Re: [Xen-devel] [PATCH v6 09/10] tools/arm: tee: add "tee" option for xl.cfg

[Julien Grall <julien.grall@xxxxxxx>]

Hi,

On 18/06/2019 16:23, Volodymyr Babchuk wrote:
> Julien Grall writes:
>
> > On 6/18/19 3:30 PM, Volodymyr Babchuk wrote:
> > > Julien Grall writes:
> > >
> > > > On 18/06/2019 12:19, Volodymyr Babchuk wrote:
> > > > > Hi Julien,
> > > > Hi,
> > > >
> > > > > Julien Grall writes:
> > > > > > > +
> > > > > > > +=item B<optee>
> > > > > > > +
> > > > > > > +Allow a guest to use OP-TEE. Note that a virtualization-aware OP-TEE
> > > > > > > +is required for this. If this option is selected, guest will be able
> > > > > > OOI, what happen if OP-TEE does not support virtualization. Will Xen
> > > > > > forbid to use it?
> > > > > Yes, Xen will get an error from OP-TEE during domain construction. This
> > > > > will lead to domain creation failure.
> > > > This is a bit odd. It means we have no way to know in advance whether
> > > > OP-TEE will be able to create a client.
> > > Yes. There can be at least two reasons for this:
> > > 1. OP-TEE is built without virtualization support at all
> > > 2. OP-TEE have no resources for a new guest
> > >
> > > > In other word, when the
> > > > mediator is built in Xen, all existing setup with OP-TEE (and
> > > > no-virtualization) will fail.
> > > Right. If user provides DTB with 'optee' node, but OP-TEE is build without
> > > virtualization support, Dom0 will not be created. This can be fixed by
> > > adding new capability flag into OP-TEE, that tells Xen about
> > > virtualization support. For some reason I missed this when I implemented
> > > VM support in OP-TEE :(
> > >
> > > > My expectation is Xen should be able to know whether the mediator can be used.
> > > I need to implement additional capability flag in the OP-TEE. This is
> > > not so hard, but it will be available only in the next release. For now,
> > > we can document this limitation somewhere.
> > Is OP-TEE already released with virtualization? If not, when will it be?
> Yes, OP-TEE 3.5.0 was released on 26 April 2019 and it includes
> virtualization support.
Ok. Please try to solve this problem for the next release.

For now, I think there are a way to workaround the lack of a feature flag. In 
the detection of OP-TEE, you can try to create a client. If it fails, then it 
means OP-TEE does not support virtualization.
This is assuming that OP-TEE will fail gracefully.

Cheers,

--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel