subject:"\[Xen\-devel\] \[PATCH v4 09\/10\] tools\/arm\: tee\: add \"tee\" option for xl.cfg"

Re: [Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg

2019-04-08 Thread Julien Grall


Hi,

On 4/5/19 11:25 AM, Volodymyr Babchuk wrote:


Hi Julien,

Julien Grall writes:


Hi,

On 20/03/2019 17:01, Volodymyr Babchuk wrote:


Julien Grall writes:


On 20/03/2019 15:27, Volodymyr Babchuk wrote:


Hello Julien,

Julien Grall writes:


On 07/03/2019 21:04, Volodymyr Babchuk wrote:

From: Volodymyr Babchuk 

This enumeration controls TEE type for a domain. Currently there is
two possible options: either 'none' or 'native'.

'none' is the default value and it basically disables TEE support at
all.

'native' enables access to a "real" TEE installed on a platform.


I am aware I made that suggestion. But I think the naming is not ideal
between the user and the toolstack. The question is how this is going
to fit with the S-EL2 feature where multiple TEE can run together?

You see, support for S-EL2 or support for multiple TEEs is a much broader
topic. For me, naming for configuration option is the least important
thing in this case :-)


Naming exposed to users are hard to remove. If the naming is too
ambiguous, then we will have to introduce a new option later on. This
is not very ideal, so it would be better if we can find something
different.



Right there is no clear vision how it will ever work. I scanned through
SPCI spec and I already have a couple of questions. I need to study it
harder to make serious statements, but I already see that current
mediator framework will hardly fit into SPCI stuff. Frankly, I have
concerns that OP-TEE (or any other existing TEE) will be compatible
with SPCI-enabled systems without major rework. So, we will need to do
big overhaul anyways, when there will appear first SPCI-compatible TEEs and
secure hypervisors.

AFAIK, there is no ARMv8.4 platforms, no S-EL2 hypervisors and so on. It
will take at least couple of years before S-EL2 will hit the market. So
in my opinion it is too early to make any assumptions on how to support
all this in Xen. Lets stick to the current matters.


I am fully aware that more work will need to be done with S-EL2. I am
not expecting you (or anyone else here) to come with the
implementation now. My point is the naming should be chosen so it
prevents ambiguity with whatever we know will come up in the future.



I'm not insisting on "native". But I can't invent something better right
now. Probably, SPCI-enabled TEE also will be considered "native" as
opposed to, say, "emulated". >
As I said, I can't come with anything better than "native". But I'm open
to any suggestions.


Well one solution is to ditch "native" and name it "optee". By giving
the name you avoid ambiguity. If we ever have multiple op-tee instance
running, then it could easily be extend with a comma. So you allow
backward compatibility.


I considered this. But If I remember right, idea was to query Xen about
available TEE, and configure guest in the appropriate way. So "native"
(or some other generic way) could be used for OP-TEE, Google Trusty or
any other TEE, without changing guest configuration.

Using "optee" will cause explicit configuration for OP-TEE only. I can't
say that this is good or bad. It just different. Do you think that would
be better approach?


You have 2 different cases to take into account:
- A guest is able to deal with all supported Trusted OS. So
"native" will let the toolstack query the current Trusted OS and
expose it to the guest.
- A guest can only deal with a specific Trusted OS. In that case,
the user might want to specify in the configuration the expected
Trusted OS so it can't boot if not available.

What I suggest is deferring the former case until we have another TEE
in hand. Maybe at that time, we will have a better naming :).


Okay, so summarizing this up, you are proposing to use "optee". Am I got
you right?


I am suggesting 'tee = "optee"' for now.

Cheers,

--
Julien Grall

___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg

2019-04-05 Thread Volodymyr Babchuk


Hi Julien,

Julien Grall writes:

> Hi,
>
> On 20/03/2019 17:01, Volodymyr Babchuk wrote:
>>
>> Julien Grall writes:
>>
>>> On 20/03/2019 15:27, Volodymyr Babchuk wrote:

 Hello Julien,

 Julien Grall writes:

> On 07/03/2019 21:04, Volodymyr Babchuk wrote:
>> From: Volodymyr Babchuk 
>>
>> This enumeration controls TEE type for a domain. Currently there is
>> two possible options: either 'none' or 'native'.
>>
>> 'none' is the default value and it basically disables TEE support at
>> all.
>>
>> 'native' enables access to a "real" TEE installed on a platform.
>
> I am aware I made that suggestion. But I think the naming is not ideal
> between the user and the toolstack. The question is how this is going
> to fit with the S-EL2 feature where multiple TEE can run together?
 You see, support for S-EL2 or support for multiple TEEs is a much broader
 topic. For me, naming for configuration option is the least important
 thing in this case :-)
>>>
>>> Naming exposed to users are hard to remove. If the naming is too
>>> ambiguous, then we will have to introduce a new option later on. This
>>> is not very ideal, so it would be better if we can find something
>>> different.
>>>

 Right there is no clear vision how it will ever work. I scanned through
 SPCI spec and I already have a couple of questions. I need to study it
 harder to make serious statements, but I already see that current
 mediator framework will hardly fit into SPCI stuff. Frankly, I have
 concerns that OP-TEE (or any other existing TEE) will be compatible
 with SPCI-enabled systems without major rework. So, we will need to do
 big overhaul anyways, when there will appear first SPCI-compatible TEEs and
 secure hypervisors.

