From patchwork Tue Jun 11 18:46:46 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 10988143 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CFC5213AF for ; Tue, 11 Jun 2019 18:48:12 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C21BC28389 for ; Tue, 11 Jun 2019 18:48:12 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B6427286AD; Tue, 11 Jun 2019 18:48:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id D540A28389 for ; Tue, 11 Jun 2019 18:48:10 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1halnI-0006TH-0v; Tue, 11 Jun 2019 18:46:52 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1halnG-0006S3-5L for xen-devel@lists.xenproject.org; Tue, 11 Jun 2019 18:46:50 +0000 X-Inumbo-ID: 44937fc5-8c79-11e9-8980-bc764e045a96 Received: from EUR02-AM5-obe.outbound.protection.outlook.com (unknown [40.107.0.43]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id 44937fc5-8c79-11e9-8980-bc764e045a96; Tue, 11 Jun 2019 18:46:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HDKIezxP75fYhdAbC976NCtXvcAVTe85UNDXAjVs+DM=; b=eneXWRmUe2hcI0A0hTlU8/sOWuoeqZknlJhjuWso0iilv6T+WqzNrczOmk3OTwjDTSgilq9cDQL5bAJzomcrxoX/SfOlFcri7eEcrbmVjlCA3wTqJJnCQZf+r7uNTSDec+xDwUrbmwxEL3Z4CjQWXumYKFTBd3ckLqBz9et1qd5aVC2CcTtAm/DZEHSK+f+WjMYXHUzs35pgMZ6KhFSyHfNQfQNopujygMX1Q+WVH2nEcP+bcS6fkK+x/WuzUJgoE0QuJIeSGD9dhwL7PE5lQho9u1q/4qBzaKmiZlC38oRTPG98169KxOCGIJapUgkdSNgR5ho6cME8JGEX7ia0kA== Received: from AM0PR03MB4148.eurprd03.prod.outlook.com (20.176.214.210) by AM0PR03MB4020.eurprd03.prod.outlook.com (52.135.147.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1965.17; Tue, 11 Jun 2019 18:46:46 +0000 Received: from AM0PR03MB4148.eurprd03.prod.outlook.com ([fe80::d09e:ef3:88b6:b1eb]) by AM0PR03MB4148.eurprd03.prod.outlook.com ([fe80::d09e:ef3:88b6:b1eb%7]) with mapi id 15.20.1965.011; Tue, 11 Jun 2019 18:46:46 +0000 From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" Thread-Topic: [PATCH v6 09/10] tools/arm: tee: add "tee" option for xl.cfg Thread-Index: AQHVIIYF6TDvIT4pIEiasF2jZbMN/A== Date: Tue, 11 Jun 2019 18:46:46 +0000 Message-ID: <20190611184541.7281-10-volodymyr_babchuk@epam.com> References: <20190611184541.7281-1-volodymyr_babchuk@epam.com> In-Reply-To: <20190611184541.7281-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Volodymyr_Babchuk@epam.com; x-originating-ip: [85.223.209.22] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 60258be5-6fd0-4d1e-32c6-08d6ee9d2818 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:AM0PR03MB4020; x-ms-traffictypediagnostic: AM0PR03MB4020: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:529; x-forefront-prvs: 006546F32A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(376002)(346002)(396003)(366004)(136003)(199004)(189003)(2351001)(14444005)(54906003)(86362001)(1076003)(256004)(316002)(71200400001)(11346002)(6916009)(2616005)(476003)(71190400001)(486006)(446003)(2501003)(5660300002)(6116002)(80792005)(7736002)(305945005)(99286004)(3846002)(26005)(53936002)(66946007)(4326008)(6436002)(6506007)(76116006)(76176011)(68736007)(8936002)(36756003)(73956011)(72206003)(25786009)(102836004)(186003)(6486002)(6512007)(55236004)(91956017)(8676002)(64756008)(66556008)(66476007)(66066001)(2906002)(14454004)(81156014)(81166006)(478600001)(66446008)(5640700003); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR03MB4020; H:AM0PR03MB4148.eurprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: epam.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: QZ3pU1cL9YW5cdw7bh6r0r4jC0CnZn3oHY7hZWpClHxV1i2pxlj2HAtnMHrxkdMG/I+mthhbhoEYEZyjrM8U1uPhdttjhMpDk1z7jW6P1uPjr6y5rUqJqTxGagUAsqBuR9QK/lY8vRRQ8NT3HfXRM6lBQ1dI8yx/xUbdU3kMZx9mJwfjv9DNC2TTnI7hgdPzT92MWVS4SjG1SdnXWnGfMUeFPHOOPNcn1aBXqk3LablJrwkbxMuv7eFf7Ad1tU0yEPwTVyOVuSAwAJtEzmeR4c/S0I+LbI7S3DwFOuzkrCqkbqXF4AcpPf/pD6d6AvL59ca2d7HRYz3VU5nPuYl01NCRIx8KmLPeXQn11HjBLsUk82nKZaAcPQOwtxOrNomAO2w0sDPcpvV22MxSqUAcjk3b4yr1jByjKyhyFqhhQyk= MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-Network-Message-Id: 60258be5-6fd0-4d1e-32c6-08d6ee9d2818 X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jun 2019 18:46:46.8165 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Volodymyr_Babchuk@epam.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR03MB4020 Subject: [Xen-devel] [PATCH v6 09/10] tools/arm: tee: add "tee" option for xl.cfg X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "tee-dev@lists.linaro.org" , Ian Jackson , Volodymyr Babchuk , Wei Liu Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP This enumeration controls TEE type for a domain. Currently there is two possible options: either 'none' or 'optee'. 