
support, and does not set the GIC up correctly if it is TZ-aware.
It also means the board is consistent about its behaviour whether
we're using KVM or TCG (KVM never has TrustZone support).

If TrustZone support is required (for instance for running test
suites or TZ-aware firmware) it can be enabled with the
"-machine secure=on" command line option.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1441383782-24378-6-git-send-email-peter.maydell@linaro.org
---
 hw/arm/virt.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)
diff mbox

Patch

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 91e45e0..a067748 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -1044,8 +1044,11 @@  static void virt_instance_init(Object *obj)
 {
     VirtMachineState *vms = VIRT_MACHINE(obj);
 
-    /* EL3 is enabled by default on virt */
-    vms->secure = true;
+    /* EL3 is disabled by default on virt: this makes us consistent
+     * between KVM and TCG for this board, and it also allows us to
+     * boot UEFI blobs which assume no TrustZone support.
+     */
+    vms->secure = false;
     object_property_add_bool(obj, "secure", virt_get_secure,
                              virt_set_secure, NULL);
     object_property_set_description(obj, "secure",