From patchwork Wed Jun 19 17:54:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 11004983 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 66931924 for ; Wed, 19 Jun 2019 17:55:52 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 52CB4283C8 for ; Wed, 19 Jun 2019 17:55:52 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 46FE928437; Wed, 19 Jun 2019 17:55:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id B8554283C8 for ; Wed, 19 Jun 2019 17:55:51 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hdemt-0007yg-1E; Wed, 19 Jun 2019 17:54:23 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hdemr-0007yT-Ek for xen-devel@lists.xenproject.org; Wed, 19 Jun 2019 17:54:21 +0000 X-Inumbo-ID: 42e85a05-92bb-11e9-8980-bc764e045a96 Received: from EUR02-VE1-obe.outbound.protection.outlook.com (unknown [2a01:111:f400:fe06::620]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id 42e85a05-92bb-11e9-8980-bc764e045a96; Wed, 19 Jun 2019 17:54:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fa6y56/X5mUqNW6QKRHh++yk1raXYJo/h4h9LDqi7EU=; b=OFA4T+qdKNC9WPJQhpWCob6UWMuq0D9uWwzH4wAAmpuVtYDIsf3vsMXSEdrWg0tM75sb+oYL+IWUYasxCTBiDKNPvjha1XfWbOzSU+Gle5kJfz0k7y7bZtJatcyVRPCfgLVfr95peRoHFpPJHDm92HngbSMOj5+3HZqnRmDfcJHzrKqPa+8AIBYUO6zA9sPOd6Gja8pGaDW7DVgP2tXbUwEBOPxpLeCfIeWAxEyS2AntKCPzOYFt+gDBgCMjuOoqUo7U8Aj/FmSqAAM5gM0YKGVSPTKNqV9jplmGYqtkuJ04xCzfFgFM8KgDaa4yp8FLiDCEdo7VJ6ArQsvTlqRiTQ== Received: from AM0PR03MB4148.eurprd03.prod.outlook.com (20.176.214.210) by AM0PR03MB6051.eurprd03.prod.outlook.com (10.255.31.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1987.11; Wed, 19 Jun 2019 17:54:17 +0000 Received: from AM0PR03MB4148.eurprd03.prod.outlook.com ([fe80::d09e:ef3:88b6:b1eb]) by AM0PR03MB4148.eurprd03.prod.outlook.com ([fe80::d09e:ef3:88b6:b1eb%7]) with mapi id 15.20.1987.013; Wed, 19 Jun 2019 17:54:17 +0000 From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" Thread-Topic: [PATCH v7 1/5] tools/arm: tee: add "tee" option for xl.cfg Thread-Index: AQHVJsgDpo5qo2vE0Uuj4jFBHYDHFg== Date: Wed, 19 Jun 2019 17:54:16 +0000 Message-ID: <20190619175333.29938-2-volodymyr_babchuk@epam.com> References: <20190619175333.29938-1-volodymyr_babchuk@epam.com> In-Reply-To: <20190619175333.29938-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Volodymyr_Babchuk@epam.com; x-originating-ip: [85.223.209.22] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 9722679b-ee2d-46ed-5b17-08d6f4df25ec x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:AM0PR03MB6051; x-ms-traffictypediagnostic: AM0PR03MB6051: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:529; x-forefront-prvs: 0073BFEF03 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(376002)(396003)(136003)(39860400002)(346002)(189003)(199004)(81156014)(186003)(3846002)(76116006)(26005)(6506007)(14454004)(72206003)(64756008)(6436002)(2616005)(1076003)(2351001)(54906003)(486006)(4326008)(5660300002)(36756003)(6486002)(80792005)(66556008)(8936002)(66446008)(55236004)(66946007)(446003)(71190400001)(476003)(102836004)(68736007)(66476007)(71200400001)(99286004)(53936002)(6512007)(76176011)(7736002)(6306002)(86362001)(8676002)(25786009)(73956011)(305945005)(316002)(2501003)(66066001)(14444005)(6116002)(478600001)(256004)(11346002)(2906002)(5640700003)(91956017)(81166006)(6916009); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR03MB6051; H:AM0PR03MB4148.eurprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: epam.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: wCnRKnRi04k8uwcEGx60oQb9xSl65koC/TEyZ9SICUTBEd2KWeBoOpGHys0CH6HMVUKg5TfR3BtqYHLEm/rGSq2uG70hUTxFpAhtlGXwXGIOu3DH+yL8EMTtHeEemIk3H2TsdQwxA+D91HhLhokKH9CoWzvtaGcwoivKqWtezHFoMidFUG6rH9iJ0FKz9icWzoyHNyTYRCLmP8/c3XBGHQoiqPAUtDNXF+/dJdCxFOXUcpY3Dt1jZyp0FoKkBs+ui8Km6rY1omOmZR6gFCon85LCb3SYzE8jTJs4+g0VAofTR4qOstdeI7sDHZq/2H1S4XwCdHXtIzdRtTyfYvzpbmBninUiqwSIIcoSoN6FcBZ/JNWJh0zFNI0FrntRkxR6Bh45WTfzo64do/a/DbXY0nwR8d3pfAx9cPljevPMTik= MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9722679b-ee2d-46ed-5b17-08d6f4df25ec X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jun 2019 17:54:16.9655 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Volodymyr_Babchuk@epam.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR03MB6051 Subject: [Xen-devel] [PATCH v7 1/5] tools/arm: tee: add "tee" option for xl.cfg X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "tee-dev@lists.linaro.org" , Ian Jackson , Volodymyr Babchuk , Wei Liu Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP This enumeration controls TEE type for a domain. Currently there is two possible options: either 'none' or 'optee'. 