 AFAIK, there is no ARMv8.4 platforms, no S-EL2 hypervisors and so on. It
 will take at least couple of years before S-EL2 will hit the market. So
 in my opinion it is too early to make any assumptions on how to support
 all this in Xen. Lets stick to the current matters.
>>>
>>> I am fully aware that more work will need to be done with S-EL2. I am
>>> not expecting you (or anyone else here) to come with the
>>> implementation now. My point is the naming should be chosen so it
>>> prevents ambiguity with whatever we know will come up in the future.
>>>

 I'm not insisting on "native". But I can't invent something better right
 now. Probably, SPCI-enabled TEE also will be considered "native" as
 opposed to, say, "emulated". >
 As I said, I can't come with anything better than "native". But I'm open
 to any suggestions.
>>>
>>> Well one solution is to ditch "native" and name it "optee". By giving
>>> the name you avoid ambiguity. If we ever have multiple op-tee instance
>>> running, then it could easily be extend with a comma. So you allow
>>> backward compatibility.
>>
>> I considered this. But If I remember right, idea was to query Xen about
>> available TEE, and configure guest in the appropriate way. So "native"
>> (or some other generic way) could be used for OP-TEE, Google Trusty or
>> any other TEE, without changing guest configuration.
>>
>> Using "optee" will cause explicit configuration for OP-TEE only. I can't
>> say that this is good or bad. It just different. Do you think that would
>> be better approach?
>
> You have 2 different cases to take into account:
>- A guest is able to deal with all supported Trusted OS. So
> "native" will let the toolstack query the current Trusted OS and
> expose it to the guest.
>- A guest can only deal with a specific Trusted OS. In that case,
> the user might want to specify in the configuration the expected
> Trusted OS so it can't boot if not available.
>
> What I suggest is deferring the former case until we have another TEE
> in hand. Maybe at that time, we will have a better naming :).

Okay, so summarizing this up, you are proposing to use "optee". Am I got
you right?

-- 
Best regards,Volodymyr Babchuk
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg

2019-03-20 Thread Julien Grall


Hi,

On 20/03/2019 17:01, Volodymyr Babchuk wrote:


Julien Grall writes:


On 20/03/2019 15:27, Volodymyr Babchuk wrote:


Hello Julien,

Julien Grall writes:


On 07/03/2019 21:04, Volodymyr Babchuk wrote:

From: Volodymyr Babchuk 

This enumeration controls TEE type for a domain. Currently there is
two possible options: either 'none' or 'native'.

'none' is the default value and it basically disables TEE support at
all.

'native' enables access to a "real" TEE installed on a platform.


I am aware I made that suggestion. But I think the naming is not ideal
between the user and the toolstack. The question is how this is going
to fit with the S-EL2 feature where multiple TEE can run together?

You see, support for S-EL2 or support for multiple TEEs is a much broader
topic. For me, naming for configuration option is the least important
thing in this case :-)


Naming exposed to users are hard to remove. If the naming is too
ambiguous, then we will have to introduce a new option later on. This
is not very ideal, so it would be better if we can find something
different.



Right there is no clear vision how it will ever work. I scanned through
SPCI spec and I already have a couple of questions. I need to study it
harder to make serious statements, but I already see that current
mediator framework will hardly fit into SPCI stuff. Frankly, I have
concerns that OP-TEE (or any other existing TEE) will be compatible
with SPCI-enabled systems without major rework. So, we will need to do
big overhaul anyways, when there will appear first SPCI-compatible TEEs and
secure hypervisors.

AFAIK, there is no ARMv8.4 platforms, no S-EL2 hypervisors and so on. It
will take at least couple of years before S-EL2 will hit the market. So
in my opinion it is too early to make any assumptions on how to support
all this in Xen. Lets stick to the current matters.


I am fully aware that more work will need to be done with S-EL2. I am
not expecting you (or anyone else here) to come with the
implementation now. My point is the naming should be chosen so it
prevents ambiguity with whatever we know will come up in the future.



I'm not insisting on "native". But I can't invent something better right
now. Probably, SPCI-enabled TEE also will be considered "native" as
opposed to, say, "emulated". >
As I said, I can't come with anything better than "native". But I'm open
to any suggestions.


Well one solution is to ditch "native" and name it "optee". By giving
the name you avoid ambiguity. If we ever have multiple op-tee instance
running, then it could easily be extend with a comma. So you allow
backward compatibility.


I considered this. But If I remember right, idea was to query Xen about
available TEE, and configure guest in the appropriate way. So "native"
(or some other generic way) could be used for OP-TEE, Google Trusty or
any other TEE, without changing guest configuration.

Using "optee" will cause explicit configuration for OP-TEE only. I can't
say that this is good or bad. It just different. Do you think that would
be better approach?


