From: Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
To: Julien Grall <julien.grall@arm.com>
Cc: Wei Liu <wei.liu2@citrix.com>,
Volodymyr Babchuk <vlad.babchuk@gmail.com>,
Achin Gupta <achin.gupta@arm.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
"tee-dev@lists.linaro.org" <tee-dev@lists.linaro.org>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
Subject: Re: [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg
Date: Fri, 5 Apr 2019 10:25:35 +0000 [thread overview]
Message-ID: <87d0m092ap.fsf@epam.com> (raw)
In-Reply-To: <66bd65d4-1b00-f16f-9df8-f7591157f4b8@arm.com>
Hi Julien,
Julien Grall writes:
> Hi,
>
> On 20/03/2019 17:01, Volodymyr Babchuk wrote:
>>
>> Julien Grall writes:
>>
>>> On 20/03/2019 15:27, Volodymyr Babchuk wrote:
>>>>
>>>> Hello Julien,
>>>>
>>>> Julien Grall writes:
>>>>
>>>>> On 07/03/2019 21:04, Volodymyr Babchuk wrote:
>>>>>> From: Volodymyr Babchuk <vlad.babchuk@gmail.com>
>>>>>>
>>>>>> This enumeration controls TEE type for a domain. Currently there is
>>>>>> two possible options: either 'none' or 'native'.
>>>>>>
>>>>>> 'none' is the default value and it basically disables TEE support at
>>>>>> all.
>>>>>>
>>>>>> 'native' enables access to a "real" TEE installed on a platform.
>>>>>
>>>>> I am aware I made that suggestion. But I think the naming is not ideal
>>>>> between the user and the toolstack. The question is how this is going
>>>>> to fit with the S-EL2 feature where multiple TEE can run together?
>>>> You see, support for S-EL2 or support for multiple TEEs is a much broader
>>>> topic. For me, naming for configuration option is the least important
>>>> thing in this case :-)
>>>
>>> Naming exposed to users are hard to remove. If the naming is too
>>> ambiguous, then we will have to introduce a new option later on. This
>>> is not very ideal, so it would be better if we can find something
>>> different.
>>>
>>>>
>>>> Right there is no clear vision how it will ever work. I scanned through
>>>> SPCI spec and I already have a couple of questions. I need to study it
>>>> harder to make serious statements, but I already see that current
>>>> mediator framework will hardly fit into SPCI stuff. Frankly, I have
>>>> concerns that OP-TEE (or any other existing TEE) will be compatible
>>>> with SPCI-enabled systems without major rework. So, we will need to do
>>>> big overhaul anyways, when there will appear first SPCI-compatible TEEs and
>>>> secure hypervisors.
>>>>
>>>> AFAIK, there is no ARMv8.4 platforms, no S-EL2 hypervisors and so on. It
>>>> will take at least couple of years before S-EL2 will hit the market. So
>>>> in my opinion it is too early to make any assumptions on how to support
>>>> all this in Xen. Lets stick to the current matters.
>>>
>>> I am fully aware that more work will need to be done with S-EL2. I am
>>> not expecting you (or anyone else here) to come with the
>>> implementation now. My point is the naming should be chosen so it
>>> prevents ambiguity with whatever we know will come up in the future.
>>>
>>>>
>>>> I'm not insisting on "native". But I can't invent something better right
>>>> now. Probably, SPCI-enabled TEE also will be considered "native" as
>>>> opposed to, say, "emulated". >
>>>> As I said, I can't come with anything better than "native". But I'm open
>>>> to any suggestions.
>>>
>>> Well one solution is to ditch "native" and name it "optee". By giving
>>> the name you avoid ambiguity. If we ever have multiple op-tee instance
>>> running, then it could easily be extend with a comma. So you allow
>>> backward compatibility.
>>
>> I considered this. But If I remember right, idea was to query Xen about
>> available TEE, and configure guest in the appropriate way. So "native"
>> (or some other generic way) could be used for OP-TEE, Google Trusty or
>> any other TEE, without changing guest configuration.
>>
>> Using "optee" will cause explicit configuration for OP-TEE only. I can't
>> say that this is good or bad. It just different. Do you think that would
>> be better approach?
>
> You have 2 different cases to take into account:
> - A guest is able to deal with all supported Trusted OS. So
> "native" will let the toolstack query the current Trusted OS and
> expose it to the guest.
> - A guest can only deal with a specific Trusted OS. In that case,
> the user might want to specify in the configuration the expected
> Trusted OS so it can't boot if not available.
