(1) I intrrrupt the cpu in UEFI (EL2) by press enter key when the serial outputs the following message.
NOTICE: Booting Trusted Firmware
NOTICE: BL1: v1.0(release):14b6608
NOTICE: BL1: Built : 14:15:51, Sep 1 2014
NOTICE: BL1: Booting BL2
NOTICE: BL2: v1.0(release):14b6608
NOTICE: BL2: Built : 14:15:51, Sep 1 2014
NOTICE: BL1: Booting BL3-1
NOTICE: BL3-1: v1.0(release):14b6608
NOTICE: BL3-1: Built : 14:15:53, Sep 1 2014
UEFI firmware (version v2.1 built at 14:41:56 on Oct 23 2014)
The default boot selection will start in 9 seconds
[1] Linux from NOR Flash
[2] Shell
[3] Boot Manager
(2)I follow the tutorial(Running Bare-Metal code at EL3 on the Juno board) to switch to EL3.
(3)I modified the example project "startup_ARMv8_AArch64_with_AArch32_app" which is located in the example folder of DS5 installation folder.
It's aimed not to initial the GIC. I download the file "AArch64_startup.axf" at EL3.
(4)I set the PC to the entry point and set a breakpoint to the following "eret" instruction. I step the eret instuction when it runs to the breakpoint.
PC register changed to the value of "__main", but the CPSR is still EL3h. It failed to switch to SVC mode.
PS:I also run the program in the VE_AEMv8x4 Brae-Metal simulation envirionment and it successed to switch to SVC mode.
drop_primary_to_el1:
ldr x1, lit___main
msr ELR_EL3, x1
mov x1, #(AArch32_Mode_SVC | \
AARCH64_SPSR_F | \
AARCH64_SPSR_I | \
AARCH64_SPSR_A)
msr SPSR_EL3, x1
eret
The problem is why it failed to switch from EL3 to SVC mode.
Hi Martin:
1. Will illegal exception result in branching to vector table entry pointed by the VBAR ? The PC register changed to the value of __main rather than the vector table.
It seems that there isn't any illegal exception.
2.The following suggestion is from support <support@arm.com>.
Please can you confirm the following at the point that the ERET is executed:
1) SCR_EL3.RW is set to 1
2) HCR_EL2.RW is cleared to 0
3) SCTLR_EL2 is cleared to 0
4) SCTLR_EL1 is cleared to 0
3.I modified the code following the suggestion.
start64: //entry point
MRS X0, SCR_EL3
ORR X0, X0, #(1 << 10) // Set SCR_EL3.RW
MSR SCR_EL3, X0
MRS X1, HCR_EL2
AND X1, X1, #~(1 << 31) // Clear HCR_EL2.RW
MSR HCR_EL2, X1
MSR SCTLR_EL2, XZR
MSR SCTLR_EL1, XZR
ISB
//read the system control registers
mrs x1, SCR_EL3
mrs x2, HCR_EL2
mrs x3, SCTLR_EL2
mrs x4, SCTLR_EL1
drop_primary_to_el1_:
4.It also failed to switch from EL3 to SVC mode. The result is the same as last time.
Hello,
Please can you confirm the value defined for the 'AArch32_Mode_SVC' constant? It should be 0b10011. Note that this is a 5-bit constant, *NOT* a 4-bit constant.
It's possible that 'AArch32_Mode_SVC' has only been defined as 0b0011, which does correspond to AArch32 Supervisor mode, but that will fail to set bit M[4] of SPSR_EL3, which is required when performing an exception return to AArch32 state.
Ash.
__mike wrote: Hi Martin: 1. Will illegal exception result in branching to vector table entry pointed by the VBAR ? The PC register changed to the value of __main rather than the vector table. It seems that there isn't any illegal exception.
__mike wrote:
Eventually, yes, it will take you the vector table.
When you perform an illegal exception return, the PC gets set to the ELR_ELn value but with PSTATE.IL=1. Meaning that it then triggers an exception, taking you to the vector table. This is why the ELR_ELn from this exception points at the destination of the illegal exception return and not the ERET.
So, you can still see the PC going to the destination - but if you checked the current EL/execution state it will still be the EL/execution state from before the ERET.
1.Yes,you are right! I chech the PSTATE.IL and it becomes 1'b1 after the eret is executed. I set the PC againt to the entry point. The PC will go to the vector table after one step.
2.I check these registers again and find that HCR_EL2.TGE,bit[27] is 1'b1. The V8 architecture document shows that an exception return to EL1 is treated as an illegal exception return if
this bit is set.
3.I clear HCR_EL2.TGE before eret and it succeeded to switch from EL3 to SVC mode.