'none' is the default value and it basically disables TEE support at all. 'optee' enables access to the OP-TEE running on a host machine. This requires special OP-TEE build with virtualization support enabled. Signed-off-by: Volodymyr Babchuk --- All the patches to optee.c should be merged together. They were split to ease up review. But they depend heavily on each other. Changes from v5: - Replaced "native" with "optee" in the commit description. - Updated and extended documentation based on Julien Grall's and Ian Jackson's suggestions. Changes from v4: - "native" option was replaced with "optee" - "tee" property was moved from arch-specific section to the global one. Documentation moved inside "Devices" section. Changes from v3: - tee_enabled renamed to tee_type. Currently two types are supported as described in the commit message - Add LIBXL_HAVE_BUILDINFO_ARCH_ARM_TEE definition Changes from v2: - Use arch.tee_enabled instead of separate domctl --- docs/man/xl.cfg.5.pod.in | 21 +++++++++++++++++++++ tools/libxl/libxl.h | 5 +++++ tools/libxl/libxl_arm.c | 13 +++++++++++++ tools/libxl/libxl_types.idl | 6 ++++++ tools/xl/xl_parse.c | 9 +++++++++ 5 files changed, 54 insertions(+) diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in index c99d40307e..e65ab6111f 100644 --- a/docs/man/xl.cfg.5.pod.in +++ b/docs/man/xl.cfg.5.pod.in @@ -1544,6 +1544,27 @@ Set maximum height for pointer device. =back +=item B + +B Set TEE type for the guest. TEE is a Trusted Execution +Environment -- separate secure OS found on some platforms. B can be one of the: + +=over 4 + +=item B + +Disable TEE support at all. This is the default value. + +=item B + +Allow a guest to use OP-TEE. Note that a virtualization-aware OP-TEE +is required for this. If this option is selected, guest will be able +to access to the real OP-TEE OS running on the host. Guest creation +will fail if OP-TEE have no resources for a new guest. Number of supported +guests depends on OP-TEE configuration. + +=back + =back =head2 Paravirtualised (PV) Guest Specific Options diff --git a/tools/libxl/libxl.h b/tools/libxl/libxl.h index 9bacfb97f0..1fe6ea2bd8 100644 --- a/tools/libxl/libxl.h +++ b/tools/libxl/libxl.h @@ -273,6 +273,11 @@ */ #define LIBXL_HAVE_BUILDINFO_ARM_GIC_VERSION 1 +/* + * libxl_domain_build_info has the arch_arm.tee field. + */ +#define LIBXL_HAVE_BUILDINFO_ARCH_ARM_TEE 1 + /* * LIBXL_HAVE_SOFT_RESET indicates that libxl supports performing * 'soft reset' for domains and there is 'soft_reset' shutdown reason diff --git a/tools/libxl/libxl_arm.c b/tools/libxl/libxl_arm.c index 141e159043..6b72c00960 100644 --- a/tools/libxl/libxl_arm.c +++ b/tools/libxl/libxl_arm.c @@ -89,6 +89,19 @@ int libxl__arch_domain_prepare_config(libxl__gc *gc, return ERROR_FAIL; } + switch (d_config->b_info.tee) { + case LIBXL_TEE_TYPE_NONE: + config->arch.tee_type = XEN_DOMCTL_CONFIG_TEE_NONE; + break; + case LIBXL_TEE_TYPE_OPTEE: + config->arch.tee_type = XEN_DOMCTL_CONFIG_TEE_OPTEE; + break; + default: + LOG(ERROR, "Unknown TEE type %d", + d_config->b_info.tee); + return ERROR_FAIL; + } + return 0; } diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl index b61399ce36..fa5ee65463 100644 --- a/tools/libxl/libxl_types.idl +++ b/tools/libxl/libxl_types.idl @@ -460,6 +460,11 @@ libxl_gic_version = Enumeration("gic_version", [ (0x30, "v3") ], init_val = "LIBXL_GIC_VERSION_DEFAULT") +libxl_tee_type = Enumeration("tee_type", [ + (0, "none"), + (1, "optee") + ], init_val = "LIBXL_TEE_TYPE_NONE") + libxl_rdm_reserve = Struct("rdm_reserve", [ ("strategy", libxl_rdm_reserve_strategy), ("policy", libxl_rdm_reserve_policy), @@ -537,6 +542,7 @@ libxl_domain_build_info = Struct("domain_build_info",[ ("nested_hvm", libxl_defbool), ("apic", libxl_defbool), ("dm_restrict", libxl_defbool), + ("tee", libxl_tee_type), ("u", KeyedUnion(None, libxl_domain_type, "type", [("hvm", Struct(None, [("firmware", string), ("bios", libxl_bios_type), diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c index e105bda2bb..0604374ef3 100644 --- a/tools/xl/xl_parse.c +++ b/tools/xl/xl_parse.c @@ -2691,6 +2691,15 @@ skip_usbdev: } } + if (!xlu_cfg_get_string (config, "tee", &buf, 1)) { + e = libxl_tee_type_from_string(buf, &b_info->tee); + if (e) { + fprintf(stderr, + "Unknown tee \"%s\" specified\n", buf); + exit(-ERROR_FAIL); + } + } + parse_vkb_list(config, d_config); xlu_cfg_destroy(config);