mbox series

[v6,00/10] TEE mediator (and OP-TEE) support in XEN

Message ID 20190611184541.7281-1-volodymyr_babchuk@epam.com (mailing list archive)
Headers show
Series TEE mediator (and OP-TEE) support in XEN | expand

Message

Volodymyr Babchuk June 11, 2019, 6:46 p.m. UTC 
Hello community,

This is the next version of OP-TEE support series.

In case of any issues with mail (Julien Grall had some troubles with =20
sequences in the patches, thanks to our corporate Exchange, I assume),
this series can be pulled from [4].

Note: I deliberately removed Jan Beulich from CC list, because he
explicitly indicated that he is not interested in this series ([5]).

List of changes is below. More specific changes are described along
with the corresponding patches.

===
v5:
 - Series rebased to staging branch instead of master one.
 - OP-TEE protocol headers was taken from OP-TEE tree instead of
   Linux one
 - Added acked-by tags
 - Fixed (and tested) issue when XEN would not boot if it is build
   with CONFIG_TEE=n

====
v4:
 - Substantial rework of OP-TEE mediator. Now it tries to return meaningful
   error codes back to the guest.
 - OP-TEE mediator does not use struct cpu_user_regs as a storage for
   parameters and return values when calling OP-TEE. This makes it
   compatbile with requirement from SMCCC.
 - tee=native option replaced with tee=optee
 - Authorship and s-o-b tag reset to my EPAM mail address

====
v3:
 - Patch "arm: add tee_enabled flag to xen_arch_domainconfig" was
   squashed into "xen/arm: add generic TEE mediator framework"
 - I implemented more elaborate error repoting to a guest. Now guest
   will get meaningful error codes instead of generic
   ARM_SMCCC_ERR_UNKNOWN_FUNCTION.

====
v2:
 - Use domain flags insted of domctl interface to enable optee for guests
 - Remove patch "libxc: add xc_dom_tee_enable(...) function" because
   of previous change
 - Mediator now stores own context in arch part of struct domain, so
   I removed patch "optee: add domain contexts"

Per-patch changes are described in corresponding emails.

====
v2:

This is v2 of patch series for OP-TEE mediator support in XEN. Changes from v1:

 - Added domctl interface, so now xl decides what domain should work with TEE
 - Removed XSM support due to change described above
 - Patch with OP-TEE mediator was splited to 7 separate patches
 - Removed patch with call_smccc() function. Now this series depend on
   Julien Grall's series "xen/arm: SMCCC fixup and improvement" [3]

=====
v1:

This is follow for patch series [1]. There was lots of discussions
for that series and I tried to address all of them in this new patchset.

Currently, I had a working solution for OP-TEE virtualization and it is being
upstreamed right now ([2]). So, I think it is a good time to introduce support
in XEN as well.

This series include generic TEE mediator framework and full-scale OP-TEE mediator
which is working with mentioned chages in OP-TEE. So, multiple domains can
work simultaneously with OP-TEE.

I added XSM support, so now it is possible to control which domains can work
with TEEs. Also I changed way how TEE discovery is done. Now  it is very
generic and should support any platform.

[1] https://lists.xenproject.org/archives/html/xen-devel/2017-10/msg01451.html
[2] https://github.com/OP-TEE/optee_os/pull/2370
[3] https://lists.xenproject.org/archives/html/xen-devel/2018-08/msg02138.html
[4] https://github.com/lorc/xen/tree/optee_v6
[5] https://lists.xenproject.org/archives/html/xen-devel/2019-05/msg01805.html

Volodymyr Babchuk (10):
  xen/arm: add generic TEE mediator framework
  xen/arm: optee: add OP-TEE header files
  xen/arm: optee: add OP-TEE mediator skeleton
  xen/arm: optee: add fast calls handling
  xen/arm: optee: add std call handling
  xen/arm: optee: add support for RPC SHM buffers
  xen/arm: optee: add support for arbitrary shared memory
  xen/arm: optee: add support for RPC commands
  tools/arm: tee: add "tee" option for xl.cfg
  tools/arm: optee: create optee firmware node in DT if tee=optee

