[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] arm: dom0less: add TEE support

  • To: Julien Grall <julien@xxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Thu, 30 May 2024 09:03:36 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=arm.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pBf+gGNTpvlyPFsg4FGV3jSyPfiHCbGdaEQksFAO3Dw=; b=blpvcJCtYdqeiY8YiMlk3aDmxfyWxAMN0sWUoWNZSQUpe5Msg5aJI+7rqPqrA+Lw+4mPA557i+CZmIwFsZm9kq61/xTlcenGcraZ2Ec0kD+2yWBdUPLeeCAmzeGjd1awuuGHMYypJR+K+CUpHKioxOCSlPjLO2mcl3fxcNlhrPgJ0z7OSo0nYlMsLzSLrFyn7MQPUbKCG1GaFSwnvP+t3Ifyz1HGTS+zomP3P3TrKRYcXEl/6QscBfN9bkm81LpZnmQzVSWoGqBHQfmBgtGR0TRs7UKcucHQcjtpz6jIe5JNOEIh1coQ7ImSNcVGDi0aVB++L55u8HywBN9B0S+Iww==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pBf+gGNTpvlyPFsg4FGV3jSyPfiHCbGdaEQksFAO3Dw=; b=V6YSO6IsGSL8NI8381qZpcCv73U2Cp9J6VlR1+rXCQX4o2IbIz8fiR5Hd27xFsc5Sx2k2G/j2cxHQL8XYoRvc/WrZ/nlnS5OUjVacoqke2+/LJ879zogE6Z6sZ4hIDma48Tx25+gdUNdsMOR0mONDvI+vHGQkb4MSqHWZVWLyhubq8J8aR2x8KmPtZyo9WnPE+GUr324lFLXIjvaJNkuytsOiIzvPujNrimHCPPd2D8TdTL6a6fsbiTcS2xBrWeEgSJBpRW0P9SoWOmCtvU2FNo7nYIbngkE/xxZRzgmtsUMn7of2MmSa+B2Rw+FpWvxmZNv2BlUFZu/+lftRc3dpA==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=JYqwl4xl0KhAUQMUblpOGdPch8MJf7oMSG7e16o7jhrxNT3D1oCKsBKieyoSOYKB1psNhc9DUfA8V2yCGOfhVRJb73mK2vq4DYFBLvFM5aiYsc8ENRAZIeveuIbUjU377TAHCkssmgu2En/uXevkfbFnWTunZ/EN+Tkh56/cyuei7TugjVgKcwC6fl/n+iIVJD1HC7vKWY4FeFS2sjpRoiS8u7jAE4BrFl/mQg4YQZ0nJOdQEw9chQxYOiaan4p/oyvYnsxf5sEZbqCRs153+ZdX/tzJWU3CtCCFdfIHY/bvKtiJtnmILaW7Vd5qYLBK9FR2K5qs6Sr0qXnzXYTcig==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NIk4va0MznYfibV2SzVm3OuGpH1BHWIM3ppvrSNOzdrj3ZRpAxmCwMP74wpBrtGV0j1Vky3tooO04yjIub1xPpEkxWy1w/2Lep3S0b2TAigC35SZhZ54qG4vvJ7IKpIs4jwBMFotljTO+tnBadcbu0ZZwXpjrIcXuRg0gPA7qtwUEPb/XoLb9wCMOGXcIdANo8kS8+40SoRSUHsXV/KNMh84KfuaBgIqFJUBJ41y+MSt4kemMK7HcwaYGEK0tt+P2HXn3VjemRlxkUVeB0MO6GqU3q9p7VjePi1tHb9GrObCeEuDnDi+zTj1bnc0/alUoWkiQEghBtim5j7HpgjeKQ==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>
  • Delivery-date: Thu, 30 May 2024 09:04:02 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHasgjZKwS4pdCyJUe9LewXYMLHeLGutaSAgAAAkICAALRFAIAAEesA
  • Thread-topic: [PATCH] arm: dom0less: add TEE support
Hi Julien,

