[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Xen ARM - Exposing a PL011 to the guest
Hello Julien, On 30 November 2016 at 17:29, Julien Grall <julien.grall@xxxxxxx> wrote: [...] > I think we can distinct two places where the PL011 could be emulated: > in the hypervisor, or outside the hypervisor. > > Emulating the UART in the hypervisor means that we take the risk to increase > to the attack surface of Xen if there is a bug in the emulation code. The > attack surface could be reduced by emulating the UART in another exception > level (e.g EL1, EL0) but still under the control of the hypervisor. Usually > the guest is communicating between with xenconsoled using a ring. For the > first console this could be discovered using hypercall HVMOP_get_param. For > the second and onwards, it described in xenstore. I would not worry too much > about emulating multiple PL011s, so we could implement the PV frontend in > Xen. > [...] > I would lean towards the first solution if we implement all the security > safety I mentioned. Although, the second solution would be a good move if we > decide to implement more devices (e.g RTC, pflash) in the future. > > Do you have any opinions? Looks like this topic have some in common with OP-TEE thread. I like first solution, because if there will be easy and reliable way to run code in XEN's EL1/EL0, then this will be ideal solution for TEE emulation/mediation layer. So, if you'll choose this way, please bear in mind other uses, like TEE emulation. -- WBR Volodymyr Babchuk aka lorc [+380976646013] mailto: vlad.babchuk@xxxxxxxxx _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |