You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On H616 with the secure boot fuse set, FEL starts in non-secure
state. The older direct SMC workaround is not sufficient there because
SMC returns through monitor mode instead of directly leaving the BROM
FEL command loop in secure SVC state.
Add a secure-SVC return thunk for this case and keep the existing
global startup workaround model. The thunk issues the SMC, switches
from monitor mode to secure SVC with the banked SP/LR restored,
restores the secure GIC view expected by the BROM, and returns to the
FEL command loop. It uses the same SRAM swap-table convention as the
SPL thunk to preserve the H616 BROM SRAM workspace while the uploaded
code runs and returns to FEL.
After the transition, the normal runtime probe sees secure state and
suppresses repeat application in that sunxi-fel process, so normal SID
reads and SPL execution use the existing code paths.
H616 selects the secure-SVC thunk path and gates the workaround on a
non-zero secure boot status word at SID base + 0xa0. The zero-word
runtime probe still has to match before the thunk is applied, so
non-secure H616 boards and already-transitioned secure-FEL sessions do
not enter the secure path just because one of those checks matches.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
0 commit comments