From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.0 required=3.0 tests=BAYES_00,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B6DB0C07E9B for ; Tue, 6 Jul 2021 10:36:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9FCBC619AB for ; Tue, 6 Jul 2021 10:36:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231489AbhGFKjA (ORCPT ); Tue, 6 Jul 2021 06:39:00 -0400 Received: from mail.kernel.org ([198.145.29.99]:37228 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231400AbhGFKi6 (ORCPT ); Tue, 6 Jul 2021 06:38:58 -0400 Received: from disco-boy.misterjones.org (disco-boy.misterjones.org [51.254.78.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 463E7619AA; Tue, 6 Jul 2021 10:36:20 +0000 (UTC) Received: from sofa.misterjones.org ([185.219.108.64] helo=why.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1m0iR8-00BeiL-2H; Tue, 06 Jul 2021 11:36:18 +0100 From: Marc Zyngier Date: Tue, 06 Jul 2021 11:36:17 +0100 Message-ID: <87czrv91b2.wl-maz@kernel.org> rom: Marc Zyngier To: Sumit Garg Cc: Jens Wiklander , Linux Kernel Mailing List , linux-arm-kernel , OP-TEE TrustedFirmware , Devicetree List , Linux Doc Mailing List , Jerome Forissier , Etienne Carriere , Vincent Guittot , Rob Herring , Jonathan Corbet , Ard Biesheuvel Subject: Re: [PATCH v2 0/7] Asynchronous notifications from secure world In-Reply-To: References: <20210616103649.2662395-1-jens.wiklander@linaro.org> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/27.1 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: sumit.garg@linaro.org, jens.wiklander@linaro.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, op-tee@lists.trustedfirmware.org, devicetree@vger.kernel.org, linux-doc@vger.kernel.org, jerome@forissier.org, etienne.carriere@linaro.org, vincent.guittot@linaro.org, robh+dt@kernel.org, corbet@lwn.net, ardb@kernel.org X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 06 Jul 2021 08:25:26 +0100, Sumit Garg wrote: > > On Thu, 17 Jun 2021 at 11:40, Jens Wiklander wrote: > > > > Hi Sumit, > > > > On Thu, Jun 17, 2021 at 6:33 AM Sumit Garg wrote: > > > > > > Hi Jens, > > > > > > On Wed, 16 Jun 2021 at 16:07, Jens Wiklander wrote: > > > > > > > > Hi all, > > > > > > > > This adds support for asynchronous notifications from OP-TEE in secure > > > > world to the OP-TEE driver. This allows a design with a top half and bottom > > > > half type of driver where the top half runs in secure interrupt context and > > > > a notifications tells normal world to schedule a yielding call to do the > > > > bottom half processing. > > > > > > > > An interrupt is used to notify the driver that there are asynchronous > > > > notifications pending. > > > > > > > > > > It looks like a nice feature. I would like to get hands on with this. > > > Can I test this feature on Qemu? > > > > Absolutely, you can get this into the normal OP-TEE development repo setup with: > > repo init -u https://github.com/OP-TEE/manifest.git -m default.xml > > repo sync > > Update optee_os with > > https://github.com/jenswi-linaro/optee_os/tree/async_notif_v2 > > Update linux with https://github.com/jenswi-linaro/linux-1/tree/async_notif_v2 > > cd build > > make all -j... > > make run-only > > > > If you type anything at the secure console you'll notice how it > > changes behaviour once the Linux kernel has booted. > > > > Thanks for sharing instructions as I now got some time to test and > deep dive into this feature. It looks like a pretty useful feature to > realize interrupt support in the secure world in its true sense. This > feature works for me as per your instructions. > > I could recognise it's requirement from the time while I was playing > with secure timer interrupt support for OP-TEE RNG driver on > Developerbox. In that case I had to strip down the secure interrupt > handler to a minimum that would just collect entropy and dump into the > secure buffer. But with asynchronous notifications support, I could > add more functionality like entropy health tests in the bottom half > instead of doing those health tests while retrieving entropy from the > secure world. > > Given that, have you explored the possibility to leverage SGI rather > than a platform specific SPI for notifying the normal world? If it's > possible to leverage Architecture specific SGI for this purpose then I What does "Architecture specific SGI" mean? > think this feature will come automatically enabled for every platform > without the need to reserve a platform specific SPI. That old chestnut again... - How do you discover that the secure side has graced you with a Group-1 SGI (no, you can't use one of the first 8)? for both DT and ACPI? - How do you find which CPUs are targeted by this SGI? All? One? A subset? What is the expected behaviour with CPU hotplug? How can the NS side (Linux) can inform the secure side about the CPUs it wants to use? - Is there any case where you would instead need a level interrupt (which a SGI cannot provide)? In general, cross world SGIs are a really bad idea. Yes, some people like them. I still think they are misguided, and I don't intend to provide a generic request interface for this. M. -- Without deviation from the norm, progress is not possible. