[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Tee-dev] TEE with XEN

To: Volodymyr Babchuk <vlad.babchuk@xxxxxxxxx>, Peng Fan <peng.fan@xxxxxxx>
From: Julien Grall <julien@xxxxxxx>
Date: Thu, 18 Jun 2020 19:05:10 +0100
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, "tee-dev@xxxxxxxxxxxxxxxx" <tee-dev@xxxxxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Jens Wiklander <jens.wiklander@xxxxxxxxxx>, Stefano Babic <sbabic@xxxxxxx>
Delivery-date: Thu, 18 Jun 2020 18:05:24 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

+Bertrand and Stefano

On 16/06/2020 02:24, Volodymyr Babchuk wrote:

Hi Peng,

On Mon, 15 Jun 2020 at 05:07, Peng Fan <peng.fan@xxxxxxx> wrote:


Hi All,

While enabling trusty os with xen, I took same approach as OP-TEE,
with OP-TEE running in secure world. But I am also thinking this might
introduce potential issue is that secure world OS communicate with DomU.
If there are some misbehavior in secure world OS, it might let XEN
hypervisor not work proper.

In my setup, trusty os sometimes panic in secure world, xen will not able
to control the panic core anymore.


May I ask in which case Trusty is panicking?


So I am thinking whether we need to emulating secure world in a XEN VM
which is the VM running DomU. Just like what ACRN did to run trusty
os.


Well, it depends on whom you are trusting more. Both XEN and TEE are minimal
OS implementations with aim at security. I'm speaking about generic TEE OS, not
about particular OS like OP-TEE or Trusty. Problem is that, if TEE is
running inside
VM, it will be susceptible to a hypervisor misbehaviour. You need to understand
that Xen and privileged domain (dom0, mostly) can access memory of any guest.
At least, in default configuration. There are means to harden this
setup. But anyways,
Xen can't be stopped from reading TEE's secrets.

IIRC, we discussed this approach for OP-TEE in the past. There was otherpotential pitfalls with it. For instance, you wouldn't be able todirectly access any secure device from that guest (it is running innon-secure world).

There are also issues in term of latency as you may have the followingmodel:

domU -> Xen -> domU TEE -> (Xen -> host TEE -> Xen -> domU TEE) -> Xen-> domU.


The bit in () is if you require to call the host TEE.

One possibility would be to use Secure-EL2 for your Trusty OS. But Idon't know whether your platform supports it.

Depending on whether you can modify Trusty OS, alternative would be tomake itvirtualization aware as OP-TEE did. The core would need to beresilient and the panic only affect a given client.


Cheers,

--
Julien Grall

Follow-Ups:
- Re: [Tee-dev] TEE with XEN
  - From: Bertrand Marquis
- Re: [Tee-dev] TEE with XEN
  - From: Stefano Stabellini

References:
- TEE with XEN
  - From: Peng Fan
- Re: [Tee-dev] TEE with XEN
  - From: Volodymyr Babchuk

Prev by Date: [xen-unstable-smoke test] 151225: tolerable all pass - PUSHED
Next by Date: [xen-4.12-testing test] 151184: regressions - FAIL
Previous by thread: RE: [Tee-dev] TEE with XEN
Next by thread: Re: [Tee-dev] TEE with XEN
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.