Thanks for the quick, informative reply. I noticed that Microkit also explicitly requires EL2 support and has comments to that effect in its build tool (and gives an error if you try to turn it off in the build config). Microkit isn't well-suited for my purposes, except as a reference for how to create a system build, and the recommendation when building the Microkit SDK itself to download the ARM GCC cross-compiler tools for aarch64-none-elf, which seems like a slightly more appropriate build target than the aarch64-unknown-linux-gnu tools from someone's Homebrew repo that the Microkit tutorial recommended. Jake On Wed, Oct 22, 2025 at 8:06 PM Julia Vassiliki <julia.vassiliki@unsw.edu.au> wrote:
Hi Jake
Regarding SMP on QEMU, yes, it is currently the case that the elfloader (not part of seL4 itself) does not support SMP *without* HYP. See for reference https://github.com/seL4/seL4/pull/1275.
Note that you can still use a non-hyp build of seL4 in QEMU with hypervisor mode turned on. I'm not sure if you can do this with elfloader, but the microkit loader works this way, and can drop privilege level from EL2 to EL1 when booting the kernel.
tldr; yes currently HVC doesn't work, and we need to add support to the elfloader for it.
The one area of seL4 that I know I will need to modify will be to add a 32-bit ARM mode for running existing RISC OS software and modules. The only special criteria it needs to have is to route all SWI (SVC) calls to a fault handler so I can pass them to either a 32-bit handler or to the new 64-bit SWI handlers that I'll hopefully be able to start porting one at a time from the original A32 code.
For running A32 code atop of an Aarch64 kernel, I'm not certain what's required there, but any exceptions such as SVC that are not allowed in EL0 should be sent as a fault to the registered fault handler for such a thread (likely as an UserException), so should be fine.
Julia
(P.S. Sorry for the double email, Jake, I forgot to reply All).
________________________________________ From: Jake Hamby via Devel <devel@sel4.systems> Sent: Thursday, 23 October 2025 11:09 To: devel@sel4.systems Subject: [seL4] "HVC is not supported for PSCI!" error for SMP on QEMU
I've just started looking at seL4 for a hobby project to port RISC OS to run on 64-bit ARM. Since the OS is written primarily in 32-bit ARM assembly language, that means rewriting a lot of code in C, which is fine since I won't be having to write the supervisor-mode code that seL4 handles (the most difficult part to get right).
I'm still working through the seL4 tutorials, and I'm sure I'll have more questions later, but here's an easy one that maybe someone can provide context for. When I tried running a tutorial in QEMU with SMP enabled, it failed with "HVC is not supported for PSCI!" Some investigation revealed that ARM has two different opcodes to make the same calls to the PSCI interface to turn on the other CPU cores. The only difference is HVC goes to EL2 and SMC goes to EL3. As part of the build, QEMU dumps a device tree that specifically defines "hvc" as the method to use. I also noticed the Raspberry Pi device trees have no "psci' nodes.
I can patch seL4 to only work with HVC by patching the check and the assembly file to use "hvc" instead of "smc" but it'd be nice if there were a build config option to specify one or the other method for making PSCI calls, and then fail at runtime if the other method was found, especially since QEMU is so popular for testing that I assume people run into this often. It'd be a small #ifdef to require and use one or the other opcode.
The one area of seL4 that I know I will need to modify will be to add a 32-bit ARM mode for running existing RISC OS software and modules. The only special criteria it needs to have is to route all SWI (SVC) calls to a fault handler so I can pass them to either a 32-bit handler or to the new 64-bit SWI handlers that I'll hopefully be able to start porting one at a time from the original A32 code. The 32-bit SWI handler can get/set the input/output parameters from the machine registers in the TCB, so that part's straightforward. I'll need to do some fakery for 32-bit code that wants to run in supervisor mode, to fake success when it calls privileged instructions.
I'll know more as I continue designing and start implementing code. Unfortunately there'll eventually need to be an A32/T32 emulation mode of some sort for 64-bit only ARM CPUs like Apple's M-series, but that can come later, and I can use QEMU's CPU emulation until then (as opposed to hypervisor mode with "-accel hvf", which is 64-bit only). Also, I know the Raspberry Pi 5 that I want to support can run 32-bit ARM code at EL0 only, which is all I need.
If anyone has suggestions or can see some fatal flaws in my assumptions, please let me know.
Best regards, Jake Hamby _______________________________________________ Devel mailing list -- devel@sel4.systems To unsubscribe send an email to devel-leave@sel4.systems
This email and any files transmitted with it may contain confidential information. If you believe you have received this email or any of its contents in error, please notify me immediately by return email and destroy this email. Do not use, disseminate, forward, print or copy any contents of an email received in error.