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89820C07E9C for ; Tue, 6 Jul 2021 10:38:18 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 58262619AC for ; Tue, 6 Jul 2021 10:38:18 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 58262619AC Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Subject:Cc:To:Message-ID:Date:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=U+QkhxHNte84hBucBFyZA6iTw61Nixs0mMwFXIQuC4A=; b=CYaXtWGzv0ZOJ6 u7yu5b2f2OXAkpdZiry2tfHHB2TRsKYF20hk2hwAbAr2QzuwiYN22DeJuwa4V/jGeQIkb7FFH/oag J0ylb5E8YH0oiM0O1uIrFXGUVqK0k9Nb0kzch9nH/umsW2Ea6ctRB9BDLY9QFGqdEqCrUktGR0W2F TIdBnc8B4KcaP6acCa5c1bHH1QAfXBzhyAn3R/LFLod2L4NL9iSuYS3v6LREcWx1icMnmula9QW4j raID3GfNaTjWeR7vm0yDRyy/QrsHilk9XSGm2f5m8b9LLJuqgcYlHLs/NTMUTY7lmchzTsR3F1Xzn ibKL7/HXpuVEiys4hgeg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1m0iRF-00B3jT-Iy; Tue, 06 Jul 2021 10:36:26 +0000 Received: from mail.kernel.org ([198.145.29.99]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1m0iRA-00B3hR-SN for linux-arm-kernel@lists.infradead.org; Tue, 06 Jul 2021 10:36:22 +0000 Received: from disco-boy.misterjones.org (disco-boy.misterjones.org [51.254.78.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 463E7619AA; Tue, 6 Jul 2021 10:36:20 +0000 (UTC) Received: from sofa.misterjones.org ([185.219.108.64] helo=why.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1m0iR8-00BeiL-2H; Tue, 06 Jul 2021 11:36:18 +0100 From: Marc Zyngier Date: Tue, 06 Jul 2021 11:36:17 +0100 Message-ID: <87czrv91b2.wl-maz@kernel.org> rom: Marc Zyngier To: Sumit Garg Cc: Jens Wiklander , Linux Kernel Mailing List , linux-arm-kernel , OP-TEE TrustedFirmware , Devicetree List , Linux Doc Mailing List , Jerome Forissier , Etienne Carriere , Vincent Guittot , Rob Herring , Jonathan Corbet , Ard Biesheuvel Subject: Re: [PATCH v2 0/7] Asynchronous notifications from secure world In-Reply-To: References: <20210616103649.2662395-1-jens.wiklander@linaro.org> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/27.1 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: sumit.garg@linaro.org, jens.wiklander@linaro.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, op-tee@lists.trustedfirmware.org, devicetree@vger.kernel.org, linux-doc@vger.kernel.org, jerome@forissier.org, etienne.carriere@linaro.org, vincent.guittot@linaro.org, robh+dt@kernel.org, corbet@lwn.net, ardb@kernel.org X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210706_033621_015568_17A65BB1 X-CRM114-Status: GOOD ( 39.74 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Tue, 06 Jul 2021 08:25:26 +0100, Sumit Garg wrote: > > On Thu, 17 Jun 2021 at 11:40, Jens Wiklander wrote: > > > > Hi Sumit, > > > > On Thu, Jun 17, 2021 at 6:33 AM Sumit Garg wrote: > > > > > > Hi Jens, > > > > > > On Wed, 16 Jun 2021 at 16:07, Jens Wiklander wrote: > > > > > > > > Hi all, > > > > > > > > This adds support for asynchronous notifications from OP-TEE in secure > > > > world to the OP-TEE driver. This allows a design with a top half and bottom > > > > half type of driver where the top half runs in secure interrupt context and > > > > a notifications tells normal world to schedule a yielding call to do the > > > > bottom half processing. > > > > > > > > An interrupt is used to notify the driver that there are asynchronous > > > > notifications pending. > > > > > > > > > > It looks like a nice feature. I would like to get hands on with this. > > > Can I test this feature on Qemu? > > > > Absolutely, you can get this into the normal OP-TEE development repo setup with: > > repo init -u https://github.com/OP-TEE/manifest.git -m default.xml > > repo sync > > Update optee_os with > > https://github.com/jenswi-linaro/optee_os/tree/async_notif_v2 > > Update linux with https://github.com/jenswi-linaro/linux-1/tree/async_notif_v2 > > cd build > > make all -j... > > make run-only > > > > If you type anything at the secure console you'll notice how it > > changes behaviour once the Linux kernel has booted. > > > > Thanks for sharing instructions as I now got some time to test and > deep dive into this feature. It looks like a pretty useful feature to > realize interrupt support in the secure world in its true sense. This > feature works for me as per your instructions. > > I could recognise it's requirement from the time while I was playing > with secure timer interrupt support for OP-TEE RNG driver on > Developerbox. In that case I had to strip down the secure interrupt > handler to a minimum that would just collect entropy and dump into the > secure buffer. But with asynchronous notifications support, I could > add more functionality like entropy health tests in the bottom half > instead of doing those health tests while retrieving entropy from the > secure world. > > Given that, have you explored the possibility to leverage SGI rather > than a platform specific SPI for notifying the normal world? If it's > possible to leverage Architecture specific SGI for this purpose then I What does "Architecture specific SGI" mean? > think this feature will come automatically enabled for every platform > without the need to reserve a platform specific SPI. That old chestnut again... - How do you discover that the secure side has graced you with a Group-1 SGI (no, you can't use one of the first 8)? for both DT and ACPI? - How do you find which CPUs are targeted by this SGI? All? One? A subset? What is the expected behaviour with CPU hotplug? How can the NS side (Linux) can inform the secure side about the CPUs it wants to use? - Is there any case where you would instead need a level interrupt (which a SGI cannot provide)? In general, cross world SGIs are a really bad idea. Yes, some people like them. I still think they are misguided, and I don't intend to provide a generic request interface for this. M. -- Without deviation from the norm, progress is not possible. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel