[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v6 09/10] tools/arm: tee: add "tee" option for xl.cfg

To: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
From: Julien Grall <julien.grall@xxxxxxx>
Date: Tue, 18 Jun 2019 13:49:42 +0100
Cc: "tee-dev@xxxxxxxxxxxxxxxx" <tee-dev@xxxxxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
Delivery-date: Tue, 18 Jun 2019 12:50:03 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>



On 18/06/2019 12:19, Volodymyr Babchuk wrote:


Hi Julien,

Hi,


Julien Grall writes:

+
+=item B<optee>
+
+Allow a guest to use OP-TEE. Note that a virtualization-aware OP-TEE
+is required for this. If this option is selected, guest will be able


OOI, what happen if OP-TEE does not support virtualization. Will Xen
forbid to use it?

Yes, Xen will get an error from OP-TEE during domain construction. This
will lead to domain creation failure.

This is a bit odd. It means we have no way to know in advance whether OP-TEEwill be able to create a client. In other word, when the mediator is built inXen, all existing setup with OP-TEE (and no-virtualization) will fail.


My expectation is Xen should be able to know whether the mediator can be used.

+to access to the real OP-TEE OS running on the host. Guest creation


s/real// it is redundant with the rest of the sentence. However, it
does not really answer to the question regarding isolation.

Your assumption is correct - OP-TEE provides isolation on its side.

+will fail if OP-TEE have no resources for a new guest. Number of supported
+guests depends on OP-TEE configuration.


How about the following description (correct me if my understanding is
wrong):

"Allow a guest to access the host OP-TEE OS. Xen will mediate the
access to OP-TEE and the resource isolation will be provided directly
by OP-TEE. OP-TEE itself may limit the number of guests that can
concurrently use it. This requires a virtualization-aware OP-TEE for
this to work.

This feature is a B<technology preview>."

That's much better than my version. Thank you.

How can a user know whether OP-TEE supports virtualization? Is it
configurable at build?

Yes, there is a special configuration option CFG_VIRTUALIZATION. This is
covered in OP-TEE documentation at [1]

[1] https://optee.readthedocs.io/architecture/virtualization.html

Do we expect the link to be stable? If so, then I think a link in thedocumentation would be useful.


Cheers,

--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v6 09/10] tools/arm: tee: add "tee" option for xl.cfg
  - From: Volodymyr Babchuk

References:
- [Xen-devel] [PATCH v6 00/10] TEE mediator (and OP-TEE) support in XEN
  - From: Volodymyr Babchuk
- [Xen-devel] [PATCH v6 09/10] tools/arm: tee: add "tee" option for xl.cfg
  - From: Volodymyr Babchuk
- Re: [Xen-devel] [PATCH v6 09/10] tools/arm: tee: add "tee" option for xl.cfg
  - From: Julien Grall
- Re: [Xen-devel] [PATCH v6 09/10] tools/arm: tee: add "tee" option for xl.cfg
  - From: Volodymyr Babchuk

Prev by Date: Re: [Xen-devel] [PATCH 7/9] AMD/IOMMU: adjust setup of internal interrupt for x2APIC mode
Next by Date: Re: [Xen-devel] Starting to port xen on beagleboard-x15 (GSoC 2019 project)
Previous by thread: Re: [Xen-devel] [PATCH v6 09/10] tools/arm: tee: add "tee" option for xl.cfg
Next by thread: Re: [Xen-devel] [PATCH v6 09/10] tools/arm: tee: add "tee" option for xl.cfg
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.