linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Achin Gupta <achin.gupta@arm.com>
To: Will Deacon <will@kernel.org>
Cc: Rob Herring <robh@kernel.org>,
	Sudeep Holla <Sudeep.Holla@arm.com>,
	"devicetree@vger.kernel.org" <devicetree@vger.kernel.org>,
	"linux-arm-kernel@lists.infradead.org" 
	<linux-arm-kernel@lists.infradead.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	Marc Zyngier <maz@kernel.org>, nd <nd@arm.com>
Subject: Re: [RFC PATCH 1/3] dt-bindings: Add ARM PSA FF binding for non-secure VM partitions
Date: Mon, 15 Jun 2020 10:16:39 +0100	[thread overview]
Message-ID: <20200615091639.GD46361@C02TC1ARHF1T> (raw)
In-Reply-To: <20200611171222.GB7725@willie-the-truck>

On Thu, Jun 11, 2020 at 06:12:23PM +0100, Will Deacon wrote:
> On Thu, Jun 11, 2020 at 03:46:35PM +0000, Achin Gupta wrote:
> > > On 10 Jun 2020, at 08:43, Will Deacon <will@kernel.org> wrote:
> > > On Tue, Jun 09, 2020 at 04:35:51PM -0600, Rob Herring wrote:
> > >> On Mon, Jun 01, 2020 at 10:45:10AM +0100, Sudeep Holla wrote:
> > >>> Add devicetree bindings for a Arm PSA FF-A compliant non-secure partition
> > >>> at virtual interface(VMs).
> > >>>
> > >>> Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
> > >>> ---
> > >>> .../devicetree/bindings/arm/arm,psa-ffa.txt   | 47 +++++++++++++++++++
> > >>> 1 file changed, 47 insertions(+)
> > >>> create mode 100644 Documentation/devicetree/bindings/arm/arm,psa-ffa.txt
> > >>
> > >> I'm hoping this goes away if the firmware is discoverable, but if not DT
> > >> bindings are DT schema now.
> > >
> > > We'll need the binding for the kvm host side, because there are plenty
> > > of partition properties that are not discoverable (e.g. number of vCPUs).
> >
> > Just trying to understand the req. a bit better…
> >
> > The FF-A driver in the host can use FFA_PARTITION_INFO_GET to determine
> > the count of partitions and their vCPUs.
> >
> > Is this about a guest being able to find out how many vCPUs it has?
>
> This is about KVM finding out the information it needs in order to spawn
> non-secure partitions. I don't see how it can do that with
> FFA_PARTITION_INFO_GET -- who would respond?

Right! FFA_PARTITION_INFO_GET is meant to help the FF-A driver in the kernel to
determine partition properties. It assumes that EL2 SW has already read each
partition's manifest and will reply to this ABI.

IIUC, with protected KVM, this information will have to be a part of the
manifest that the KVM host consumes.

But then, can this be made discoverable (use a SMC for discovery) at all as Rob
had originally suggested. Firmware (Secure world) has no clue and the bootloader
is long gone.

Separate topic, protected KVM does not get dibs on the manifest and it relies on
the KVM host to specify the address ranges for each partition? Does this not
mean that the KVM host can control the physical address space each partition
sees. This seems contrary to the isolation guarantees that protected KVM must
provide?

>
> But you're right that number of vCPUs was a bad example. We also need
> information such as the entry point.

Yes. From a spec perspective this should be specified in the partition manifest
unless the base address of the loaded image can be assummed to be the entry
point.

cheers,
Achin

>
> Will

  reply	other threads:[~2020-06-15  9:17 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-01  9:45 [RFC PATCH 0/3] firmware: Add support for PSA FF-A interface Sudeep Holla
2020-06-01  9:45 ` [RFC PATCH 1/3] dt-bindings: Add ARM PSA FF binding for non-secure VM partitions Sudeep Holla
2020-06-09 22:35   ` Rob Herring
2020-06-10  7:43     ` Will Deacon
2020-06-10 13:56       ` Rob Herring
2020-06-11 15:46       ` Achin Gupta
2020-06-11 17:12         ` Will Deacon
2020-06-15  9:16           ` Achin Gupta [this message]
2020-06-15  9:51             ` Will Deacon
2020-06-15 11:42               ` Achin Gupta
2020-06-15 11:55                 ` Will Deacon
2020-06-15 16:48                   ` Achin Gupta
2020-06-10  8:32     ` Sudeep Holla
2020-06-01  9:45 ` [RFC PATCH 2/3] firmware: Add support for PSA FF-A transport for " Sudeep Holla
2020-07-09 22:15   ` Arve Hjønnevåg
2020-06-01  9:45 ` [RFC PATCH 3/3] firmware: Add example PSA FF-A non-secure VM partition Sudeep Holla
2020-06-04 13:37 ` [RFC PATCH 0/3] firmware: Add support for PSA FF-A interface Will Deacon
2020-06-09 17:41   ` Sudeep Holla
2020-06-10  7:57     ` Will Deacon
2020-06-10  8:10       ` Sudeep Holla
2020-06-15 11:38     ` Jens Wiklander

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200615091639.GD46361@C02TC1ARHF1T \
    --to=achin.gupta@arm.com \
    --cc=Sudeep.Holla@arm.com \
    --cc=devicetree@vger.kernel.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=maz@kernel.org \
    --cc=nd@arm.com \
    --cc=robh@kernel.org \
    --cc=will@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).