efi_loader: ARM: don't attempt to enter non-secure mode twice Multiple EFI binaries may be executed in sequence. So if we already are in non-secure mode after running the first one we should skip the switching code since it no longer works once we're non-secure. Signed-off-by: Mark Kettenis <kettenis@openbsd.org> Signed-off-by: Alexander Graf <agraf@suse.de>

commit: f17f2001ebe1e8a78e0ef0f99e63134f91ee1354 [log] [tgz]
author: Mark Kettenis <kettenis@openbsd.org> Fri Jun 15 23:47:13 2018 +0200
committer: Alexander Graf <agraf@suse.de> Wed Jul 25 14:57:43 2018 +0200
tree: bb7707d4d5a0c5a79313b69b520f17ddb357998a
parent: dc500c369486fbe04000fd325c46bb309e4a1827 [diff]
diff --git a/cmd/bootefi.c b/cmd/bootefi.c
index c8c2564..bbfea91 100644
--- a/cmd/bootefi.c
+++ b/cmd/bootefi.c

@@ -200,6 +200,8 @@
 #endif
 
 #ifdef CONFIG_ARMV7_NONSEC
+static bool is_nonsec;
+
 static efi_status_t efi_run_in_hyp(EFIAPI efi_status_t (*entry)(
 			efi_handle_t image_handle, struct efi_system_table *st),
 			efi_handle_t image_handle, struct efi_system_table *st)
@@ -207,6 +209,8 @@
 	/* Enable caches again */
 	dcache_enable();
 
+	is_nonsec = true;
+
 	return efi_do_enter(image_handle, st, entry);
 }
 #endif
@@ -368,7 +372,7 @@
 #endif
 
 #ifdef CONFIG_ARMV7_NONSEC
-	if (armv7_boot_nonsec()) {
+	if (armv7_boot_nonsec() && !is_nonsec) {
 		dcache_disable();	/* flush cache before switch to HYP */
 
 		armv7_init_nonsec();
commit	f17f2001ebe1e8a78e0ef0f99e63134f91ee1354	[log] [tgz]
author	Mark Kettenis <kettenis@openbsd.org>	Fri Jun 15 23:47:13 2018 +0200
committer	Alexander Graf <agraf@suse.de>	Wed Jul 25 14:57:43 2018 +0200
tree	bb7707d4d5a0c5a79313b69b520f17ddb357998a
parent	dc500c369486fbe04000fd325c46bb309e4a1827 [diff]