From patchwork Tue May 21 21:26:18 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 10954549 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C558C1708 for ; Tue, 21 May 2019 21:28:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B449A28A09 for ; Tue, 21 May 2019 21:28:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A410D28A71; Tue, 21 May 2019 21:28:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 1F76728A09 for ; Tue, 21 May 2019 21:28:03 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hTCH8-0008Sq-WC; Tue, 21 May 2019 21:26:22 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hTCH7-0008Rr-Ih for xen-devel@lists.xenproject.org; Tue, 21 May 2019 21:26:21 +0000 X-Inumbo-ID: 12e79ae0-7c0f-11e9-a16b-dbe450c486f0 Received: from EUR04-DB3-obe.outbound.protection.outlook.com (unknown [40.107.6.56]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 12e79ae0-7c0f-11e9-a16b-dbe450c486f0; Tue, 21 May 2019 21:26:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Chwwj3eFWveYoQ6Bn43DmSx7Q+hzFy24++03rrdYhZ0=; b=UvSJdgrrAyYNL1+PyJTn9DsJeX64mATyKwGEzOFzjAxC5QsXgTGxw2MiCA1gDWUUy1nK5Qx6QcA/mcKAMs24rhdyuXla8I5ZCKMdj8yfvTFKZPp1wR4xdZfRZDObwLcSPaNfMnXShxO/aARpEYZS8QOUVVRH1veGMf1GUqgDplxa2HNAIMpOasM8jiqGsFWWt86i77FaYfyAcHvP/P7Jn5syZ5kBp01Xa252TGol5u7Abk0ob5r6mmEbqjHNKpTpq6adfyOFUGDPMyb/v4c77ZP4BmZvD3jDaAvjUZ8an+5hu8eEOswEqgUCC9XfPrw5ZbDfqTBrUXCa7hSrWwp0cw== Received: from AM0PR03MB4148.eurprd03.prod.outlook.com (20.176.214.210) by AM0PR03MB5698.eurprd03.prod.outlook.com (20.179.254.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1900.16; Tue, 21 May 2019 21:26:18 +0000 Received: from AM0PR03MB4148.eurprd03.prod.outlook.com ([fe80::55c5:599a:1f80:208a]) by AM0PR03MB4148.eurprd03.prod.outlook.com ([fe80::55c5:599a:1f80:208a%3]) with mapi id 15.20.1900.020; Tue, 21 May 2019 21:26:18 +0000 From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" Thread-Topic: [PATCH v5 09/10] tools/arm: tee: add "tee" option for xl.cfg Thread-Index: AQHVEBvTWnS0JriE6E6xTB61iQ032g== Date: Tue, 21 May 2019 21:26:18 +0000 Message-ID: <20190521212530.12706-10-volodymyr_babchuk@epam.com> References: <20190521212530.12706-1-volodymyr_babchuk@epam.com> In-Reply-To: <20190521212530.12706-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Volodymyr_Babchuk@epam.com; x-originating-ip: [85.223.209.22] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: e0cb8bcd-56ad-4e4f-2235-08d6de32f66c x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:AM0PR03MB5698; x-ms-traffictypediagnostic: AM0PR03MB5698: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:478; x-forefront-prvs: 0044C17179 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(1496009)(376002)(136003)(366004)(346002)(396003)(39860400002)(189003)(199004)(6512007)(6486002)(5640700003)(6436002)(68736007)(3846002)(2616005)(476003)(11346002)(6916009)(486006)(6116002)(76116006)(14444005)(256004)(64756008)(66476007)(478600001)(305945005)(66946007)(54906003)(316002)(7736002)(73956011)(71190400001)(72206003)(2501003)(66556008)(80792005)(71200400001)(66446008)(26005)(4326008)(14454004)(25786009)(102836004)(2906002)(55236004)(8936002)(81166006)(5660300002)(99286004)(66066001)(1076003)(36756003)(86362001)(53936002)(6506007)(81156014)(446003)(2351001)(186003)(8676002)(76176011); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR03MB5698; H:AM0PR03MB4148.eurprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: epam.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: e+a1WcqFtJaMKHjZx6i2HQ9saIwqloQ5MasFuc1sw2Vswwr5441uwV7acbGgYW8ME86BBdo90j8sRDbxhf56j3YQgrLAUTWWF5oJf8XkL8v0gCCcy/S4/6mSLthCBTcHg8+k+ls+RQ/G27ks2HVVKhkzdaP45A8jR8RqWnTZIVleV14KuN+1BVzwqA1rKndq+16hpHtO6r4mLLzWt2P51MUwVk92r0yRAlnraXPH7/IqLCuwxnKgZw78UATUxEeTsNG6dJYQJODI1Kg6x3fKCAiDHW7a3jv2ItbboDGJpfZP3EP/71oiFuHlYFaUm8QBt9w1bXhrLOjI38crOBVkZoQ8+dMhwxiGY913q6kIOAl9t9QRbmd8cZY3KlCJ8ayJMlLIF+VEoLFub/Wy8aebDntGRS8y0QvXJ8tC07YMw7E= MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-Network-Message-Id: e0cb8bcd-56ad-4e4f-2235-08d6de32f66c X-MS-Exchange-CrossTenant-originalarrivaltime: 21 May 2019 21:26:18.2747 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR03MB5698 Subject: [Xen-devel] [PATCH v5 09/10] tools/arm: tee: add "tee" option for xl.cfg X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "tee-dev@lists.linaro.org" , Ian Jackson , Volodymyr Babchuk , Wei Liu Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP This enumeration controls TEE type for a domain. Currently there is two possible options: either 'none' or 'optee'. 