Re: [Tee-dev] TEE with XEN

[Volodymyr Babchuk <vlad.babchuk@xxxxxxxxx>]

Hi Peng,

On Mon, 15 Jun 2020 at 05:07, Peng Fan <peng.fan@xxxxxxx> wrote:
>
> Hi All,
>
> While enabling trusty os with xen, I took same approach as OP-TEE,
> with OP-TEE running in secure world. But I am also thinking this might
> introduce potential issue is that secure world OS communicate with DomU.
> If there are some misbehavior in secure world OS, it might let XEN
> hypervisor not work proper.
>
> In my setup, trusty os sometimes panic in secure world, xen will not able
> to control the panic core anymore.
>
> So I am thinking whether we need to emulating secure world in a XEN VM
> which is the VM running DomU. Just like what ACRN did to run trusty
> os.

Well, it depends on whom you are trusting more. Both XEN and TEE are minimal
OS implementations with aim at security. I'm speaking about generic TEE OS, not
about particular OS like OP-TEE or Trusty. Problem is that, if TEE is
running inside
VM, it will be susceptible to a hypervisor misbehaviour. You need to understand
that Xen and privileged domain (dom0, mostly) can access memory of any guest.
At least, in default configuration. There are means to harden this
setup. But anyways,
Xen can't be stopped from reading TEE's secrets.

If this is okay for your needs, then you can run TEE as a VM of course.

So, this is heavilly depends on your security threats model. There
can't be universal
solution. Also, I'm proposing to check Google's requirements for
Trusty environment.
Do they allow it to run outside of TrustZone? For example, GPD TEE System
Architecture document clearly says that TEE should be separated from REE by
hardware mechanisms that are not controlled by REE (section 2.2.1). I
believe, that
should be a similar document for Trusty.

-- 
WBR Volodymyr Babchuk aka lorc [+380976646013]
mailto: vlad.babchuk@xxxxxxxxx