 MAINTAINERS                             |    6 +
 docs/man/xl.cfg.5.pod.in                |   21 +
 tools/libxl/libxl.h                     |    5 +
 tools/libxl/libxl_arm.c                 |   42 +
 tools/libxl/libxl_types.idl             |    6 +
 tools/xl/xl_parse.c                     |    9 +
 xen/arch/arm/Kconfig                    |    9 +
 xen/arch/arm/Makefile                   |    1 +
 xen/arch/arm/domain.c                   |   19 +
 xen/arch/arm/setup.c                    |    2 +
 xen/arch/arm/tee/Kconfig                |    4 +
 xen/arch/arm/tee/Makefile               |    2 +
 xen/arch/arm/tee/optee.c                | 1540 +++++++++++++++++++++++
 xen/arch/arm/tee/tee.c                  |   98 ++
 xen/arch/arm/vsmc.c                     |    5 +
 xen/arch/arm/xen.lds.S                  |    7 +
 xen/include/asm-arm/domain.h            |    4 +
 xen/include/asm-arm/tee/optee_msg.h     |  310 +++++
 xen/include/asm-arm/tee/optee_rpc_cmd.h |  318 +++++
 xen/include/asm-arm/tee/optee_smc.h     |  564 +++++++++
 xen/include/asm-arm/tee/tee.h           |  112 ++
 xen/include/public/arch-arm.h           |    6 +
 22 files changed, 3090 insertions(+)
 create mode 100644 xen/arch/arm/tee/Kconfig
 create mode 100644 xen/arch/arm/tee/Makefile
 create mode 100644 xen/arch/arm/tee/optee.c
 create mode 100644 xen/arch/arm/tee/tee.c
 create mode 100644 xen/include/asm-arm/tee/optee_msg.h
 create mode 100644 xen/include/asm-arm/tee/optee_rpc_cmd.h
 create mode 100644 xen/include/asm-arm/tee/optee_smc.h
 create mode 100644 xen/include/asm-arm/tee/tee.h

Comments

Julien Grall June 19, 2019, 11:08 a.m. UTC | #1 
Hello Volodymyr,

On 11/06/2019 19:46, Volodymyr Babchuk wrote:
> Volodymyr Babchuk (10):
>    xen/arm: add generic TEE mediator framework
>    xen/arm: optee: add OP-TEE header files
>    xen/arm: optee: add OP-TEE mediator skeleton
>    xen/arm: optee: add fast calls handling
>    xen/arm: optee: add std call handling
>    xen/arm: optee: add support for RPC SHM buffers
>    xen/arm: optee: add support for arbitrary shared memory
>    xen/arm: optee: add support for RPC commands

I have committed the first 8 patches.

>    tools/arm: tee: add "tee" option for xl.cfg
>    tools/arm: optee: create optee firmware node in DT if tee=optee

Please resend the last two patches with the comments addressed and follow-up on 
the others couple of improvements (docs and code) I suggested.

Cheers,

> 
>   MAINTAINERS                             |    6 +
>   docs/man/xl.cfg.5.pod.in                |   21 +
>   tools/libxl/libxl.h                     |    5 +
>   tools/libxl/libxl_arm.c                 |   42 +
>   tools/libxl/libxl_types.idl             |    6 +
>   tools/xl/xl_parse.c                     |    9 +
>   xen/arch/arm/Kconfig                    |    9 +
>   xen/arch/arm/Makefile                   |    1 +
>   xen/arch/arm/domain.c                   |   19 +
>   xen/arch/arm/setup.c                    |    2 +
>   xen/arch/arm/tee/Kconfig                |    4 +
>   xen/arch/arm/tee/Makefile               |    2 +
>   xen/arch/arm/tee/optee.c                | 1540 +++++++++++++++++++++++
>   xen/arch/arm/tee/tee.c                  |   98 ++
>   xen/arch/arm/vsmc.c                     |    5 +
>   xen/arch/arm/xen.lds.S                  |    7 +
>   xen/include/asm-arm/domain.h            |    4 +
>   xen/include/asm-arm/tee/optee_msg.h     |  310 +++++
>   xen/include/asm-arm/tee/optee_rpc_cmd.h |  318 +++++
>   xen/include/asm-arm/tee/optee_smc.h     |  564 +++++++++
>   xen/include/asm-arm/tee/tee.h           |  112 ++
>   xen/include/public/arch-arm.h           |    6 +
>   22 files changed, 3090 insertions(+)
>   create mode 100644 xen/arch/arm/tee/Kconfig
>   create mode 100644 xen/arch/arm/tee/Makefile
>   create mode 100644 xen/arch/arm/tee/optee.c
>   create mode 100644 xen/arch/arm/tee/tee.c
>   create mode 100644 xen/include/asm-arm/tee/optee_msg.h
>   create mode 100644 xen/include/asm-arm/tee/optee_rpc_cmd.h
>   create mode 100644 xen/include/asm-arm/tee/optee_smc.h
>   create mode 100644 xen/include/asm-arm/tee/tee.h
>