'none' is the default value and it basically disables TEE support at all. 'optee' enables access to the OP-TEE running on a host machine. This requires special OP-TEE build with virtualization support enabled. Signed-off-by: Volodymyr Babchuk Acked-by: Ian Jackson --- Changes from v6: - Updated documentation according to Julien Grall's suggestions, add link to OP-TEE documentation Changes from v5: - Replaced "native" with "optee" in the commit description. - Updated and extended documentation based on Julien Grall's and Ian Jackson's suggestions. Changes from v4: - "native" option was replaced with "optee" - "tee" property was moved from arch-specific section to the global one. Documentation moved inside "Devices" section. Changes from v3: - tee_enabled renamed to tee_type. Currently two types are supported as described in the commit message - Add LIBXL_HAVE_BUILDINFO_ARCH_ARM_TEE definition Changes from v2: - Use arch.tee_enabled instead of separate domctl --- docs/man/xl.cfg.5.pod.in | 29 +++++++++++++++++++++++++++++ tools/libxl/libxl.h | 5 +++++ tools/libxl/libxl_arm.c | 13 +++++++++++++ tools/libxl/libxl_types.idl | 6 ++++++ tools/xl/xl_parse.c | 9 +++++++++ 5 files changed, 62 insertions(+) diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in index c99d40307e..e71b3b411d 100644 --- a/docs/man/xl.cfg.5.pod.in +++ b/docs/man/xl.cfg.5.pod.in @@ -1544,6 +1544,35 @@ Set maximum height for pointer device. =back +=item B + +B Set TEE type for the guest. TEE is a Trusted Execution +Environment -- separate secure OS found on some platforms. B can be one of the: + +=over 4 + +=item B + +"Don't allow the guest to use TEE if present on the platform. This is +the default value. + +=item B + +Allow a guest to access the host OP-TEE OS. Xen will mediate the +access to OP-TEE and the resource isolation will be provided directly +by OP-TEE. OP-TEE itself may limit the number of guests that can +concurrently use it. This requires a virtualization-aware OP-TEE for +this to work. + +You can refer to +L +for more information about how to enable and configure virtualization support +in OP-TEE. + +This feature is a B. + +=back + =back =head2 Paravirtualised (PV) Guest Specific Options diff --git a/tools/libxl/libxl.h b/tools/libxl/libxl.h index 9bacfb97f0..1fe6ea2bd8 100644 --- a/tools/libxl/libxl.h +++ b/tools/libxl/libxl.h @@ -273,6 +273,11 @@ */ #define LIBXL_HAVE_BUILDINFO_ARM_GIC_VERSION 1 +/* + * libxl_domain_build_info has the arch_arm.tee field. + */ +#define LIBXL_HAVE_BUILDINFO_ARCH_ARM_TEE 1 + /* * LIBXL_HAVE_SOFT_RESET indicates that libxl supports performing * 'soft reset' for domains and there is 'soft_reset' shutdown reason diff --git a/tools/libxl/libxl_arm.c b/tools/libxl/libxl_arm.c index 141e159043..6b72c00960 100644 --- a/tools/libxl/libxl_arm.c +++ b/tools/libxl/libxl_arm.c @@ -89,6 +89,19 @@ int libxl__arch_domain_prepare_config(libxl__gc *gc, return ERROR_FAIL; } + switch (d_config->b_info.tee) { + case LIBXL_TEE_TYPE_NONE: + config->arch.tee_type = XEN_DOMCTL_CONFIG_TEE_NONE; + break; + case LIBXL_TEE_TYPE_OPTEE: + config->arch.tee_type = XEN_DOMCTL_CONFIG_TEE_OPTEE; + break; + default: + LOG(ERROR, "Unknown TEE type %d", + d_config->b_info.tee); + return ERROR_FAIL; + } + return 0; } diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl index b61399ce36..fa5ee65463 100644 --- a/tools/libxl/libxl_types.idl +++ b/tools/libxl/libxl_types.idl @@ -460,6 +460,11 @@ libxl_gic_version = Enumeration("gic_version", [ (0x30, "v3") ], init_val = "LIBXL_GIC_VERSION_DEFAULT") +libxl_tee_type = Enumeration("tee_type", [ + (0, "none"), + (1, "optee") + ], init_val = "LIBXL_TEE_TYPE_NONE") + libxl_rdm_reserve = Struct("rdm_reserve", [ ("strategy", libxl_rdm_reserve_strategy), ("policy", libxl_rdm_reserve_policy), @@ -537,6 +542,7 @@ libxl_domain_build_info = Struct("domain_build_info",[ ("nested_hvm", libxl_defbool), ("apic", libxl_defbool), ("dm_restrict", libxl_defbool), + ("tee", libxl_tee_type), ("u", KeyedUnion(None, libxl_domain_type, "type", [("hvm", Struct(None, [("firmware", string), ("bios", libxl_bios_type), diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c index e105bda2bb..0604374ef3 100644 --- a/tools/xl/xl_parse.c +++ b/tools/xl/xl_parse.c @@ -2691,6 +2691,15 @@ skip_usbdev: } } + if (!xlu_cfg_get_string (config, "tee", &buf, 1)) { + e = libxl_tee_type_from_string(buf, &b_info->tee); + if (e) { + fprintf(stderr, + "Unknown tee \"%s\" specified\n", buf); + exit(-ERROR_FAIL); + } + } + parse_vkb_list(config, d_config); xlu_cfg_destroy(config);