From 655b780f48c420ead607d328c97ba8fdab17ff73 Mon Sep 17 00:00:00 2001
From: Greg Bellows <greg.bellows@linaro.org>
Date: Sun, 11 Mar 2018 14:06:47 -0400
Subject: [PATCH] target-arm: Add virt machine secure property

Add "secure" virt machine specific property to allow override of the
default secure state configuration. By default, when using the QEMU
-kernel command line argument, virt machines boot into NS/SVC. When using
the QEMU -bios command line argument, virt machines boot into S/SVC.

The secure state can be changed from the default specifying the secure
state as a machine property. For example, the below command line would disable
security extensions on a -kernel Linux boot:

aarch64-softmmu/qemu-system-aarch64
-machine type=virt,secure=off
-kernel ...

Backports commit 083a58906cb32731dd98a93fcf451ec7718c0924 from qemu
---
 qemu/hw/arm/virt.c | 35 ++++++++++++++++++++++++++++++++++-
 1 file changed, 34 insertions(+), 1 deletion(-)

diff --git a/qemu/hw/arm/virt.c b/qemu/hw/arm/virt.c
index 64fca456..3d21d069 100644
--- a/qemu/hw/arm/virt.c
+++ b/qemu/hw/arm/virt.c
@@ -47,6 +47,7 @@ typedef struct {
 
 typedef struct {
     MachineState parent;
+    bool secure;
 } VirtMachineState;
 
 #define TYPE_VIRT_MACHINE   "virt"
@@ -83,6 +84,38 @@ static int machvirt_init(struct uc_struct *uc, MachineState *machine)
     return 0;
 }
 
+static QEMU_UNUSED_FUNC bool virt_get_secure(struct uc_struct *uc, Object *obj, Error **errp)
+{
+    VirtMachineState *vms = VIRT_MACHINE(uc, obj);
+
+    return vms->secure;
+}
+
+static QEMU_UNUSED_FUNC int virt_set_secure(struct uc_struct *uc, Object *obj, bool value, Error **errp)
+{
+    VirtMachineState *vms = VIRT_MACHINE(uc, obj);
+
+    vms->secure = value;
+    return 0;
+}
+
+static void virt_instance_init(struct uc_struct *uc, Object *obj, void *opaque)
+{
+    VirtMachineState *vms = VIRT_MACHINE(uc, obj);
+
+    /* EL3 is enabled by default on virt */
+    vms->secure = true;
+
+    /* Unicorn: should be uncommented, but causes linkage errors :/
+    object_property_add_bool(uc, obj, "secure", virt_get_secure,
+                             virt_set_secure, NULL);
+    object_property_set_description(uc, obj, "secure",
+                                    "Set on/off to enable/disable the ARM "
+                                    "Security Extensions (TrustZone)",
+                                    NULL);
+    */
+}
+
 static void virt_class_init(struct uc_struct *uc, ObjectClass *oc, void *data)
 {
     MachineClass *mc = MACHINE_CLASS(uc, oc);
@@ -102,7 +135,7 @@ static const TypeInfo machvirt_info = {
     sizeof(VirtMachineState),
     NULL,
 
-    NULL,
+    virt_instance_init,
     NULL,
     NULL,