> On 30 May 2024, at 09:59, Julien Grall <julien@xxxxxxx> wrote:
> 
> 
> 
> On 29/05/2024 22:34, Volodymyr Babchuk wrote:
>> Hi Julien,
> 
> Hi Volodymyr,
> 
>> Julien Grall <julien@xxxxxxx> writes:
>>> Hi Volodymyr,
>>> 
>>> Can you clarify whether this is intended for the next release cycle?
>> Well, I don't think that this patch should be committed ASAP if this is
>> what you are asking about.
>>> On 29/05/2024 21:43, Volodymyr Babchuk wrote:
>>>> Allow to provide TEE type for a Dom0less guest via "xen,tee"
>>>> property. Create appropriate nodes in the guests' device tree and
>>>> initialize tee subsystem for it.
>>> 
>>> The new property needs to be documented in
>>> docs/misc/arm/device-tree/booting.txt.
>>> 
>> Yes, missed that.
>>>> Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>
>>>> ---
>>>>   xen/arch/arm/dom0less-build.c     | 69 +++++++++++++++++++++++++++++++
>>>>   xen/arch/arm/include/asm/kernel.h |  3 ++
>>>>   2 files changed, 72 insertions(+)
>>>> diff --git a/xen/arch/arm/dom0less-build.c
>>>> b/xen/arch/arm/dom0less-build.c
>>>> index fb63ec6fd1..1ea3ecc45c 100644
>>>> --- a/xen/arch/arm/dom0less-build.c
>>>> +++ b/xen/arch/arm/dom0less-build.c
>>>> @@ -15,6 +15,7 @@
>>>>   #include <asm/domain_build.h>
>>>>   #include <asm/static-memory.h>
>>>>   #include <asm/static-shmem.h>
>>>> +#include <asm/tee/tee.h>
>>>>     bool __init is_dom0less_mode(void)
>>>>   {
>>>> @@ -277,6 +278,42 @@ static int __init make_vpl011_uart_node(struct 
>>>> kernel_info *kinfo)
>>>>   }
>>>>   #endif
>>>>   +#ifdef CONFIG_OPTEE
>>>> +static int __init make_optee_node(struct kernel_info *kinfo)
>>> 
>>> Please introduce a callback in the TEE framework that will create the
>>> OPTEE node.
>> This is the reason why this is RFC.
> 
> If this is meant an RFC, then I would recommend to tag your series with RFC. 
> Similarly...
> 
> 
>> I wanted to discuss the right method
>> of doing this.
> 
> ... if you have any open questions. Then please write them down after the 
> "---" (so they are not committed). So this is not a guessing game for the 
> reviewer.
> 
> For instance, if you hadn't asked the question, I wouldn't have realized you 
> were not entirely happy with your solution. To me it looked fine because this 
> is self-contained in an OP-TEE specific function.
> 
>> "optee" node should reside in "/firmware/" node as per
>> device tree bindings. But "/firmware/" node can contain additional
>> entries, for example linux device tree bindings also define
>> "/firmware/sdei". So, probably correct solution is to implement function
>> "make_firmware_node()" in this file, which in turn will call TEE
>> framework.
> 
> Longer term possibly. But at the moment, we have no implementation of the 
> "sdei" node and I am not aware of any future plan. So I don't think it is 
> necessary to split the work in two functions.
> 
>> But we are making assumption that all TEE implementation will have its
>> node inside "/firmware/". I am not 100% sure that this is correct. For
>> example I saw that Google Trusty uses "/trusty" node (directly inside
>> the DTS root). On other hand, it is not defined in dts bindings, as far
>> as I know.
> 
> TBH, if there is no official binding documentation, then Xen cannot sensibly 
> create those nodes because they are not "stable". So the first step would be 
> to have official binding.
> 
> 
> Bertrand, I couldn't find any documentation for the FFA binding. Do you know 
> if they will be created under /firmware?