You have 2 different cases to take into account:
   - A guest is able to deal with all supported Trusted OS. So "native" will 
let the toolstack query the current Trusted OS and expose it to the guest.
   - A guest can only deal with a specific Trusted OS. In that case, the user 
might want to specify in the configuration the expected Trusted OS so it can't 
boot if not available.


What I suggest is deferring the former case until we have another TEE in hand. 
Maybe at that time, we will have a better naming :).







AFAICT, TEE also exists on other architecture. So I am wondering
whether this field should be moved out of arch_arm?

In v3 thread you asked if I see any use for x86. Because in that version
this option was in common section. Honestly, I don't see any use there,
because I have no idea how this can be implemented on x86.


On the v3, I pointed out that the documentation was in Arm section but
the code was in common. When I asked a question, it does not mean I am
not happy with it. It only means I am trying to understand your choice
so I can make my mind on it. Sadly, you left it unanswered until now.


Oh, I see. My intention was to put this into ARM section. So, I
documented it in the right way, but did mistake, putting it into wrong
place in the xl/libxl code. It was my first patch to toolstack, so I
just didn't knew the right place.


In this context, I am not asking you how this is going to be
implemented but whether this option could potentially be used in the
future for other architecture (e.g x86, RISC-V...). For instance, the
option "device_tree" is part for common options despite it is only
implemented on Arm.


I believe to your experience there. If you think it is better to move
this into common code - I'll do this.


From my understanding, TEE [1] seems to be a rather generic name with some 
supports on various architectures. I can't rule out that other

Re: [Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg

2019-03-20 Thread Volodymyr Babchuk


Julien Grall writes:

> On 20/03/2019 15:27, Volodymyr Babchuk wrote:
>>
>> Hello Julien,
>>
>> Julien Grall writes:
>>
>>> On 07/03/2019 21:04, Volodymyr Babchuk wrote:
 From: Volodymyr Babchuk 

 This enumeration controls TEE type for a domain. Currently there is
 two possible options: either 'none' or 'native'.

 'none' is the default value and it basically disables TEE support at
 all.

 'native' enables access to a "real" TEE installed on a platform.
>>>
>>> I am aware I made that suggestion. But I think the naming is not ideal
>>> between the user and the toolstack. The question is how this is going
>>> to fit with the S-EL2 feature where multiple TEE can run together?
>> You see, support for S-EL2 or support for multiple TEEs is a much broader
>> topic. For me, naming for configuration option is the least important
>> thing in this case :-)
>
> Naming exposed to users are hard to remove. If the naming is too
> ambiguous, then we will have to introduce a new option later on. This
> is not very ideal, so it would be better if we can find something
> different.
>
>>
>> Right there is no clear vision how it will ever work. I scanned through
>> SPCI spec and I already have a couple of questions. I need to study it
>> harder to make serious statements, but I already see that current
>> mediator framework will hardly fit into SPCI stuff. Frankly, I have
>> concerns that OP-TEE (or any other existing TEE) will be compatible
>> with SPCI-enabled systems without major rework. So, we will need to do
>> big overhaul anyways, when there will appear first SPCI-compatible TEEs and
>> secure hypervisors.
>>
>> AFAIK, there is no ARMv8.4 platforms, no S-EL2 hypervisors and so on. It
>> will take at least couple of years before S-EL2 will hit the market. So
>> in my opinion it is too early to make any assumptions on how to support
>> all this in Xen. Lets stick to the current matters.
>
> I am fully aware that more work will need to be done with S-EL2. I am
> not expecting you (or anyone else here) to come with the
> implementation now. My point is the naming should be chosen so it
> prevents ambiguity with whatever we know will come up in the future.
>
>>
>> I'm not insisting on "native". But I can't invent something better right
>> now. Probably, SPCI-enabled TEE also will be considered "native" as
>> opposed to, say, "emulated". >
>> As I said, I can't come with anything better than "native". But I'm open
>> to any suggestions.
>
> Well one solution is to ditch "native" and name it "optee". By giving
> the name you avoid ambiguity. If we ever have multiple op-tee instance
> running, then it could easily be extend with a comma. So you allow
> backward compatibility.

I considered this. But If I remember right, idea was to query Xen about
available TEE, and configure guest in the appropriate way. So "native"
(or some other generic way) could be used for OP-TEE, Google Trusty or
any other TEE, without changing guest configuration.

Using "optee" will cause explicit configuration for OP-TEE only. I can't
say that this is good or bad. It just different. Do you think that would
be better approach?

>
>>> AFAICT, TEE also exists on other architecture. So I am wondering
>>> whether this field should be moved out of arch_arm?
>> In v3 thread you asked if I see any use for x86. Because in that version
>> this option was in common section. Honestly, I don't see any use there,
>> because I have no idea how this can be implemented on x86.
>
> On the v3, I pointed out that the documentation was in Arm section but
> the code was in common. When I asked a question, it does not mean I am
> not happy with it. It only means I am trying to understand your choice
> so I can make my mind on it. Sadly, you left it unanswered until now.

Oh, I see. My intention was to put this into ARM section. So, I
documented it in the right way, but did mistake, putting it into wrong
place in the xl/libxl code. It was my first patch to toolstack, so I
just didn't knew the right place.

> In this context, I am not asking you how this is going to be
> implemented but whether this option could potentially be used in the
> future for other architecture (e.g x86, RISC-V...). For instance, the
> option "device_tree" is part for common options despite it is only
> implemented on Arm.

I believe to your experience there. If you think it is better to move
this into common code - I'll do this.

--
Best regards,Volodymyr Babchuk
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg

2019-03-20 Thread Julien Grall




On 20/03/2019 15:27, Volodymyr Babchuk wrote:


Hello Julien,

Julien Grall writes:


On 07/03/2019 21:04, Volodymyr Babchuk wrote:

From: Volodymyr Babchuk 

This enumeration controls TEE type for a domain. Currently there is
two possible options: either 'none' or 'native'.

'none' is the default value and it basically disables TEE support at
all.

'native' enables access to a "real" TEE installed on a platform.


I am aware I made that suggestion. But I think the naming is not ideal
between the user and the toolstack. The question is how this is going
to fit with the S-EL2 feature where multiple TEE can run together?

You see, support for S-EL2 or support for multiple TEEs is a much broader
topic. For me, naming for configuration option is the least important
thing in this case :-)


Naming exposed to users are hard to remove. If the naming is too ambiguous, then 
we will have to introduce a new option later on. This is not very ideal, so it 
would be better if we can find something different.




Right there is no clear vision how it will ever work. I scanned through
SPCI spec and I already have a couple of questions. I need to study it
harder to make serious statements, but I already see that current
mediator framework will hardly fit into SPCI stuff. Frankly, I have
concerns that OP-TEE (or any other existing TEE) will be compatible
with SPCI-enabled systems without major rework. So, we will need to do
big overhaul anyways, when there will appear first SPCI-compatible TEEs and
secure hypervisors.

AFAIK, there is no ARMv8.4 platforms, no S-EL2 hypervisors and so on. It
will take at least couple of years before S-EL2 will hit the market. So
in my opinion it is too early to make any assumptions on how to support
all this in Xen. Lets stick to the current matters.


I am fully aware that more work will need to be done with S-EL2. I am not 
expecting you (or anyone else here) to come with the implementation now. My 
point is the naming should be chosen so it prevents ambiguity with whatever we 
know will come up in the future.




I'm not insisting on "native". But I can't invent something better right
now. Probably, SPCI-enabled TEE also will be considered "native" as
opposed to, say, "emulated". >
As I said, I can't come with anything better than "native". But I'm open
to any suggestions.


Well one solution is to ditch "native" and name it "optee". By giving the name 
you avoid ambiguity. If we ever have multiple op-tee instance running, then it 
could easily be extend with a comma. So you allow backward compatibility.



AFAICT, TEE also exists on other architecture. So I am wondering
whether this field should be moved out of arch_arm?

In v3 thread you asked if I see any use for x86. Because in that version
this option was in common section. Honestly, I don't see any use there,
because I have no idea how this can be implemented on x86. 


On the v3, I pointed out that the documentation was in Arm section but the code 
was in common. When I asked a question, it does not mean I am not happy with it. 
It only means I am trying to understand your choice so I can make my mind on it. 
Sadly, you left it unanswered until now.


In this context, I am not asking you how this is going to be implemented but 
whether this option could potentially be used in the future for other 
architecture (e.g x86, RISC-V...). For instance, the option "device_tree" is 
part for common options despite it is only implemented on Arm.


Cheers,

--
Julien Grall

___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg

2019-03-20 Thread Volodymyr Babchuk


Hello Julien,

Julien Grall writes:

> On 07/03/2019 21:04, Volodymyr Babchuk wrote:
>> From: Volodymyr Babchuk 
>>
>> This enumeration controls TEE type for a domain. Currently there is
>> two possible options: either 'none' or 'native'.
>>
>> 'none' is the default value and it basically disables TEE support at
>> all.
>>
>> 'native' enables access to a "real" TEE installed on a platform.
>
> I am aware I made that suggestion. But I think the naming is not ideal
> between the user and the toolstack. The question is how this is going
> to fit with the S-EL2 feature where multiple TEE can run together?
You see, support for S-EL2 or support for multiple TEEs is a much broader
topic. For me, naming for configuration option is the least important
thing in this case :-)

Right there is no clear vision how it will ever work. I scanned through
SPCI spec and I already have a couple of questions. I need to study it
harder to make serious statements, but I already see that current
mediator framework will hardly fit into SPCI stuff. Frankly, I have
concerns that OP-TEE (or any other existing TEE) will be compatible
with SPCI-enabled systems without major rework. So, we will need to do
big overhaul anyways, when there will appear first SPCI-compatible TEEs and
secure hypervisors.

AFAIK, there is no ARMv8.4 platforms, no S-EL2 hypervisors and so on. It
will take at least couple of years before S-EL2 will hit the market. So
in my opinion it is too early to make any assumptions on how to support
all this in Xen. Lets stick to the current matters.

I'm not insisting on "native". But I can't invent something better right
now. Probably, SPCI-enabled TEE also will be considered "native" as
opposed to, say, "emulated".

