ARM: bootm: Allow booting in secure mode on hyp capable systems
Older Linux kernels will not properly boot in hyp mode, add support for a
bootm_boot_mode environment variable, which can be set to "sec" or "nonsec"
to force booting in secure or non-secure mode when build with non-sec support.
The default behavior can be selected through CONFIG_ARMV7_BOOT_SEC_DEFAULT,
when this is set booting in secure mode is the default. The default setting
for this Kconfig option is N, preserving the current behavior of booting in
non-secure mode by default when non-secure mode is supported.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Acked-by: Siarhei Siamashka <siarhei.siamashka@gmail.com>
diff --git a/arch/arm/cpu/armv7/Kconfig b/arch/arm/cpu/armv7/Kconfig
index 15c5155..61e7c82 100644
--- a/arch/arm/cpu/armv7/Kconfig
+++ b/arch/arm/cpu/armv7/Kconfig
@@ -13,6 +13,17 @@
---help---
Say Y here to enable support for booting in non-secure / SVC mode.
+config ARMV7_BOOT_SEC_DEFAULT
+ boolean "Boot in secure mode by default" if EXPERT
+ depends on ARMV7_NONSEC
+ default n
+ ---help---
+ Say Y here to boot in secure mode by default even if non-secure mode
+ is supported. This option is useful to boot kernels which do not
+ suppport booting in non-secure mode. Only set this if you need it.
+ This can be overriden at run-time by setting the bootm_boot_mode env.
+ variable to "sec" or "nonsec".
+
config ARMV7_VIRT
boolean "Enable support for hardware virtualization" if EXPERT
depends on CPU_V7_HAS_VIRT && ARMV7_NONSEC