[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] [RFC v2 3/6] xen/arm: Allow platform_hvc to handle guest SMC calls
Hi Tamas, On 02/09/2017 06:11 PM, Tamas K Lengyel wrote:
On Wed, Feb 8, 2017 at 5:08 PM, Julien Grall <julien.grall@xxxxxxx> wrote:On 08/02/2017 23:28, Tamas K Lengyel wrote:On Wed, Feb 8, 2017 at 3:04 PM, Julien Grall <julien.grall@xxxxxxx> wrote:You haven't understood my point. Xen is currently emulating PSCI call for the guest to allow powering up and down the CPUs and other stuff. If you decide to trap all the SMCs, you would have to handle them.Sure, it's more work on the monitor side, but other then that, what's the problem?
Because you will have to introduce hypercalls to get all the necessary information from Xen that will not be available from outside.
Given that SMC has been designed to target different services (PSCI, Trusted OS...) it would be normal to have monitor app only monitoring a certain set of SMC call. You cannot deny a such use case as it would avoid an monitor app to handle every single call that would be consumed by XEN but not forwarded to the secure firmware.
And yes it is emulation as you don't seem to be willing passing those SMC to the firmware or even back to Xen. If we expect a VM to emulate a trusted firmware, then you have a security problem. Some hardware may be only accessible through the secure world and I doubt some trusted app vendor will be willing to move cryptography stuff in non secure world. I would highly recommend to skim through the OP-TEE thread, it will provide you some insights of the constraints.The firmware is not hardware, it's just a piece of code that has been baked into the board in some manner. Emulation in my book is doing in software what hardware is supposed to do. I don't expect all vendors to be happy to move their proprietary whatever to a VM. Again, this is an experimental setup with no real world applications at the moment. As for certain hardware being only accessible from the TZ, in that case the monitor application would have to call into the firmware. My setup doesn't prohibit using the TZ, it just prohibits it being accessible from untrusted guests directly.
To be honest, I am not here to criticize your project or else. I am just trying to explain you there are other potential use cases and we should not ignore them.
I am also not expecting none of the person involved in the thread to write the code now. However, it is always good to have a full view and get a direction how it should go.
Cheers, -- Julien Grall _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
Lists.xenproject.org is hosted with RackSpace, monitoring our