>
> What I suggest is deferring the former case until we have another TEE
> in hand. Maybe at that time, we will have a better naming :).
Okay, so summarizing this up, you are proposing to use "optee". Am I got
you right?
--
Best regards,Volodymyr Babchuk
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
WARNING: multiple messages have this Message-ID (diff)
From: Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
To: Julien Grall <julien.grall@arm.com>
Cc: Wei Liu <wei.liu2@citrix.com>,
Volodymyr Babchuk <vlad.babchuk@gmail.com>,
Achin Gupta <achin.gupta@arm.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
"tee-dev@lists.linaro.org" <tee-dev@lists.linaro.org>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
Subject: Re: [Xen-devel] [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg
Date: Fri, 5 Apr 2019 10:25:35 +0000 [thread overview]
Message-ID: <87d0m092ap.fsf@epam.com> (raw)
Message-ID: <20190405102535.NlC5w3itbZBMSTvXYA0M0gGNJkYn8C7DcakWWd0idjQ@z> (raw)
In-Reply-To: <66bd65d4-1b00-f16f-9df8-f7591157f4b8@arm.com>
Hi Julien,
Julien Grall writes:
> Hi,
>
> On 20/03/2019 17:01, Volodymyr Babchuk wrote:
>>
>> Julien Grall writes:
>>
>>> On 20/03/2019 15:27, Volodymyr Babchuk wrote:
>>>>
>>>> Hello Julien,
>>>>
>>>> Julien Grall writes:
>>>>
>>>>> On 07/03/2019 21:04, Volodymyr Babchuk wrote:
>>>>>> From: Volodymyr Babchuk <vlad.babchuk@gmail.com>
>>>>>>
>>>>>> This enumeration controls TEE type for a domain. Currently there is
>>>>>> two possible options: either 'none' or 'native'.
>>>>>>
>>>>>> 'none' is the default value and it basically disables TEE support at
>>>>>> all.
>>>>>>
>>>>>> 'native' enables access to a "real" TEE installed on a platform.
>>>>>
>>>>> I am aware I made that suggestion. But I think the naming is not ideal
>>>>> between the user and the toolstack. The question is how this is going
>>>>> to fit with the S-EL2 feature where multiple TEE can run together?
>>>> You see, support for S-EL2 or support for multiple TEEs is a much broader
>>>> topic. For me, naming for configuration option is the least important
>>>> thing in this case :-)
>>>
>>> Naming exposed to users are hard to remove. If the naming is too
>>> ambiguous, then we will have to introduce a new option later on. This
>>> is not very ideal, so it would be better if we can find something
>>> different.
>>>
>>>>
>>>> Right there is no clear vision how it will ever work. I scanned through
>>>> SPCI spec and I already have a couple of questions. I need to study it
>>>> harder to make serious statements, but I already see that current
>>>> mediator framework will hardly fit into SPCI stuff. Frankly, I have
>>>> concerns that OP-TEE (or any other existing TEE) will be compatible
>>>> with SPCI-enabled systems without major rework. So, we will need to do
>>>> big overhaul anyways, when there will appear first SPCI-compatible TEEs and
>>>> secure hypervisors.
>>>>
>>>> AFAIK, there is no ARMv8.4 platforms, no S-EL2 hypervisors and so on. It
>>>> will take at least couple of years before S-EL2 will hit the market. So
>>>> in my opinion it is too early to make any assumptions on how to support
>>>> all this in Xen. Lets stick to the current matters.
>>>
>>> I am fully aware that more work will need to be done with S-EL2. I am
>>> not expecting you (or anyone else here) to come with the
>>> implementation now. My point is the naming should be chosen so it
>>> prevents ambiguity with whatever we know will come up in the future.
>>>
>>>>
>>>> I'm not insisting on "native". But I can't invent something better right
>>>> now. Probably, SPCI-enabled TEE also will be considered "native" as
>>>> opposed to, say, "emulated". >
>>>> As I said, I can't come with anything better than "native". But I'm open
>>>> to any suggestions.
>>>
>>> Well one solution is to ditch "native" and name it "optee". By giving
>>> the name you avoid ambiguity. If we ever have multiple op-tee instance
>>> running, then it could easily be extend with a comma. So you allow
>>> backward compatibility.
>>
>> I considered this. But If I remember right, idea was to query Xen about
>> available TEE, and configure guest in the appropriate way. So "native"
>> (or some other generic way) could be used for OP-TEE, Google Trusty or
>> any other TEE, without changing guest configuration.