As I said, I can't come with anything better than "native". But I'm open
to any suggestions.

> I have CCed Achin to see he has any vision how this could be interfaced.
>
>>
>> It is possible to add another types in the future.
>>
>> Signed-off-by: Volodymyr Babchuk 
>> ---
>>
>>   All the patches to optee.c should be merged together. They were
>>   split to ease up review. But they depend heavily on each other.
>>
>>   Changes from v3:
>>- tee_enabled renamed to tee_type. Currently two types are supported
>>  as described in the commit message
>>- Add LIBXL_HAVE_BUILDINFO_ARCH_ARM_TEE definition
>>
>>   Changes from v2:
>>- Use arch.tee_enabled instead of separate domctl
>> ---
>>   docs/man/xl.cfg.5.pod.in| 12 
>>   tools/libxl/libxl.h |  5 +
>>   tools/libxl/libxl_arm.c | 13 +
>>   tools/libxl/libxl_types.idl |  6 ++
>>   tools/xl/xl_parse.c |  9 +
>>   5 files changed, 45 insertions(+)
>>
>> diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in
>> index ad81af1ed8..e15981882b 100644
>> --- a/docs/man/xl.cfg.5.pod.in
>> +++ b/docs/man/xl.cfg.5.pod.in
>> @@ -2702,6 +2702,18 @@ Currently, only the "sbsa_uart" model is supported 
>> for ARM.
>> =back
>>   +=over 4
>> +
>> +=item B
>> +
>> +Set TEE type for the guest. Currently only OP-TEE is supported. If
>> +this option is set to "native", xl will create guest, which can access
>> +native TEE on your system (just make sure that you are using OP-TEE
>> +with virtualization support endabled). Also OP-TEE node will be
>> +emitted into guest's device tree.
>> +
>> +=back
>> +
>>   =head3 x86
>> =over 4
>> diff --git a/tools/libxl/libxl.h b/tools/libxl/libxl.h
>> index a38e5cdba2..b24e4141b1 100644
>> --- a/tools/libxl/libxl.h
>> +++ b/tools/libxl/libxl.h
>> @@ -273,6 +273,11 @@
>>*/
>>   #define LIBXL_HAVE_BUILDINFO_ARM_GIC_VERSION 1
>>   +/*
>> + * libxl_domain_build_info has the arch_arm.tee field.
>> + */
>> +#define LIBXL_HAVE_BUILDINFO_ARCH_ARM_TEE 1
>> +
>>   /*
>>* LIBXL_HAVE_SOFT_RESET indicates that libxl supports performing
>>* 'soft reset' for domains and there is 'soft_reset' shutdown reason
>> diff --git a/tools/libxl/libxl_arm.c b/tools/libxl/libxl_arm.c
>> index 141e159043..6930d0ab3b 100644
>> --- a/tools/libxl/libxl_arm.c
>> +++ b/tools/libxl/libxl_arm.c
>> @@ -89,6 +89,19 @@ int libxl__arch_domain_prepare_config(libxl__gc *gc,
>>   return ERROR_FAIL;
>>   }
>>   +switch (d_config->b_info.arch_arm.tee) {
>> +case LIBXL_TEE_TYPE_NONE:
>> +config->arch.tee_type = XEN_DOMCTL_CONFIG_TEE_NONE;
>> +break;
>> +case LIBXL_TEE_TYPE_NATIVE:
>> +config->arch.tee_type = XEN_DOMCTL_CONFIG_TEE_NATIVE;
>> +break;
>> +default:
>> +LOG(ERROR, "Unknown TEE type %d",
>> +d_config->b_info.arch_arm.tee);
>> +return ERROR_FAIL;
>> +}
>> +
>>   return 0;
>>   }
>>   diff --git a/tools/libxl/libxl_types.idl
>> b/tools/libxl/libxl_types.idl
>> index b685ac47ac..4f1eb229b8 100644
>> --- a/tools/libxl/libxl_types.idl
>> +++ b/tools/libxl/libxl_types.idl
>> @@ -457,6 +457,11 @@ libxl_gic_version = Enumeration("gic_version", [
>>   (0x30, "v3")
>>   ], init_val

Re: [Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg

2019-03-19 Thread Achin Gupta

Hi Julien,

On Mon, Mar 18, 2019 at 03:49:12PM +, Julien Grall wrote:
> (+ Achin)
>
> On 07/03/2019 21:04, Volodymyr Babchuk wrote:
> > From: Volodymyr Babchuk 
> >
> > This enumeration controls TEE type for a domain. Currently there is
> > two possible options: either 'none' or 'native'.
> >
> > 'none' is the default value and it basically disables TEE support at
> > all.
> >
> > 'native' enables access to a "real" TEE installed on a platform.
>
> I am aware I made that suggestion. But I think the naming is not ideal
> between the user and the toolstack. The question is how this is going to fit
> with the S-EL2 feature where multiple TEE can run together?
>
> I have CCed Achin to see he has any vision how this could be interfaced.

Thanks.

Multiple TEEs (or rather Trusted OSs) can coexist on Armv8.3 and earlier. They
will not be isolated but play along nicely.

