The CPU succesfully switches to EL1h, non-secure. But the el1_entry is never called. I don't know why. If using secure el1, the el1_entry gets called. Compiled using clang -c boot.S -o boot.o, and linked with ld. Any help would be appreciated.
global _Entry
_Entry:
mrs x0, scr_el3
orr x0, x0, #(1 << 10)
orr x0, x0, #(1 << 0)
msr scr_el3, x0
mov x0, #0b00101
msr spsr_el3, x0
adr x1, el1_entry
msr elr_el3, x1
eret
el1_entry:
ldr x15, =0xdeadbeef
b .
Also, the generated image is converted to binary file, and used qemu-system-aarch64 -M virt,secure=on -cpu cortex-a55 -m 128M -bios boot.bin