Hi all,
I want to find a register which will specifically control the Secure Stage 2 translation. But Arm document does not provide it.
I find that a register, called HCR_EL2, will control the Stage 2 translation. But the document didn't mention which secure type it will control. Thus, does the Non-secure hypervisor (like KVM) influence the Secure Stage-2 address translation? For example, disabling it through HCR_EL2?
Sincerely, WANG Chenxu
Hi,
See below [OD]
Regards, Olivier.
________________________________________ From: Chenxu Wang via Hafnium hafnium@lists.trustedfirmware.org Sent: 30 May 2022 10:47 To: Chenxu Wang via Hafnium Subject: [Hafnium] Question about HCR_EL2 reg.
Hi all,
I want to find a register which will specifically control the Secure Stage 2 translation. But Arm document does not provide it. I find that a register, called HCR_EL2, will control the Stage 2 translation. But the document didn't mention which secure type it will control.
[OD] HCR_EL2.VM enables EL1&0 Stage-2 translations in either world. When this bit is set in S-EL2/1/0, then a secure VM ( or 'secure partition') has S2 translations enabled.
Thus, does the Non-secure hypervisor (like KVM) influence the Secure Stage-2 address translation? For example, disabling it through HCR_EL2?
[OD] Both NS-EL2 and S-EL2 maintain their own copies of HCR_EL2 register. This register is updated to the respective Hypervisor (at NS-EL2) or SPM (at S-EL2) value upon world switches. So KVM in the normal world cannot influence enabling/disabling secure S2 translations. HCR_EL2 in the normal world controls the non-secure EL1&0 stage2 translation regime.
Sincerely, WANG Chenxu -- Hafnium mailing list -- hafnium@lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave@lists.trustedfirmware.org
Hi Chenxu,
It sounds like you might be looking for VTCR_EL2 (Arm developer's link https://developer.arm.com/documentation/ddi0595/2020-12/AArch64-Registers/VT...).
Similarly to what Olivier mentioned for the HCR_EL2 register: the VTCR_EL is also used by both Hypervisor and Secure Hypervisor. Each should hold its own configuration setting, and restore it on entry to its respective security state. I.e. on entry to the Secure World, the Secure Hypervisor sets its configuration to VTCR_EL2; on entry to the Normal World, the Hypervisor sets its configuration for VTCR_EL2.
Best regards, João Alves
________________________________ From: Olivier Deprez via Hafnium hafnium@lists.trustedfirmware.org Sent: Monday, May 30, 2022 10:07 AM To: Chenxu Wang via Hafnium hafnium@lists.trustedfirmware.org; Chenxu Wang irakatz51@gmail.com Subject: [Hafnium] Re: Question about HCR_EL2 reg.
Hi,
See below [OD]
Regards, Olivier.
________________________________________ From: Chenxu Wang via Hafnium hafnium@lists.trustedfirmware.org Sent: 30 May 2022 10:47 To: Chenxu Wang via Hafnium Subject: [Hafnium] Question about HCR_EL2 reg.
Hi all,
I want to find a register which will specifically control the Secure Stage 2 translation. But Arm document does not provide it. I find that a register, called HCR_EL2, will control the Stage 2 translation. But the document didn't mention which secure type it will control.
[OD] HCR_EL2.VM enables EL1&0 Stage-2 translations in either world. When this bit is set in S-EL2/1/0, then a secure VM ( or 'secure partition') has S2 translations enabled.
Thus, does the Non-secure hypervisor (like KVM) influence the Secure Stage-2 address translation? For example, disabling it through HCR_EL2?
[OD] Both NS-EL2 and S-EL2 maintain their own copies of HCR_EL2 register. This register is updated to the respective Hypervisor (at NS-EL2) or SPM (at S-EL2) value upon world switches. So KVM in the normal world cannot influence enabling/disabling secure S2 translations. HCR_EL2 in the normal world controls the non-secure EL1&0 stage2 translation regime.
Sincerely, WANG Chenxu -- Hafnium mailing list -- hafnium@lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave@lists.trustedfirmware.org -- Hafnium mailing list -- hafnium@lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave@lists.trustedfirmware.org
hafnium@lists.trustedfirmware.org
-
Chenxu Wang -
Joao Alves -
Olivier Deprez