The intent is that prior to S-EL2 and multiple TOSs, each TOS will migrate to
using the SPCI spec. At this stage, there should be no need for a TOS specific
mediator in the Hypervisor. IOW, there should be a "generic" SPCI
mediator. Maybe, we can add a TEE type 'generic' later to enable access to any
TEE through this generic interface?

Support for multiple TOSs has raised other questions that we are trying to
address e.g. dependencies between them or on guests in Nwd, impact on scheduling
decisions made by Nwd etc. Support for OP-TEE in this patch stack does not need
to answer these just yet it seems. It is more likely that we will have to tackle
support for multiple TEEs afresh rather than treating it as an extension of
support for a specific TOS.

Happy to discuss further and I hope this helps in some way.

cheers,
Achin


>
> >
> > It is possible to add another types in the future.
> >
> > Signed-off-by: Volodymyr Babchuk 
> > ---
> >
> >   All the patches to optee.c should be merged together. They were
> >   split to ease up review. But they depend heavily on each other.
> >
> >   Changes from v3:
> >- tee_enabled renamed to tee_type. Currently two types are supported
> >  as described in the commit message
> >- Add LIBXL_HAVE_BUILDINFO_ARCH_ARM_TEE definition
> >
> >   Changes from v2:
> >- Use arch.tee_enabled instead of separate domctl
> > ---
> >   docs/man/xl.cfg.5.pod.in| 12 
> >   tools/libxl/libxl.h |  5 +
> >   tools/libxl/libxl_arm.c | 13 +
> >   tools/libxl/libxl_types.idl |  6 ++
> >   tools/xl/xl_parse.c |  9 +
> >   5 files changed, 45 insertions(+)
> >
> > diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in
> > index ad81af1ed8..e15981882b 100644
> > --- a/docs/man/xl.cfg.5.pod.in
> > +++ b/docs/man/xl.cfg.5.pod.in
> > @@ -2702,6 +2702,18 @@ Currently, only the "sbsa_uart" model is supported 
> > for ARM.
> >   =back
> > +=over 4
> > +
> > +=item B
> > +
> > +Set TEE type for the guest. Currently only OP-TEE is supported. If
> > +this option is set to "native", xl will create guest, which can access
> > +native TEE on your system (just make sure that you are using OP-TEE
> > +with virtualization support endabled). Also OP-TEE node will be
> > +emitted into guest's device tree.
> > +
> > +=back
> > +
> >   =head3 x86
> >   =over 4
> > diff --git a/tools/libxl/libxl.h b/tools/libxl/libxl.h
> > index a38e5cdba2..b24e4141b1 100644
> > --- a/tools/libxl/libxl.h
> > +++ b/tools/libxl/libxl.h
> > @@ -273,6 +273,11 @@
> >*/
> >   #define LIBXL_HAVE_BUILDINFO_ARM_GIC_VERSION 1
> > +/*
> > + * libxl_domain_build_info has the arch_arm.tee field.
> > + */
> > +#define LIBXL_HAVE_BUILDINFO_ARCH_ARM_TEE 1
> > +
> >   /*
> >* LIBXL_HAVE_SOFT_RESET indicates that libxl supports performing
> >* 'soft reset' for domains and there is 'soft_reset' shutdown reason
> > diff --git a/tools/libxl/libxl_arm.c b/tools/libxl/libxl_arm.c
> > index 141e159043..6930d0ab3b 100644
> > --- a/tools/libxl/libxl_arm.c
> > +++ b/tools/libxl/libxl_arm.c
> > @@ -89,6 +89,19 @@ int libxl__arch_domain_prepare_config(libxl__gc *gc,
> >   return ERROR_FAIL;
> >   }
> > +switch (d_config->b_info.arch_arm.tee) {
> > +case LIBXL_TEE_TYPE_NONE:
> > +config->arch.tee_type = XEN_DOMCTL_CONFIG_TEE_NONE;
> > +break;
> > +case LIBXL_TEE_TYPE_NATIVE:
> > +config->arch.tee_type = XEN_DOMCTL_CONFIG_TEE_NATIVE;
> > +break;
> > +default:
> > +LOG(ERROR, "Unknown TEE type %d",
> > +d_config->b_info.arch_arm.tee);
> > +return ERROR_FAIL;
> > +}
> > +
> >   return 0;
> >   }
> > diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl
> > index b685ac47ac..4f1eb229b8 100644
> > --- a/tools/libxl/libxl_types.idl
> > +++ b/tools/libxl/libxl_types.idl
> > @@ -457,6 +457,11 @@ libxl_gic_version = Enumeration("gic_version", [
> >   (0x30, "v3")
> >   ], init_val = "LIBXL_GIC_VERSION_DEFAULT")
> > +libxl_tee_type = Enumeration("tee_type", [
> > +(0, "none"),
> > +

Re: [Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg

2019-03-18 Thread Julien Grall


(+ Achin)

On 07/03/2019 21:04, Volodymyr Babchuk wrote:

From: Volodymyr Babchuk 

This enumeration controls TEE type for a domain. Currently there is
two possible options: either 'none' or 'native'.

