Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFC] Initial virtualization support #1910

Closed
wants to merge 1 commit into from
Closed

[RFC] Initial virtualization support #1910

wants to merge 1 commit into from

Conversation

lorc
Copy link
Contributor

@lorc lorc commented Nov 1, 2017

Hello.

I want to discus how virtualization support can look in OP-TEE. This patch adds very basic support for it.
With this code I was able to use OP-TEE from two different VMs. Sequentially, of course. Currently, no cross-VM blocking is supported. I'll publish corresponding XEN code, if anyone is interested.

As I said in commit message, I try to move all client-bound global variables to a client context. Default client context will be used if virtualization is disabled. This adds small overhead (one extra LDR, for variables access, I think), but it makes code more clean.
Currently, only cached RPC commands buffers are stored in client context.

I don't ask you to do thorough code review. I just want to discuss proposed approach. This patch alone can't be used for production. On another hand, if you are okay with it, it can be merged with big warning "DO NOT enable CFG_VIRTULIZATION in production"

The biggest problem I see currently is thread termination if client VM dies in the middle of RPC. I propose to discuss this in #1890

@lorc
Copy link
Contributor Author

lorc commented Nov 1, 2017

Oops. I accidentally pushed my local patch, which produces binary file ready to flashing with JTAG. Please ignore it.

@lorc
virt: initial virtualization support
8707a49 
Added virtualization.c and virtualization.h files.

Instead of term "virtual machine" I use term "client", because it is
used in ARM SMC Calling Convention. I hope this will not be confusing.

If CFG_VIRTUALIZATION is disabled, virtualization.h provides default
client context. In this way, all code can be written in uniform way.

Currently client context stores precached RPC command buffers and
cache setings only.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
@lorc
Copy link
Contributor Author

lorc commented Nov 2, 2017

Removed that extra patch.

XEN-side implementation lives there, if anyone is interested: https://github.com/lorc/xen/blob/optee/xen/arch/arm/tee/optee.c

@MrVan
Copy link
Contributor

MrVan commented Nov 7, 2017

@lorc
I have a few general questions, is there real case that needs TEE in serveral Guest OS?
Does this patchset supports other hypervisors except xen?

Thanks

@lorc
Copy link
Contributor Author

lorc commented Nov 7, 2017

Hi @MrVan,

Yes. This is why I'm doing this. My team is working on automotive platform, where components are isolated with virtualization. Suppose that OP-TEE needed both by Android (it will be used as infotaiment) system and by some other vendor-specific component.

Proposed patches are hypervizor-agnostic. In the sense, that they can be used with any hypervisor. There are no XEN-specific parts.

@lorc
Copy link
Contributor Author

lorc commented May 25, 2018

Closing as a stale.

@lorc lorc closed this May 25, 2018
@lorc lorc deleted the virt branch April 28, 2021 23:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@lorc @MrVan