[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 5/5] xen/arm: ffa: Enable VM to VM without firmware

  • To: Julien Grall <julien@xxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Tue, 1 Apr 2025 07:49:57 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=arm.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=USuQfzxBUVNlwPYZRuVv6Yeh3NFUDbJv5/Ei20OuS/s=; b=CL8FY+EMjhH4f1VibT1ARxqd2Hih75b92tKIwM7gTy4B6lOuhwpm/mrSms/oTDRzikJkxGUZDGS6boanHbXgT8kQ5ADG1Q1Pjwdf0sg/ZpVhO2VSWin3NI4DKd3Zb+VawgrSKkB8WS6lX4g44JJRTsyHFGKP34MEZXtRWwrzzdoDV00TTtyVInXGMj0ZBwQ9NhBuIbuJdojJbrsU4IadGOGMlc7IatF7FNEhVgf7LoLHuJqzEAoXxsXkbr4VVgQdxisw8MTj/52+/FjRbYPYLizuiTqFnz6w8RiqkGG42qJjbH3IjmSW9y5kBhLAXfcKwRxXnpy4Y1Z7K+PaHBE2Ow==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=USuQfzxBUVNlwPYZRuVv6Yeh3NFUDbJv5/Ei20OuS/s=; b=J0ZeuA+ircU3Q7p7d9F5ZBvt34Qf7k0EvdoG8WRI3Yi9xt0dG1WFO3Hwx9wZ8D65YYn2+07Dr9loO+S5rUA6im6Hj3El/+CrBszD9JzfzpWuQ8VG1CH80jInwYAeAdE28Ae9VpXGxG/k72wCEI2zjv/sJy0OQ+L3UmB8huI0UupBhEWc6kAZphxOnCczvdxBtnjanIoye+n6mKUB4fh1gnAVCpwAoKnmJGB1Oi3GS3EeWPithivwvDPzK8GZg7G40pYE1Qi5DpuPOOPX6Dmbt+vkhWbyQ8s0w/uqBD62/52MgDyoGFxNtSoABVqsKXokXXZ0N5DTMyFe4Den2hAiQA==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=isXX6ZtfckrC/5XBQ5hAP2ojw56g790ENRjXlIh2ZoaY/zMvRd7qWYQ3Vm8hDGJT7fUqW8AhQnRQr1d9XPu4biOa/sUfMx4V154IcxYvKXbxyf2Ghd7T8ZBHM/cAe3F270f4F4m/9i7e++BxuqXeEHBW/gvx2q393kl4B6bamf+PSxgOye+Wj6sikPs7Q8GkJIJ8R6H8LCXOUhjsSxdcMIWCAAOaAMdKANTtBF0nhhsvFsFYwp7V01qlpSKxj6SpDQRCth3aaf7gPxqVTcNq5n176L4nbsvrHpWfOqcWsrKcONiBhIkSJuQhY6pR3GXXfd2MvGu+Bjmprl/aVYJErA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=tJifkbxPZXUOFKPiw3jo6IGpEiwiVIvPRqDnG2WvKQ0JwYN4uOOF77fUCmnPdQu4xqMIjYZPWEwp7FJ2KwBo7A7b2WvGoP2X63FPUJvqvn/yYITI8GuaZWONZdb74DQoU8lwpw8CF8QTKa1UBhJPCsP7r+HUVTSvdVtwAfFSotxv7XymGFZXoGY4kib4XEbZjXScCLMEg3Xr26gFZ1/7bOnTuX2A94Qt2+ShWcmYgOgNfxW/Y8dx0uV8Ohb2ffJHNosTzbgnhLhBKHfRyEsPXzbyE6NcraOAGU+RhBoiDnGTtJ5wcdEkq6PzhjIwP409IW724vtL+rHvKTYFgfyIiA==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "jens.wiklander@xxxxxxxxxx" <jens.wiklander@xxxxxxxxxx>, Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>
  • Delivery-date: Tue, 01 Apr 2025 07:50:19 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHbnMQpJ/OSxu9MyEmYd5oQRaZ927OGF78AgACVfQCABZFUgIACPS+A
  • Thread-topic: [PATCH v4 5/5] xen/arm: ffa: Enable VM to VM without firmware
Hi Julien,

