diff options
author | Vikram Kanigiri <vikram.kanigiri@arm.com> | 2015-07-23 11:16:28 +0100 |
---|---|---|
committer | Vikram Kanigiri <vikram.kanigiri@arm.com> | 2015-09-02 13:48:45 +0100 |
commit | a2f8b16650ab3d80864c0edfa205c2c8dd012b8d (patch) | |
tree | 5dcb8b750a49b4aef85310dc6cef818d309363ac /bl1 | |
parent | e04723e21362c322b7725662871153dadb9d3167 (diff) | |
download | trusted-firmware-a-a2f8b16650ab3d80864c0edfa205c2c8dd012b8d.tar.gz |
Ensure BL2 security state is secure
BL2 loads secure runtime code(BL3-1, BL3-2) and hence it has to
run in secure world otherwise BL3-1/BL3-2 have to execute from
non-secure memory. Hence, This patch removes the change_security_state()
call in bl1_run_bl2() and replaces it with an assert to confirm
the BL2 as secure.
Fixes ARM-software/tf-issues#314
Change-Id: I611b83f5c4090e58a76a2e950b0d797b46df3c29
Diffstat (limited to 'bl1')
-rw-r--r-- | bl1/bl1_main.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/bl1/bl1_main.c b/bl1/bl1_main.c index e3225319b3..dad64e259f 100644 --- a/bl1/bl1_main.c +++ b/bl1/bl1_main.c @@ -44,14 +44,16 @@ ******************************************************************************/ static void __dead2 bl1_run_bl2(entry_point_info_t *bl2_ep) { + /* Check bl2 security state is expected as secure */ + assert(GET_SECURITY_STATE(bl2_ep->h.attr) == SECURE); + /* Check NS Bit is also set as secure */ + assert(!(read_scr_el3() & SCR_NS_BIT)); + bl1_arch_next_el_setup(); /* Tell next EL what we want done */ bl2_ep->args.arg0 = RUN_IMAGE; - if (GET_SECURITY_STATE(bl2_ep->h.attr) == NON_SECURE) - change_security_state(GET_SECURITY_STATE(bl2_ep->h.attr)); - write_spsr_el3(bl2_ep->spsr); write_elr_el3(bl2_ep->pc); |