'none' is the default value and it basically disables TEE support at
all.

'native' enables access to a "real" TEE installed on a platform.


I am aware I made that suggestion. But I think the naming is not ideal between 
the user and the toolstack. The question is how this is going to fit with the 
S-EL2 feature where multiple TEE can run together?


I have CCed Achin to see he has any vision how this could be interfaced.



It is possible to add another types in the future.

Signed-off-by: Volodymyr Babchuk 
---

  All the patches to optee.c should be merged together. They were
  split to ease up review. But they depend heavily on each other.

  Changes from v3:
   - tee_enabled renamed to tee_type. Currently two types are supported
 as described in the commit message
   - Add LIBXL_HAVE_BUILDINFO_ARCH_ARM_TEE definition

  Changes from v2:
   - Use arch.tee_enabled instead of separate domctl
---
  docs/man/xl.cfg.5.pod.in| 12 
  tools/libxl/libxl.h |  5 +
  tools/libxl/libxl_arm.c | 13 +
  tools/libxl/libxl_types.idl |  6 ++
  tools/xl/xl_parse.c |  9 +
  5 files changed, 45 insertions(+)

diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in
index ad81af1ed8..e15981882b 100644
--- a/docs/man/xl.cfg.5.pod.in
+++ b/docs/man/xl.cfg.5.pod.in
@@ -2702,6 +2702,18 @@ Currently, only the "sbsa_uart" model is supported for 
ARM.
  
  =back
  
+=over 4

+
+=item B
+
+Set TEE type for the guest. Currently only OP-TEE is supported. If
+this option is set to "native", xl will create guest, which can access
+native TEE on your system (just make sure that you are using OP-TEE
+with virtualization support endabled). Also OP-TEE node will be
+emitted into guest's device tree.
+
+=back
+
  =head3 x86
  
  =over 4

diff --git a/tools/libxl/libxl.h b/tools/libxl/libxl.h
index a38e5cdba2..b24e4141b1 100644
--- a/tools/libxl/libxl.h
+++ b/tools/libxl/libxl.h
@@ -273,6 +273,11 @@
   */
  #define LIBXL_HAVE_BUILDINFO_ARM_GIC_VERSION 1
  
+/*

+ * libxl_domain_build_info has the arch_arm.tee field.
+ */
+#define LIBXL_HAVE_BUILDINFO_ARCH_ARM_TEE 1
+
  /*
   * LIBXL_HAVE_SOFT_RESET indicates that libxl supports performing
   * 'soft reset' for domains and there is 'soft_reset' shutdown reason
diff --git a/tools/libxl/libxl_arm.c b/tools/libxl/libxl_arm.c
index 141e159043..6930d0ab3b 100644
--- a/tools/libxl/libxl_arm.c
+++ b/tools/libxl/libxl_arm.c
@@ -89,6 +89,19 @@ int libxl__arch_domain_prepare_config(libxl__gc *gc,
  return ERROR_FAIL;
  }
  
+switch (d_config->b_info.arch_arm.tee) {

+case LIBXL_TEE_TYPE_NONE:
+config->arch.tee_type = XEN_DOMCTL_CONFIG_TEE_NONE;
+break;
+case LIBXL_TEE_TYPE_NATIVE:
+config->arch.tee_type = XEN_DOMCTL_CONFIG_TEE_NATIVE;
+break;
+default:
+LOG(ERROR, "Unknown TEE type %d",
+d_config->b_info.arch_arm.tee);
+return ERROR_FAIL;
+}
+
  return 0;
  }
  
diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl

index b685ac47ac..4f1eb229b8 100644
--- a/tools/libxl/libxl_types.idl
+++ b/tools/libxl/libxl_types.idl
@@ -457,6 +457,11 @@ libxl_gic_version = Enumeration("gic_version", [
  (0x30, "v3")
  ], init_val = "LIBXL_GIC_VERSION_DEFAULT")
  
+libxl_tee_type = Enumeration("tee_type", [

+(0, "none"),
+(1, "native")
+], init_val = "LIBXL_TEE_TYPE_NONE")
+
  libxl_rdm_reserve = Struct("rdm_reserve", [
  ("strategy",libxl_rdm_reserve_strategy),
  ("policy",  libxl_rdm_reserve_policy),
@@ -615,6 +620,7 @@ libxl_domain_build_info = Struct("domain_build_info",[
  
  ("arch_arm", Struct(None, [("gic_version", libxl_gic_version),

 ("vuart", libxl_vuart_type),
+   ("tee",  libxl_tee_type),


AFAICT, TEE also exists on other architecture. So I am wondering whether this 
field should be moved out of arch_arm?


Cheers,

--
Julien Grall

___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg

2019-03-07 Thread Volodymyr Babchuk

From: Volodymyr Babchuk 

This enumeration controls TEE type for a domain. Currently there is
two possible options: either 'none' or 'native'.

'none' is the default value and it basically disables TEE support at
all.

'native' enables access to a "real" TEE installed on a platform.

It is possible to add another types in the future.