>>
>> Using "optee" will cause explicit configuration for OP-TEE only. I can't
>> say that this is good or bad. It just different. Do you think that would
>> be better approach?
>
> You have 2 different cases to take into account:
> - A guest is able to deal with all supported Trusted OS. So
> "native" will let the toolstack query the current Trusted OS and
> expose it to the guest.
> - A guest can only deal with a specific Trusted OS. In that case,
> the user might want to specify in the configuration the expected
> Trusted OS so it can't boot if not available.
>
> What I suggest is deferring the former case until we have another TEE
> in hand. Maybe at that time, we will have a better naming :).
Okay, so summarizing this up, you are proposing to use "optee". Am I got
you right?
--
Best regards,Volodymyr Babchuk
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2019-04-05 10:25 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-07 21:04 [PATCH v4 00/10] TEE mediator (and OP-TEE) support in XEN Volodymyr Babchuk
2019-03-07 21:04 ` [PATCH v4 01/10] xen/arm: add generic TEE mediator framework Volodymyr Babchuk
2019-03-15 15:03 ` Julien Grall
2019-03-07 21:04 ` [PATCH v4 03/10] xen/arm: optee: add OP-TEE mediator skeleton Volodymyr Babchuk
2019-03-15 15:24 ` Julien Grall
2019-03-15 19:00 ` Volodymyr Babchuk
2019-03-15 20:18 ` Julien Grall
2019-03-15 15:47 ` Julien Grall
2019-03-07 21:04 ` [PATCH v4 02/10] xen/arm: optee: add OP-TEE header files Volodymyr Babchuk
2019-03-07 21:04 ` [PATCH v4 04/10] xen/arm: optee: add fast calls handling Volodymyr Babchuk
2019-03-15 15:46 ` Julien Grall
2019-03-07 21:04 ` [PATCH v4 05/10] xen/arm: optee: add std call handling Volodymyr Babchuk
2019-03-18 13:50 ` Julien Grall
2019-03-20 16:14 ` Volodymyr Babchuk
2019-03-20 16:48 ` Julien Grall
2019-03-20 17:42 ` Volodymyr Babchuk
2019-03-20 18:08 ` Julien Grall
2019-03-07 21:04 ` [PATCH v4 06/10] xen/arm: optee: add support for RPC SHM buffers Volodymyr Babchuk
2019-03-18 14:21 ` Julien Grall
2019-03-20 16:21 ` Volodymyr Babchuk
2019-03-20 16:52 ` Julien Grall
2019-03-20 17:09 ` Volodymyr Babchuk
2019-03-07 21:04 ` [PATCH v4 07/10] xen/arm: optee: add support for arbitrary shared memory Volodymyr Babchuk
2019-03-18 15:27 ` Julien Grall
2019-03-20 16:39 ` Volodymyr Babchuk
2019-03-20 17:47 ` Julien Grall
2019-03-20 19:37 ` Volodymyr Babchuk
2019-03-21 10:39 ` Julien Grall
2019-03-07 21:04 ` [PATCH v4 08/10] xen/arm: optee: add support for RPC commands Volodymyr Babchuk
2019-03-18 15:38 ` Julien Grall
2019-03-20 15:36 ` Volodymyr Babchuk
2019-03-20 16:27 ` Julien Grall
2019-03-20 16:47 ` Volodymyr Babchuk
2019-03-07 21:04 ` [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg Volodymyr Babchuk
2019-03-18 15:49 ` Julien Grall
2019-03-18 21:04 ` Achin Gupta
2019-03-20 16:18 ` Julien Grall
2019-03-20 15:27 ` Volodymyr Babchuk
2019-03-20 16:06 ` Julien Grall
2019-03-20 17:01 ` Volodymyr Babchuk
2019-03-20 18:35 ` Julien Grall
2019-04-05 10:25 ` Volodymyr Babchuk [this message]
2019-04-05 10:25 ` [Xen-devel] " Volodymyr Babchuk
2019-04-08 10:47 ` Julien Grall
2019-04-08 10:47 ` [Xen-devel] " Julien Grall
2019-03-07 21:04 ` [PATCH v4 10/10] tools/arm: optee: create optee firmware node in DT if tee=native Volodymyr Babchuk
2019-03-18 15:50 ` Julien Grall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87d0m092ap.fsf@epam.com \
--to=volodymyr_babchuk@epam.com \
--cc=achin.gupta@arm.com \
--cc=ian.jackson@eu.citrix.com \
--cc=julien.grall@arm.com \
--cc=tee-dev@lists.linaro.org \
--cc=vlad.babchuk@gmail.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.