[monocasa]

Does that Trap SMC bit in SYS_APL_HID1_EL1 let you setup a poor man's PSCI even though there's no real EL3? Or is that something different?

And do you think that all those HIDn registers are more PASemi legacy? The PowerPCs are known for HID SPRs being a grab bag of random one off features and chicken bits in a very similar way.

[marcan_42]

It still needs to trap to somewhere - e.g. a hypervisor at EL2. But then PSCI can run over HVC anyway, so it doesn't make much of a difference, though being able to pretend EL3 exists from EL2 is nifty. We still lose VM functionality if we run all this at EL2 and the OS at EL1.

I do think the HID register naming scheme comes straight from PowerPC. So does their "DART" IOMMU (again just a name thing, unrelated to the old PowerPC DART IOMMU). A much more interesting question is how much the M1 design directly derives from those older PASemi PPC cores (beyond names and such which could just be a little nod); that's much harder to know, but I'm interested in any hints that might point in that direction :)

[monocasa]

WRT SMC, I guess I figured it'd be used to put some firmware code in EL2, but not be the exclusive owner of EL2 if that's possible. Cut out a reserved region of mem in m1n1 or u-boot, and an EL2 SMC call would simply be a jump to that code without a mode switch. You'd see that kinda thing in some older ARM RTOSes which would run everything at the same privilege level, but use SWI as a core executive invoke. Of course now that I've typed this all out I realize that I was kinda assuming that there'd be some SMC-hack specific vector table that it could own, but it probably traps to the normal EL2 one which I think is what you're hinting at...

Anyways, is there anything that a systems engineer with RE experience and isn't looking for any of y'all's donations can do to help out? I'm between jobs and it seems like fun.