boot2

Playing with the boostrap
git clone https://git.ryansepassi.com/git/boot2.git
Log | Files | Refs | README
commit 7aab93aa0fdde3db4b9fd0ed9362b80479a7cba3
parent edbce4510998845c7ed2641373981a3167d0e7bd
Author: Ryan Sepassi <rsepassi@gmail.com>
Date:   Tue,  5 May 2026 11:08:28 -0700

boot.sh e2e kernel + podman

Diffstat:

Mscripts/boot.sh | 24++++++++++++++++++++++++


Mseed-kernel/start.S | 33+++++++++++++++++++++++++++++++--


2 files changed, 55 insertions(+), 2 deletions(-)

diff --git a/scripts/boot.sh b/scripts/boot.sh
@@ -1,8 +1,32 @@
 #!/bin/sh
+## boot.sh — drive boot0 → boot5 end-to-end under one driver.
+##
+## Usage:  scripts/boot.sh <arch>
+##         DRIVER=seed   scripts/boot.sh aarch64
+##         DRIVER=podman scripts/boot.sh <amd64|aarch64|riscv64>
+##
+## DRIVER (default podman) is exported and consumed by each bootN.sh.
+## DRIVER=seed is aarch64-only and requires seed-kernel/build/Image.
 
 set -ex
 
 ARCH=$1
+DRIVER=${DRIVER:-podman}
+
+case "$DRIVER" in
+    podman) ;;
+    seed)
+        [ "$ARCH" = aarch64 ] || { echo "[boot] DRIVER=seed: aarch64 only" >&2; exit 2; }
+        if [ ! -f seed-kernel/build/Image ]; then
+            echo "[boot] building seed-kernel/build/Image"
+            podman run --rm --pull=never --platform linux/arm64 \
+                -v "$PWD/seed-kernel:/work" -w /work boot2-alpine-gcc:aarch64 \
+                sh -c 'apk add --no-progress --quiet make >/dev/null 2>&1; make -s'
+        fi
+        ;;
+    *)  echo "[boot] unknown DRIVER=$DRIVER (expected podman|seed)" >&2; exit 2 ;;
+esac
+export DRIVER
 
 rm -rf build/$ARCH
 
diff --git a/seed-kernel/start.S b/seed-kernel/start.S
@@ -195,10 +195,39 @@ eret_to_user:
     msr     elr_el1, x0
     mov     x9, #0x3c4              /* EL1t, DAIF=1111 */
     msr     spsr_el1, x9
-    /* Clear all GP regs so user starts clean (except x0..argc handled
-     * via the SysV stack layout, which the user reads directly). */
+    /* Clear all GP regs so user starts clean. argc/argv come in via the
+     * SysV stack layout, which the user reads directly off SP_EL0. Some
+     * boot0/1 seed-stage binaries (notably M0) read xN before any write,
+     * so leaking kernel register state past the eret would fault them. */
     mov     x0,  xzr
     mov     x1,  xzr
     mov     x2,  xzr
     mov     x3,  xzr
+    mov     x4,  xzr
+    mov     x5,  xzr
+    mov     x6,  xzr
+    mov     x7,  xzr
+    mov     x8,  xzr
+    mov     x9,  xzr
+    mov     x10, xzr
+    mov     x11, xzr
+    mov     x12, xzr
+    mov     x13, xzr
+    mov     x14, xzr
+    mov     x15, xzr
+    mov     x16, xzr
+    mov     x17, xzr
+    mov     x18, xzr
+    mov     x19, xzr
+    mov     x20, xzr
+    mov     x21, xzr
+    mov     x22, xzr
+    mov     x23, xzr
+    mov     x24, xzr
+    mov     x25, xzr
+    mov     x26, xzr
+    mov     x27, xzr
+    mov     x28, xzr
+    mov     x29, xzr
+    mov     x30, xzr
     eret