From dc888dd43bea83b1ccc3d0554d5044179554a5f1 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 27 Jan 2022 15:46:35 +0000 Subject: hw/arm/boot: Prevent setting both psci_conduit and secure_board_setup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now that we have dealt with the one special case (highbank) that needed to set both psci_conduit and secure_board_setup, we don't need to allow that combination any more. It doesn't make sense in general, so use an assertion to ensure we don't add new boards that do it by accident without thinking through the consequences. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Reviewed-by: Niek Linnenbank Tested-by: Cédric Le Goater Tested-by: Niek Linnenbank Message-id: 20220127154639.2090164-13-peter.maydell@linaro.org --- hw/arm/boot.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'hw/arm') diff --git a/hw/arm/boot.c b/hw/arm/boot.c index 327e449..0424c17 100644 --- a/hw/arm/boot.c +++ b/hw/arm/boot.c @@ -1339,6 +1339,16 @@ void arm_load_kernel(ARMCPU *cpu, MachineState *ms, struct arm_boot_info *info) * supported exception level or in a lower one. */ + /* + * If PSCI is enabled, then SMC calls all go to the PSCI handler and + * are never emulated to trap into guest code. It therefore does not + * make sense for the board to have a setup code fragment that runs + * in Secure, because this will probably need to itself issue an SMC of some + * kind as part of its operation. + */ + assert(info->psci_conduit == QEMU_PSCI_CONDUIT_DISABLED || + !info->secure_board_setup); + /* Boot into highest supported EL ... */ if (arm_feature(env, ARM_FEATURE_EL3)) { boot_el = 3; -- cgit v1.1