[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg

To: Achin Gupta <Achin.Gupta@xxxxxxx>
From: Julien Grall <julien.grall@xxxxxxx>
Date: Wed, 20 Mar 2019 16:18:11 +0000
Cc: Wei Liu <wei.liu2@xxxxxxxxxx>, Volodymyr Babchuk <vlad.babchuk@xxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, "tee-dev@xxxxxxxxxxxxxxxx" <tee-dev@xxxxxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, nd <nd@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
Delivery-date: Wed, 20 Mar 2019 16:18:20 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Achin,

On 18/03/2019 21:04, Achin Gupta wrote:

On Mon, Mar 18, 2019 at 03:49:12PM +0000, Julien Grall wrote:

(+ Achin)

On 07/03/2019 21:04, Volodymyr Babchuk wrote:

From: Volodymyr Babchuk <vlad.babchuk@xxxxxxxxx>

This enumeration controls TEE type for a domain. Currently there is
two possible options: either 'none' or 'native'.

'none' is the default value and it basically disables TEE support at
all.

'native' enables access to a "real" TEE installed on a platform.


I am aware I made that suggestion. But I think the naming is not ideal
between the user and the toolstack. The question is how this is going to fit
with the S-EL2 feature where multiple TEE can run together?

I have CCed Achin to see he has any vision how this could be interfaced.


Thanks.

Multiple TEEs (or rather Trusted OSs) can coexist on Armv8.3 and earlier. They
will not be isolated but play along nicely.

That's interesting. So, in the current case (i.e without SPCI), how do youcommunicate with a specific Trusted OS?


The intent is that prior to S-EL2 and multiple TOSs, each TOS will migrate to
using the SPCI spec. At this stage, there should be no need for a TOS specific
mediator in the Hypervisor. IOW, there should be a "generic" SPCI
mediator. Maybe, we can add a TEE type 'generic' later to enable access to any
TEE through this generic interface?

Yes, that's probably a good option to add later. So maybe renaming 'native' to'optee'(or 'op-tee') would be more suitable here. This avoid the ambiguity of'native'.


Support for multiple TOSs has raised other questions that we are trying to
address e.g. dependencies between them or on guests in Nwd, impact on scheduling
decisions made by Nwd etc. Support for OP-TEE in this patch stack does not need
to answer these just yet it seems. It is more likely that we will have to tackle
support for multiple TEEs afresh rather than treating it as an extension of
support for a specific TOS.

I totally agree. SPCI is a separate topic, although I wanted to get a moresuitable name for the config so we can avoid introduce a new option later on.


Happy to discuss further and I hope this helps in some way.


Thank you for the feedback!

Cheers,

--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- [Xen-devel] [PATCH v4 00/10] TEE mediator (and OP-TEE) support in XEN
  - From: Volodymyr Babchuk
- [Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg
  - From: Volodymyr Babchuk
- Re: [Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg
  - From: Julien Grall
- Re: [Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg
  - From: Achin Gupta

Prev by Date: Re: [Xen-devel] [PATCH v4 05/10] xen/arm: optee: add std call handling
Next by Date: Re: [Xen-devel] [PATCH v4 06/10] xen/arm: optee: add support for RPC SHM buffers
Previous by thread: Re: [Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg
Next by thread: Re: [Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.