Xen project Mailing List

Re: [Xen-devel] [RFC 0/4] TEE mediator framework + OP-TEE mediator

To: Stefano Stabellini <sstabellini@xxxxxxxxxx>

From: Julien Grall <julien.grall@xxxxxxxxxx>

Date: Fri, 27 Oct 2017 21:06:45 +0100

Cc: Julien Grall <julien.grall@xxxxxxx>, nd@xxxxxxx, Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, xen-devel@xxxxxxxxxxxxx

Delivery-date: Fri, 27 Oct 2017 20:06:52 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 27 Oct 2017 20:59, "Stefano Stabellini" <sstabellini@xxxxxxxxxx> wrote:

On Fri, 27 Oct 2017, Julien Grall wrote:
> Hi,
>
> Just answering to dom0 been 1:1 domain.
>
> On 24/10/17 22:33, Stefano Stabellini wrote:
> > On Tue, 24 Oct 2017, Volodymyr Babchuk wrote:
> > > > For this series, I think we need a way to specify which domains can talk
> > > > to TEE, so that we can only allow it for a specific subset of DomUs. I
> > > > would probably use XSM for that.
> > > I am afraid, this is not possible. As other domains aren't 1:1 mapped,
> > > I need to have special translation code in mediator. Actually, I'm
> > > writing it rigth now to test my changes in OP-TEE. But event this is
> > > not enought for decent OP-TEE support.
> > > What can be done right now: 100% Dom0-only support with vanilla
> > > OP-TEE (i.e. no virtualization support in OP-TEE is needed). This is
> > > even simplier task, so I can throw out some code from this patch
> > > series. On other hand, in the future this will lead to sutiation when
> > > two mediators for the same TEE shall be supported: one, simple, in
> > > XEN, another, fully-functional in stubdom.
> >
> > I think it is fine to support OP-TEE only in Dom0 to begin with.
> >
> > Ideally, it would be in Dom0 for convenience and speed and the OP-TEE
> > capability would be specified as an XSM label. Ideally, it would not be
> > only in Dom0 because it is tied to the 1:1 map, but I understand now
> > that it is a requirement. I still think that the XSM label would be good
> > to have even if today it cannot be changed as only Dom0 is 1:1.
>
> I thought a bit more about Dom0 been a 1:1 domain. It is only true for Device
> Memory and the initial RAM allocated for Dom0.
>
> Dom0 may balloon out some pages because it has to map region belonging to
> other domain. Those regions will not be 1:1 mapped and translation will be
> needed if used.
>
> The problem is very similar to DMA in dom0. I can't see any reason to not use
> those regions with OP-TEE. Am I wrong here?

I think you are right. For DMA, Dom0 is expected to use the swiotlb-xen
driver to solve the problem, because it is a genuine use case to have
foreign grants involved in a DMA operation.

For OP-TEE, I don't think we need to support this case? Xen could fail
the request if it involves a page that is not 1:1 mapped?

You would need to introspect the message in order to know that. So supporting non 1:1 mapped page would not be more difficult.

This assuming that you know when you OP-TEE is done with the page.

Cheers,

_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel