(1) I intrrrupt the cpu in UEFI (EL2) by press enter key when the serial outputs the following message.
NOTICE: Booting Trusted Firmware
NOTICE: BL1: v1.0(release):14b6608
NOTICE: BL1: Built : 14:15:51, Sep 1 2014
NOTICE: BL1: Booting BL2
NOTICE: BL2: v1.0(release):14b6608
NOTICE: BL2: Built : 14:15:51, Sep 1 2014
NOTICE: BL1: Booting BL3-1
NOTICE: BL3-1: v1.0(release):14b6608
NOTICE: BL3-1: Built : 14:15:53, Sep 1 2014
UEFI firmware (version v2.1 built at 14:41:56 on Oct 23 2014)
The default boot selection will start in 9 seconds
[1] Linux from NOR Flash
[2] Shell
[3] Boot Manager
(2)I follow the tutorial(Running Bare-Metal code at EL3 on the Juno board) to switch to EL3.
(3)I modified the example project "startup_ARMv8_AArch64_with_AArch32_app" which is located in the example folder of DS5 installation folder.
It's aimed not to initial the GIC. I download the file "AArch64_startup.axf" at EL3.
(4)I set the PC to the entry point and set a breakpoint to the following "eret" instruction. I step the eret instuction when it runs to the breakpoint.
PC register changed to the value of "__main", but the CPSR is still EL3h. It failed to switch to SVC mode.
PS:I also run the program in the VE_AEMv8x4 Brae-Metal simulation envirionment and it successed to switch to SVC mode.
drop_primary_to_el1:
ldr x1, lit___main
msr ELR_EL3, x1
mov x1, #(AArch32_Mode_SVC | \
AARCH64_SPSR_F | \
AARCH64_SPSR_I | \
AARCH64_SPSR_A)
msr SPSR_EL3, x1
eret
The problem is why it failed to switch from EL3 to SVC mode.
__mike wrote: Hi Martin: 1. Will illegal exception result in branching to vector table entry pointed by the VBAR ? The PC register changed to the value of __main rather than the vector table. It seems that there isn't any illegal exception.
__mike wrote:
Hi Martin:
1. Will illegal exception result in branching to vector table entry pointed by the VBAR ? The PC register changed to the value of __main rather than the vector table.
It seems that there isn't any illegal exception.
Eventually, yes, it will take you the vector table.
When you perform an illegal exception return, the PC gets set to the ELR_ELn value but with PSTATE.IL=1. Meaning that it then triggers an exception, taking you to the vector table. This is why the ELR_ELn from this exception points at the destination of the illegal exception return and not the ERET.
So, you can still see the PC going to the destination - but if you checked the current EL/execution state it will still be the EL/execution state from before the ERET.
1.Yes,you are right! I chech the PSTATE.IL and it becomes 1'b1 after the eret is executed. I set the PC againt to the entry point. The PC will go to the vector table after one step.
2.I check these registers again and find that HCR_EL2.TGE,bit[27] is 1'b1. The V8 architecture document shows that an exception return to EL1 is treated as an illegal exception return if
this bit is set.
3.I clear HCR_EL2.TGE before eret and it succeeded to switch from EL3 to SVC mode.