I have successfully moved from EL3 to EL2. After doing some initialization I am trying to move from EL2 into EL1 with a very simple guest image. My process looks like:
However, after the eret the machine will immediately trigger an instruction prefetch abort with FAR equal to the load address. From the looks of it, I don't think the hardware ever left EL2. In fact, esr_el2 has IL set, which indicates an illegal configuration (though I am confused as to why it did not manifest as an UNKNOWN exception (EC = 0x00) instead.
While debugging this I tried a few cases that seemed relevant:
In all failure cases the hardware throws the same instruction abort (EC = 0x21)
Am I missing a step?
Without enabling stage2 translation the IPA==PA, and with the MMU turned off I was expecting it to not be a necessary step.
Why don't you look up code doing it? Could be bootloader or kernel. Excerpt from Uboot arch/arm/include/asm/macro.h
.macro armv8_switch_to_el1_m, xreg1, xreg2 /* Initialize Generic Timers */ mrs \xreg1, cnthctl_el2 orr \xreg1, \xreg1, #0x3 /* Enable EL1 access to timers */ msr cnthctl_el2, \xreg1 msr cntvoff_el2, xzr /* Initilize MPID/MPIDR registers */ mrs \xreg1, midr_el1 mrs \xreg2, mpidr_el1 msr vpidr_el2, \xreg1 msr vmpidr_el2, \xreg2 /* Disable coprocessor traps */ mov \xreg1, #0x33ff msr cptr_el2, \xreg1 /* Disable coprocessor traps to EL2 */ msr hstr_el2, xzr /* Disable coprocessor traps to EL2 */ mov \xreg1, #3 << 20 msr cpacr_el1, \xreg1 /* Enable FP/SIMD at EL1 */ /* Initialize HCR_EL2 */ mov \xreg1, #(1 << 31) /* 64bit EL1 */ orr \xreg1, \xreg1, #(1 << 29) /* Disable HVC */ msr hcr_el2, \xreg1 /* SCTLR_EL1 initialization * * setting RES1 bits (29,28,23,22,20,11) to 1 * and RES0 bits (31,30,27,21,17,13,10,6) + * UCI,EE,EOE,WXN,nTWE,nTWI,UCT,DZE,I,UMA,SED,ITD, * CP15BEN,SA0,SA,C,A,M to 0 */ mov \xreg1, #0x0800 movk \xreg1, #0x30d0, lsl #16 msr sctlr_el1, \xreg1 /* Return to the EL1_SP1 mode from EL2 */ mov \xreg1, sp msr sp_el1, \xreg1 /* Migrate SP */ mrs \xreg1, vbar_el2 msr vbar_el1, \xreg1 /* Migrate VBAR */ mov \xreg1, #0x3c5 msr spsr_el2, \xreg1 /* EL1_SP1 | D | A | I | F */ msr elr_el2, lr eret .endm