[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Reg. Tee init fail...


  • To: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>
  • From: "SK, SivaSangeetha (Siva Sangeetha)" <SivaSangeetha.SK@xxxxxxx>
  • Date: Thu, 30 Jun 2022 03:32:36 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=W+6+xBHQBEIoHUQGVwQy0HjFAgGXo3IOZhrED5V38qM=; b=PL9VoqmKrddtP1admZKgtLb+veyWerawfvsKiHXT9RWlfxTztqZuwOi99nUv5NxcNBBm1w6FvObhR7NOqnH/XEeVHnaxxJ2FtboOQWbgFzXrw79RCTubzkAh8UTPSYgshvzRzEcYgS/9d2kGgTv+2ZjS0cg7SkB1jVK1iRnq1vsUCaVP6kc2+XwAjQjFhy9dAEwn1GgeBNtlYoAq6A3B1Q403UaPaQYyEcQ/r3o9vU0KiGfpOdhhRMIrVA7HpqtvFjrvvVQxBMlmx7O3Qu2iSdllgrXJVsoACzNj9WB+QkKa9+uZdlyqp+nJfZ5rWJJOLUW+sU9mdh2nCQbTr9V9EA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EwO/rBWA4DdrRjkcDQBtUrdEsOQGUQ3D5roDh7UEtUziohhSDV5cfWsLRh1Wc0SOaJMD/qNbpS0YdiSc236Ao/9VWmFQ8qL4p1JA+Y+IordcLjDDeXUpUDJty8rQSPZ9JIgkCjLcd/s/SYOJTVQvQgf+Tv14o5BNv4mSA8/6MB4+qS2j2tj1cy/jI5gkFn+cBZglSHTQvDEZEPDC54bQPvgQLHBMyWWIMEMGUFe3AhzKEq4PUgdA02PJ23yWGGywFspEyLCy+WO2N8hFs1SC50C5anzsvnO/iR+EvvUZUScd8zwvlE9SBrqaeD/TlGIV/jfbKc3j4ch6yR7wtm4mKQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, "jgross@xxxxxxxx" <jgross@xxxxxxxx>, "boris.ostrovsky@xxxxxxxxxx" <boris.ostrovsky@xxxxxxxxxx>, "Pandeshwara krishna, Mythri" <Mythri.Pandeshwarakrishna@xxxxxxx>, "Rangasamy, Devaraj" <Devaraj.Rangasamy@xxxxxxx>, "Thomas, Rijo-john" <Rijo-john.Thomas@xxxxxxx>
  • Delivery-date: Thu, 30 Jun 2022 04:16:13 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Msip_labels: MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_Enabled=true; MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_SetDate=2022-06-30T03:32:33Z; MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_Method=Standard; MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_Name=General; MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_SiteId=3dd8961f-e488-4e60-8e11-a82d994e183d; MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_ActionId=dcb75614-3210-49a0-b087-30203244579f; MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_ContentBits=1
  • Thread-index: AdiHr2So4ZRGcIepR0+LrE4BlT2RXAAQHZuAAQDerQAAD6nlcA==
  • Thread-topic: Reg. Tee init fail...

[AMD Official Use Only - General]

+team

-----Original Message-----
From: Stefano Stabellini <sstabellini@xxxxxxxxxx> 
Sent: Thursday, June 30, 2022 1:34 AM
To: Julien Grall <julien@xxxxxxx>
Cc: SK, SivaSangeetha (Siva Sangeetha) <SivaSangeetha.SK@xxxxxxx>; 
xen-devel@xxxxxxxxxxxxxxxxxxxx; Stefano Stabellini <sstabellini@xxxxxxxxxx>; 
Bertrand Marquis <bertrand.marquis@xxxxxxx>; Volodymyr Babchuk 
<Volodymyr_Babchuk@xxxxxxxx>; jgross@xxxxxxxx; boris.ostrovsky@xxxxxxxxxx
Subject: Re: Reg. Tee init fail...

Adding Juergen and Boris because this is a Linux/x86 issue.


As you can see from this Linux driver:
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Felixir.bootlin.com%2Flinux%2Flatest%2Fsource%2Fdrivers%2Fcrypto%2Fccp%2Ftee-dev.c%23L132&amp;data=05%7C01%7CSivaSangeetha.SK%40amd.com%7Ce962a907794f4917a80b08da5a0a7b3b%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637921298315828104%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=NxmMUckiDRGLv3qLJrhZKBt2zNTuomEZqYJdV74tXxA%3D&amp;reserved=0

Linux as dom0 on x86 is trying to communicate with firmware (TEE). Linux is 
calling __pa to pass a physical address to firmware. However, __pa returns a 
"fake" address not an mfn. I imagine that a quick workaround would be to call 
"virt_to_machine" instead of "__pa" in tee-dev.c.

Normally, if this was a device, the "right fix" would be to use 
swiotlb-xen:xen_swiotlb_map_page to get back a real physical address.

However, xen_swiotlb_map_page is meant to be used as part of the dma_ops API 
and takes a struct device *dev as input parameter. Maybe xen_swiotlb_map_page 
can be used for tee-dev as well?


Basically tee-dev would need to call dma_map_page before passing addresses to 
firmware, and dma_unmap_page when it is done. E.g.:


  cmd_buffer = dma_map_page(dev, virt_to_page(cmd),
                            cmd & ~PAGE_MASK,
                            ring_size,
                            DMA_TO_DEVICE);


Juergen, Boris,
what do you think?



On Fri, 24 Jun 2022, Julien Grall wrote:
> Hi,
> 
> (moving the discussion to xen-devel as I think it is more appropriate)
> 
> On 24/06/2022 10:53, SK, SivaSangeetha (Siva Sangeetha) wrote:
> > [AMD Official Use Only - General]
> 
> Not clear what this means.
> 
> > 
> > Hi Xen team,
> > 
> > In TEE driver, We allocate a ring buffer, get its physical address 
> > from
> > __pa() macro, pass the physical address to secure processor for 
> > mapping it and using in secure processor side.
> > 
> > Source:
> > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fel
> > ixir.bootlin.com%2Flinux%2Flatest%2Fsource%2Fdrivers%2Fcrypto%2Fccp%
> > 2Ftee-dev.c%23L132&amp;data=05%7C01%7CSivaSangeetha.SK%40amd.com%7Ce
> > 962a907794f4917a80b08da5a0a7b3b%7C3dd8961fe4884e608e11a82d994e183d%7
> > C0%7C0%7C637921298315828104%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAw
> > MDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&a
> > mp;sdata=NxmMUckiDRGLv3qLJrhZKBt2zNTuomEZqYJdV74tXxA%3D&amp;reserved
> > =0
> > 
> > This works good natively in Dom0 on the target.
> > When we boot the same Dom0 kernel, with Xen hypervisor enabled, ring 
> > init fails.
> 
> Do you have any error message or error code?
> 
> > 
> > 
> > We suspect that the address passed to secure processor, is not same 
> > when xen is enabled, and when xen is enabled, some level of address 
> > translation might be required to get exact physical address.
> 
> If you are using Xen upstream, Dom0 will be mapped with IPA == PA. So 
> there should be no need for translation.
> 
> Can you provide more details on your setup (version of Xen, Linux...)?
> 
> Cheers,
> 
> --
> Julien Grall
> 



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.