Signed-off-by: Volodymyr Babchuk 
---

 All the patches to optee.c should be merged together. They were
 split to ease up review. But they depend heavily on each other.

 Changes from v3:
  - tee_enabled renamed to tee_type. Currently two types are supported
as described in the commit message
  - Add LIBXL_HAVE_BUILDINFO_ARCH_ARM_TEE definition

 Changes from v2:
  - Use arch.tee_enabled instead of separate domctl
---
 docs/man/xl.cfg.5.pod.in| 12 
 tools/libxl/libxl.h |  5 +
 tools/libxl/libxl_arm.c | 13 +
 tools/libxl/libxl_types.idl |  6 ++
 tools/xl/xl_parse.c |  9 +
 5 files changed, 45 insertions(+)

diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in
index ad81af1ed8..e15981882b 100644
--- a/docs/man/xl.cfg.5.pod.in
+++ b/docs/man/xl.cfg.5.pod.in
@@ -2702,6 +2702,18 @@ Currently, only the "sbsa_uart" model is supported for 
ARM.
 
 =back
 
+=over 4
+
+=item B
+
+Set TEE type for the guest. Currently only OP-TEE is supported. If
+this option is set to "native", xl will create guest, which can access
+native TEE on your system (just make sure that you are using OP-TEE
+with virtualization support endabled). Also OP-TEE node will be
+emitted into guest's device tree.
+
+=back
+
 =head3 x86
 
 =over 4
diff --git a/tools/libxl/libxl.h b/tools/libxl/libxl.h
index a38e5cdba2..b24e4141b1 100644
--- a/tools/libxl/libxl.h
+++ b/tools/libxl/libxl.h
@@ -273,6 +273,11 @@
  */
 #define LIBXL_HAVE_BUILDINFO_ARM_GIC_VERSION 1
 
+/*
+ * libxl_domain_build_info has the arch_arm.tee field.
+ */
+#define LIBXL_HAVE_BUILDINFO_ARCH_ARM_TEE 1
+
 /*
  * LIBXL_HAVE_SOFT_RESET indicates that libxl supports performing
  * 'soft reset' for domains and there is 'soft_reset' shutdown reason
diff --git a/tools/libxl/libxl_arm.c b/tools/libxl/libxl_arm.c
index 141e159043..6930d0ab3b 100644
--- a/tools/libxl/libxl_arm.c
+++ b/tools/libxl/libxl_arm.c
@@ -89,6 +89,19 @@ int libxl__arch_domain_prepare_config(libxl__gc *gc,
 return ERROR_FAIL;
 }
 
+switch (d_config->b_info.arch_arm.tee) {
+case LIBXL_TEE_TYPE_NONE:
+config->arch.tee_type = XEN_DOMCTL_CONFIG_TEE_NONE;
+break;
+case LIBXL_TEE_TYPE_NATIVE:
+config->arch.tee_type = XEN_DOMCTL_CONFIG_TEE_NATIVE;
+break;
+default:
+LOG(ERROR, "Unknown TEE type %d",
+d_config->b_info.arch_arm.tee);
+return ERROR_FAIL;
+}
+
 return 0;
 }
 
diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl
index b685ac47ac..4f1eb229b8 100644
--- a/tools/libxl/libxl_types.idl
+++ b/tools/libxl/libxl_types.idl
@@ -457,6 +457,11 @@ libxl_gic_version = Enumeration("gic_version", [
 (0x30, "v3")
 ], init_val = "LIBXL_GIC_VERSION_DEFAULT")
 
+libxl_tee_type = Enumeration("tee_type", [
+(0, "none"),
+(1, "native")
+], init_val = "LIBXL_TEE_TYPE_NONE")
+
 libxl_rdm_reserve = Struct("rdm_reserve", [
 ("strategy",libxl_rdm_reserve_strategy),
 ("policy",  libxl_rdm_reserve_policy),
@@ -615,6 +620,7 @@ libxl_domain_build_info = Struct("domain_build_info",[
 
 ("arch_arm", Struct(None, [("gic_version", libxl_gic_version),
("vuart", libxl_vuart_type),
+   ("tee",  libxl_tee_type),
   ])),
 # Alternate p2m is not bound to any architecture or guest type, as it is
 # supported by x86 HVM and ARM support is planned.
diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c
index 352cd214dd..c27e7ae1f0 100644
--- a/tools/xl/xl_parse.c
+++ b/tools/xl/xl_parse.c
@@ -2690,6 +2690,15 @@ skip_usbdev:
 }
 }
 
+if (!xlu_cfg_get_string (config, "tee", , 1)) {
+e = libxl_tee_type_from_string(buf, _info->arch_arm.tee);
+if (e) {
+fprintf(stderr,
+"Unknown tee \"%s\" specified\n", buf);
+exit(-ERROR_FAIL);
+}
+}
+
 parse_vkb_list(config, d_config);
 
 xlu_cfg_destroy(config);
-- 
2.21.0

___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg

Re: [Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg

Re: [Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg

Re: [Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg

Re: [Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg

Re: [Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg

Re: [Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg

Re: [Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg

[Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg

9 matches

Site Navigation

Mail list logo

Footer information