I have successfully moved from EL3 to EL2. After doing some initialization I am trying to move from EL2 into EL1 with a very simple guest image. My process looks like:
However, after the eret the machine will immediately trigger an instruction prefetch abort with FAR equal to the load address. From the looks of it, I don't think the hardware ever left EL2. In fact, esr_el2 has IL set, which indicates an illegal configuration (though I am confused as to why it did not manifest as an UNKNOWN exception (EC = 0x00) instead.
While debugging this I tried a few cases that seemed relevant:
In all failure cases the hardware throws the same instruction abort (EC = 0x21)
Am I missing a step?