[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v1 6/6] xsm: add tee access policy support

To: Julien Grall <julien.grall@xxxxxxx>, xen-devel@xxxxxxxxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
From: Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>
Date: Thu, 23 Aug 2018 16:57:13 +0300
Authentication-results: spf=none (sender IP is ) smtp.mailfrom=Volodymyr_Babchuk@xxxxxxxx;
Delivery-date: Thu, 23 Aug 2018 13:57:35 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Spamdiagnosticmetadata: NSPM
Spamdiagnosticoutput: 1:99

Hi Julien,

On 23.08.18 16:43, Julien Grall wrote:

I don't think we should use XSM to enforce the use of TEE. Thiscontradictory to your next patch where you let the user configure OP-TEEfor a given guest.
IHMO, XSM should only be used to restrict usage of calls in a finegrain. For an overall control, that should be go through a DOMCTL tellXen to initialize OP-TEE for that domain.

Just to be sure. You are proposing to add flag "TEE_ENABLED" for adomain and set it during domain construction, based on configuration, right?


What did you mean by "fine grain"?

--
Volodymyr Babchuk

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v1 6/6] xsm: add tee access policy support
  - From: Julien Grall

References:
- [Xen-devel] [PATCH v1 0/6] TEE mediator (and OP-TEE) support in XEN
  - From: Volodymyr Babchuk
- [Xen-devel] [PATCH v1 6/6] xsm: add tee access policy support
  - From: Volodymyr Babchuk
- Re: [Xen-devel] [PATCH v1 6/6] xsm: add tee access policy support
  - From: Julien Grall

Prev by Date: Re: [Xen-devel] [PATCH] xen/gntdev: fix up blockable calls to mn_invl_range_start
Next by Date: Re: [Xen-devel] [PATCH v1 5/6] libxl: create DTS node for OP-TEE if it is enabled
Previous by thread: Re: [Xen-devel] [PATCH v1 6/6] xsm: add tee access policy support
Next by thread: Re: [Xen-devel] [PATCH v1 6/6] xsm: add tee access policy support
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.