ARMv7 HCR bit 31 (RW) shall be UNK/SBZP

When writing HCR on ARMv7, QEMU automatically sets bit 31 because of the missing feature bit aa64_aa32_el1, see here. Bit HCR_RW shall be UNK/SBZP which means Hardware must implement the bit as Read-As-Zero, and must ignore writes to the field.

I suggest to move applying the valid_mask (lines 3698..3700) after setting HCR_RW.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information