Re: [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg

From: Julien Grall <julien.grall@arm.com>
To: Achin Gupta <Achin.Gupta@arm.com>
Cc: Wei Liu <wei.liu2@citrix.com>,
	Volodymyr Babchuk <vlad.babchuk@gmail.com>,
	Ian Jackson <ian.jackson@eu.citrix.com>,
	"tee-dev@lists.linaro.org" <tee-dev@lists.linaro.org>,
	"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
	nd <nd@arm.com>, Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
Subject: Re: [PATCH v4 09/10] tools/arm: tee: add "tee" option for xl.cfg
Date: Wed, 20 Mar 2019 16:18:11 +0000	[thread overview]
Message-ID: <7b486db2-79a7-4073-1544-e562354ef692@arm.com> (raw)
In-Reply-To: <20190318210450.GQ21602@mac-ubuntu-vm>

Hi Achin,

On 18/03/2019 21:04, Achin Gupta wrote:
> On Mon, Mar 18, 2019 at 03:49:12PM +0000, Julien Grall wrote:
>> (+ Achin)
>>
>> On 07/03/2019 21:04, Volodymyr Babchuk wrote:
>>> From: Volodymyr Babchuk <vlad.babchuk@gmail.com>
>>>
>>> This enumeration controls TEE type for a domain. Currently there is
>>> two possible options: either 'none' or 'native'.
>>>
>>> 'none' is the default value and it basically disables TEE support at
>>> all.
>>>
>>> 'native' enables access to a "real" TEE installed on a platform.
>>
>> I am aware I made that suggestion. But I think the naming is not ideal
>> between the user and the toolstack. The question is how this is going to fit
>> with the S-EL2 feature where multiple TEE can run together?
>>
>> I have CCed Achin to see he has any vision how this could be interfaced.
> 
> Thanks.
> 
> Multiple TEEs (or rather Trusted OSs) can coexist on Armv8.3 and earlier. They
> will not be isolated but play along nicely.

That's interesting. So, in the current case (i.e without SPCI), how do you 
communicate with a specific Trusted OS?

> 
> The intent is that prior to S-EL2 and multiple TOSs, each TOS will migrate to
> using the SPCI spec. At this stage, there should be no need for a TOS specific
> mediator in the Hypervisor. IOW, there should be a "generic" SPCI
> mediator. Maybe, we can add a TEE type 'generic' later to enable access to any
> TEE through this generic interface?

Yes, that's probably a good option to add later. So maybe renaming 'native' to 
'optee'(or 'op-tee') would be more suitable here. This avoid the ambiguity of 
'native'.

> 
> Support for multiple TOSs has raised other questions that we are trying to
> address e.g. dependencies between them or on guests in Nwd, impact on scheduling
> decisions made by Nwd etc. Support for OP-TEE in this patch stack does not need
> to answer these just yet it seems. It is more likely that we will have to tackle
> support for multiple TEEs afresh rather than treating it as an extension of
> support for a specific TOS.

I totally agree. SPCI is a separate topic, although I wanted to get a more 
suitable name for the config so we can avoid introduce a new option later on.

> 
> Happy to discuss further and I hope this helps in some way.

Thank you for the feedback!

Cheers,

-- 
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel