[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Tee-dev] TEE with XEN

  • To: Volodymyr Babchuk <vlad.babchuk@xxxxxxxxx>
  • From: Peng Fan <peng.fan@xxxxxxx>
  • Date: Tue, 16 Jun 2020 02:02:20 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fi8b8PPe89sPxksvUWQxXqG2gfhC47pLd6CqSuQxY/k=; b=DXpxS2po1NY4N97FKYkJY8scecTkcfICwt738W+ZAgKt4OlPobaoWDqtBp76GaKSTntR949LgSl8YDPNm8YZPViW4zMO2Me3Y4LOw3jdTMK51alH37cfec2DTjhu2NoWHJP2UIFVJ3UKLH/qE9uU7i9w6KzCjQRCJQzNu7O6dIu+zy/eK3Pk1ZoYI3SwgyNKYD+SoeogFEKxsUYwovY5BuI58AK+ktSUnbOyR5hQXVijOFHax3O7dAH/5ryJI0hm0qmRQko+A7qVzN4erCNkVxLKl2JwJIuyXYJaWoUv/BdBsVlXJCkw0ecJH8In4siyqRPigmy9vWSrFr7qYPBsuw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=i16n+PlLnHtv4TkU4K/joJq83mNCBwaY5QRFsa7Icm8FDuvHragei4GXGlYVk2B4KZtbCaUHLWmF9w2p6YyEZ3EY7p2OmFnRWoYM4k+4eL78wBIp4nYZn/12VyTh2zzZ2t+Eo2DQZb1pGKq9ltt3Gcd4HiNAxY1pZbKtsy3fuAUJZG3VA0C2uuP1yPsljOCUfopyrsNeNgYTslvdsKnszLkrkUN9tqTZ9b8KEkBiFdO9x7fxu+HwasHl5rp7N8sfOCz3TZoK3SMjzC3Jx37cSkkRg0fS6tPaVXyf9gMFT4EvoTP3X8B9LC69Mze3fdSNZxQgZgbnTvJomUritsTErw==
  • Authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=nxp.com;
  • Cc: Julien Grall <julien@xxxxxxx>, Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>, "tee-dev@xxxxxxxxxxxxxxxx" <tee-dev@xxxxxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Jens Wiklander <jens.wiklander@xxxxxxxxxx>, Stefano Babic <sbabic@xxxxxxx>
  • Delivery-date: Tue, 16 Jun 2020 02:02:39 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AdZCuN8SyGfGPx9hRva/eeajiUtqpQAw/zsAAAE3WoA=
  • Thread-topic: [Tee-dev] TEE with XEN
Hi,

> Subject: Re: [Tee-dev] TEE with XEN
> 
> Hi Peng,
> 
> On Mon, 15 Jun 2020 at 05:07, Peng Fan <peng.fan@xxxxxxx> wrote:
> >
> > Hi All,
> >
> > While enabling trusty os with xen, I took same approach as OP-TEE,
> > with OP-TEE running in secure world. But I am also thinking this might
> > introduce potential issue is that secure world OS communicate with DomU.
> > If there are some misbehavior in secure world OS, it might let XEN
> > hypervisor not work proper.
> >
> > In my setup, trusty os sometimes panic in secure world, xen will not
> > able to control the panic core anymore.
> >
> > So I am thinking whether we need to emulating secure world in a XEN VM
> > which is the VM running DomU. Just like what ACRN did to run trusty
> > os.
> 
> Well, it depends on whom you are trusting more. Both XEN and TEE are
> minimal OS implementations with aim at security. 

XEN is targeting safety.
TEE is targeting security.

I'm speaking about generic
> TEE OS, not about particular OS like OP-TEE or Trusty. Problem is that, if 
> TEE is
> running inside VM, it will be susceptible to a hypervisor misbehaviour. You
> need to understand that Xen and privileged domain (dom0, mostly) can access
> memory of any guest.
> At least, in default configuration. There are means to harden this setup. But
> anyways, Xen can't be stopped from reading TEE's secrets.

Yes. Understand.

> 
> If this is okay for your needs, then you can run TEE as a VM of course.
> 
> So, this is heavilly depends on your security threats model. There can't be
> universal solution. Also, I'm proposing to check Google's requirements for
> Trusty environment.

Let me try to ask Google guys to see any feedback.

Thanks,
Peng.

> Do they allow it to run outside of TrustZone? For example, GPD TEE System
> Architecture document clearly says that TEE should be separated from REE by
> hardware mechanisms that are not controlled by REE (section 2.2.1). I believe,
> that should be a similar document for Trusty.
> 
> --
> WBR Volodymyr Babchuk aka lorc [+380976646013]
> mailto: vlad.babchuk@xxxxxxxxx

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.