[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 5/5] xen/arm: ffa: Enable VM to VM without firmware


  • To: Julien Grall <julien@xxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Thu, 27 Mar 2025 08:37:01 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=arm.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EmkhyCtEOEhLBaybFLIZ4HYsv7SNKTd41UY4xdvR9Jg=; b=pFIxAkJu+0EeN3AFNWO+10kuXYlQ/wugh7m8WBxOain80dIM8LtikNHwjYtk6HyC78GwcvplHQ7+2TCr8iSc859GODsvYKsBJu2CM5lhKZmKFDZtc0disk0paqtf9JxxmGrWC7NlyNPL5720Du+C6T0eeQpDHvV933o99c9Z4AkC3x1nBbZTFzjsmI69KIRUV0mO65RAjrUljrZZBP4kW9nrXtzeecdKwDIGLCtrdZIVJvYvELVa+w5OJTqEXsGlseTAe0I1EObJuZl40Tcoh1kdXqhi7t1OHAawdyqV5SRm7wqib8ksktCWUrPc/N7XJbVWWNDXNVsoBAmMg34nJg==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EmkhyCtEOEhLBaybFLIZ4HYsv7SNKTd41UY4xdvR9Jg=; b=kdI0HDUdkg8fHmPdWClVJE7Glx0CMhTKnDqrwoiMPAxmKgjfwKfypuJx2WHbDoPPmFdrc21fxb9gAinpRcDbxWwPLKrAkFI1/RuezXWYPqE3zVJAO1Zr7YnKjnsZ/KwnZRcMOqaFCxu6fnMtats8oHu47AKr/mnvLvFYfwTjz7DhT7ZpU4YlHrmXbA4Y6pY4RQaWV17U6QviiWJFP5yWvA2TGAp3Lvv9TO2ZSz/jS7m0RVpI6fVn0DacOaK2VPLEed1KCJhOw7zqBn3nWdf8SCK44pdUxbgOip40I8bhtyE5RfAm6W7NKR8IBMW2SG0mYqthz8QnApZBnJ3jq7DJaw==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=pLl/m+/vETEnEtI3Y1nXgSKEdNve8eHeay7y9OMqfNZQWtL3IgLmdIrw2D0c1DPgGwLASBTFUwU9tzcmMyILIY8AXZ+wCftVpE0ORdznI3ogss2Slj64vXpcaps4Xs7U0snE7GL80x7vFEqo25E7uOOpiIjfu0ATtiwRlTXOQbIx7njA5pCiTbvPw3n8JTjD4O7wWvqXrcHA/AlDsyJdOtwSF+/0A5a6/1uVytgy3Uvc6SJ0cV21vNbh8Wyhv50qU2yBGtrdWoYtGHNSztAGZvhVvn/xJbi/vvqGgpcA5NyjN+TfUmslduYQmEqTXGCoGIF7K2VmN7THSFpn7LgBkw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=TDLJjxnj8zptLmZ8T+tmmgBrLlm1xxNhiETScdf+G821hiL5NcoeH0K6giFVnXUrKMt2FoiIX2HXP8cCZN5nur25M81eGdh2h4K8cWOHHgrhq1srq8HjQrJlJTMmLNiyQDMik0qUkssFh2xE018MEKD6Jysor6yPdHoC4SNkOca6updsfv5vPDRbYyKyqMt+SjSuA0LiGy+Y7JiLqd+s+PoHeUWadrSMcJ7YYWjvudb+9Oa29fIEEZMjb7kReUHBryzgtm6NxpBiSJPja4QZv1h5GOisLjU4Rdgg5qWroCFW3qV4bXaPXsYX1J+Nv6TxVz/05x3+8VZMoWubi/72oA==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "jens.wiklander@xxxxxxxxxx" <jens.wiklander@xxxxxxxxxx>, Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>
  • Delivery-date: Thu, 27 Mar 2025 08:37:23 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHbnMQpJ/OSxu9MyEmYd5oQRaZ927OGF78AgACVfQA=
  • Thread-topic: [PATCH v4 5/5] xen/arm: ffa: Enable VM to VM without firmware

Hi Julien,

> On 27 Mar 2025, at 00:41, Julien Grall <julien@xxxxxxx> wrote:
> 
> Hi Bertrand,
> 
> On 24/03/2025 13:53, Bertrand Marquis wrote:
>> When VM to VM support is activated and there is no suitable FF-A support
>> in the firmware, enable FF-A support for VMs to allow using it for VM to
>> VM communications.
> 
> tee/ and the callbacks associated are meant to be used for mediatiors. My 
> current interpretation ist this is only meant to interpose between a guest 
> and physical resources. Here you are extending the meaning to "virtual TEE". 
> I am sort of ok with that but ...

I see what you mean but FF-A will not only be used to communicate with TEE 
(even if the primary use case right now is this one, including have it in a VM 
instead of the secure world).

> 
>> If there is OP-TEE running in the secure world and using the non FF-A
>> communication system, having CONFIG_FFA_VM_TO_VM could be non functional
>> (if optee is probed first) or OP-TEE could be non functional (if FF-A is
>> probed first) so it is not recommended to activate the configuration
>> option for such systems.
> 
> ... this part is concerning me. You should be able to build with 
> CONFIG_FFA_VM_TO_VM and still boot when OP-TEE is present on the system. This 
> is not too critical now as this is tech preview but this is definitely a 
> blocker for making FFA supported. Can this be mentioned at the top of the 
> ffa.c file (which already contains existing blocker)?

OP-TEE supports FF-A and in fact should be switched to using it by default as 
it allows it to run in parallel of other TEEs in the secure world or have FF-A 
compliant SPs running on top of OP-TEE.
More and more you will see FF-A popping up as a recommended (or required) part 
of the firmware features.

So the only reason to use OP-TEE without FF-A is if you have an old OP-TEE in 
which case your firmware will not support FF-A and using it between VMs is 
probably not required.

> 
> Also, given this would expose a fully virtual TEE, we should be able to have 
> a system where you have some VMs talking FFA and some using the physical 
> OPTEE (or another TEE). Whether we want to support it is a different question 
> but this design would prevent it. Is this intended?

Right now i would say this is definitely not something we need as part of the 
tech preview as anybody using this feature in Xen would use an OP-TEE with FF-A 
support.
But from Xen point of view, we should (if we can) support running on old 
systems with an existing OP-TEE but still use FF-A between VMs.
This has some consequences on how the tee mediator and FF-A support is designed 
and I will definitely give it some thoughts (primary idea would be to decouple 
FF-A with secure as mediator to FF-A between VMs somehow).

For the review side of things, am I right to understand from your comments that 
this ok for now as tech-preview ?

Cheers
Bertrand


> 
> Cheers,
> 
> -- 
> Julien Grall
> 




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.