> On 30 Mar 2025, at 23:38, Julien Grall <julien@xxxxxxx> wrote:
> 
> Hi Bertrand,
> 
> On 27/03/2025 08:37, Bertrand Marquis wrote:
>>> On 27 Mar 2025, at 00:41, Julien Grall <julien@xxxxxxx> wrote:
>>> 
>>> Hi Bertrand,
>>> 
>>> On 24/03/2025 13:53, Bertrand Marquis wrote:
>>>> When VM to VM support is activated and there is no suitable FF-A support
>>>> in the firmware, enable FF-A support for VMs to allow using it for VM to
>>>> VM communications.
>>> 
>>> tee/ and the callbacks associated are meant to be used for mediatiors. My 
>>> current interpretation ist this is only meant to interpose between a guest 
>>> and physical resources. Here you are extending the meaning to "virtual 
>>> TEE". I am sort of ok with that but ...
>> I see what you mean but FF-A will not only be used to communicate with TEE 
>> (even if the primary use case right now is this one, including have it in a 
>> VM instead of the secure world).
> > >>
>>>> If there is OP-TEE running in the secure world and using the non FF-A
>>>> communication system, having CONFIG_FFA_VM_TO_VM could be non functional
>>>> (if optee is probed first) or OP-TEE could be non functional (if FF-A is
>>>> probed first) so it is not recommended to activate the configuration
>>>> option for such systems.
>>> 
>>> ... this part is concerning me. You should be able to build with 
>>> CONFIG_FFA_VM_TO_VM and still boot when OP-TEE is present on the system. 
>>> This is not too critical now as this is tech preview but this is definitely 
>>> a blocker for making FFA supported. Can this be mentioned at the top of the 
>>> ffa.c file (which already contains existing blocker)?
>> OP-TEE supports FF-A and in fact should be switched to using it by default 
>> as it allows it to run in parallel of other TEEs in the secure world or have 
>> FF-A compliant SPs running on top of OP-TEE.
>> More and more you will see FF-A popping up as a recommended (or required) 
>> part of the firmware features.
>> So the only reason to use OP-TEE without FF-A is if you have an old OP-TEE 
>> in which case your firmware will not support FF-A and using it between VMs 
>> is probably not required.
> 
> Thanks for the clarification. I know we only support OP-TEE in Xen today, but 
> do you know what will happen for the other TEEs? Will they adopt FF-A?

On Arm the idea is to make them adopt FF-A yes and it will be part of System 
Ready recommendations in the future.

> 
>>> 
>>> Also, given this would expose a fully virtual TEE, we should be able to 
>>> have a system where you have some VMs talking FFA and some using the 
>>> physical OPTEE (or another TEE). Whether we want to support it is a 
>>> different question but this design would prevent it. Is this intended?
>> Right now i would say this is definitely not something we need as part of 
>> the tech preview as anybody using this feature in Xen would use an OP-TEE 
>> with FF-A support.
>> But from Xen point of view, we should (if we can) support running on old 
>> systems with an existing OP-TEE but still use FF-A between VMs.
>> This has some consequences on how the tee mediator and FF-A support is 
>> designed and I will definitely give it some thoughts (primary idea would be 
>> to decouple FF-A with secure as mediator to FF-A between VMs somehow).
> 
> I am not sure we need to decouple anything. Today, we can already specify the 
> type of the TEE used by a given VM (see tee_type). But we are enforcing the 
> TEE type match the one of the current mediator.

Yes for VMs this has to be specified explicitly, this was the idea behind the 
command line parameter for Xen to.

> 
> So what if we allow multiple mediator to run and when the domain is 
> initialized we select the correct medatior/ops for the VM?

Right now a VM gets the mediator selected by configuration if it is available.

I do not think we should make it automatic as there might be good reasons to 
not allow to access a TEE from some VMs.

> 
> For simplification, we could even hardocode FF-A as the second mediator.

That could be a long term solution yes but we definitely need to solve the 
access rights first.
As long as VMs can use FF-A to communicate with any other VMs or TEEs, the 
current approach is the most secure one.

> 
>> For the review side of things, am I right to understand from your comments 
>> that this ok for now as tech-preview ?
> 
> Yes I am happy with the approach for now.

Great thanks.

Cheers
Bertrand

> 
> Cheers,
> 
> -- 
> Julien Grall
>

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.