There is not device tree entry needed for FF-A because it is detected through a 
FF-A call.

> 
>>>>   /*
>>>>    * Scan device tree properties for passthrough specific information.
>>>>    * Returns < 0 on error
>>>> @@ -650,6 +687,15 @@ static int __init prepare_dtb_domU(struct domain *d, 
>>>> struct kernel_info *kinfo)
>>>>       if ( ret )
>>>>           goto err;
>>>>   +#ifdef CONFIG_OPTEE
>>>> +    if ( kinfo->tee_type == XEN_DOMCTL_CONFIG_TEE_OPTEE)
>>>> +    {
>>>> +        ret = make_optee_node(kinfo);
>>>> +        if ( ret )
>>>> +            goto err;
>>>> +    }
>>>> +#endif
>>>> +
>>>>       /*
>>>>        * domain_handle_dtb_bootmodule has to be called before the rest of
>>>>        * the device tree is generated because it depends on the value of
>>>> @@ -743,6 +789,9 @@ static int __init construct_domU(struct domain *d,
>>>>   {
>>>>       struct kernel_info kinfo = {};
>>>>       const char *dom0less_enhanced;
>>>> +#ifdef CONFIG_TEE
>>>> +    const char *tee;
>>>> +#endif
>>>>       int rc;
>>>>       u64 mem;
>>>>       u32 p2m_mem_mb;
>>>> @@ -786,6 +835,18 @@ static int __init construct_domU(struct domain *d,
>>>>       else if ( rc == 0 && !strcmp(dom0less_enhanced, "no-xenstore") )
>>>>           kinfo.dom0less_feature = DOM0LESS_ENHANCED_NO_XS;
>>>>   +#ifdef CONFIG_TEE
>>> 
>>> I would rather prefer if this code is implemented in tee.c. We also...
>>> 
>>>> +    rc = dt_property_read_string(node, "xen,tee", &tee);
>>> 
>>> ... want to return an error if "xen,tee" exists because CONFIG_TEE is
>>> not set.
>>> 
>>>> +    if ( rc == -EILSEQ ||
>>>> +         rc == -ENODATA ||
>>>> +         (rc == 0 && !strcmp(tee, "none")) )
>>>> +    {
>>>> +        if ( !hardware_domain )
>>> 
>>> 
>>> I don't understand this check. Why would we require dom0 for OP-TEE?
>> OP-TEE is enabled for Dom0 unconditionally in create_dom0(void);
> 
> I am sorry but this still doesn't make sense. AFAICT, this path is only used 
> by domU. In some dom0less setup, we may not have dom0 at all. So why do you 
> want to prevent OP-TEE for such case?
> 
> Or are you intending to check that "d" is not the hardware domain? If so, you 
> have the wrong check (you want to check is_hardware_domain(d) and AFAIK this 
> path is not called for dom0.
> 
>> This is another topic I wanted to discuss, actually, Should we use the
>> same "xen,tee" for Dom0? In this case we might want to alter Dom0 DTB to
>> remove TEE entry if user wants it to be disabled.
> Is there any existing use case to disable OP-TEE in dom0? I am asking because 
> removing the nodes will make the code a bit more complicated. So if there is 
> no need, then my preference is to not do it.

I would say there are several:
- optee not supported in Xen (dom0 cannot access it anyway)
- optee to be used in a guest instead of dom0
- ff-a used to communicate with optee (in this case optee support is not used 
but ff-a is).

On this subject, I will not ask you to add support for FF-A for this but 
whatever you do please keep in mind
that we will probably add the same for FF-A so that we end up with something 
coherent where the tee can
be selected by configuration for guests or by device tree for dom0 or dom0less 
guests.

I will make a path on the next version of the patch for this.

Cheers
Bertrand

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.