'none' is the default value and it basically disables TEE support at all. 'native' enables access to a "real" OP-TEE installed on a platform. It is possible to add another types in the future. Signed-off-by: Volodymyr Babchuk --- All the patches to optee.c should be merged together. They were split to ease up review. But they depend heavily on each other. Changes from v4: - "native" option was replaced with "optee" - "tee" property was moved from arch-specific section to the global one. Documentation moved inside "Devices" section. Changes from v3: - tee_enabled renamed to tee_type. Currently two types are supported as described in the commit message - Add LIBXL_HAVE_BUILDINFO_ARCH_ARM_TEE definition Changes from v2: - Use arch.tee_enabled instead of separate domctl --- docs/man/xl.cfg.5.pod.in | 19 +++++++++++++++++++ tools/libxl/libxl.h | 5 +++++ tools/libxl/libxl_arm.c | 13 +++++++++++++ tools/libxl/libxl_types.idl | 6 ++++++ tools/xl/xl_parse.c | 9 +++++++++ 5 files changed, 52 insertions(+) diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in index c7d70e618b..73c64dc896 100644 --- a/docs/man/xl.cfg.5.pod.in +++ b/docs/man/xl.cfg.5.pod.in @@ -1544,6 +1544,25 @@ Set maximum height for pointer device. =back +=item B + +Set TEE type for the guest. TEE is a Trusted Execution Environment -- separate +secuse OS found on some platforms. + +=over 4 + +=item B<"none"> + +Disable TEE support at all. This is the default value. + +=item B<"optee"> + +Allow guest to access to OP-TEE enabled on the platform. Guest will not be created +if platform does not have OP-TEE with virtualization feature or if OP-TEE will +deny access. + +=back + =back =head2 Paravirtualised (PV) Guest Specific Options diff --git a/tools/libxl/libxl.h b/tools/libxl/libxl.h index 482499a6c0..294a92f645 100644 --- a/tools/libxl/libxl.h +++ b/tools/libxl/libxl.h @@ -273,6 +273,11 @@ */ #define LIBXL_HAVE_BUILDINFO_ARM_GIC_VERSION 1 +/* + * libxl_domain_build_info has the arch_arm.tee field. + */ +#define LIBXL_HAVE_BUILDINFO_ARCH_ARM_TEE 1 + /* * LIBXL_HAVE_SOFT_RESET indicates that libxl supports performing * 'soft reset' for domains and there is 'soft_reset' shutdown reason diff --git a/tools/libxl/libxl_arm.c b/tools/libxl/libxl_arm.c index 141e159043..6b72c00960 100644 --- a/tools/libxl/libxl_arm.c +++ b/tools/libxl/libxl_arm.c @@ -89,6 +89,19 @@ int libxl__arch_domain_prepare_config(libxl__gc *gc, return ERROR_FAIL; } + switch (d_config->b_info.tee) { + case LIBXL_TEE_TYPE_NONE: + config->arch.tee_type = XEN_DOMCTL_CONFIG_TEE_NONE; + break; + case LIBXL_TEE_TYPE_OPTEE: + config->arch.tee_type = XEN_DOMCTL_CONFIG_TEE_OPTEE; + break; + default: + LOG(ERROR, "Unknown TEE type %d", + d_config->b_info.tee); + return ERROR_FAIL; + } + return 0; } diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl index cb4702fd7a..4eaccd2cc7 100644 --- a/tools/libxl/libxl_types.idl +++ b/tools/libxl/libxl_types.idl @@ -460,6 +460,11 @@ libxl_gic_version = Enumeration("gic_version", [ (0x30, "v3") ], init_val = "LIBXL_GIC_VERSION_DEFAULT") +libxl_tee_type = Enumeration("tee_type", [ + (0, "none"), + (1, "optee") + ], init_val = "LIBXL_TEE_TYPE_NONE") + libxl_rdm_reserve = Struct("rdm_reserve", [ ("strategy", libxl_rdm_reserve_strategy), ("policy", libxl_rdm_reserve_policy), @@ -537,6 +542,7 @@ libxl_domain_build_info = Struct("domain_build_info",[ ("nested_hvm", libxl_defbool), ("apic", libxl_defbool), ("dm_restrict", libxl_defbool), + ("tee", libxl_tee_type), ("u", KeyedUnion(None, libxl_domain_type, "type", [("hvm", Struct(None, [("firmware", string), ("bios", libxl_bios_type), diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c index 352cd214dd..d98ad0cffb 100644 --- a/tools/xl/xl_parse.c +++ b/tools/xl/xl_parse.c @@ -2690,6 +2690,15 @@ skip_usbdev: } } + if (!xlu_cfg_get_string (config, "tee", &buf, 1)) { + e = libxl_tee_type_from_string(buf, &b_info->tee); + if (e) { + fprintf(stderr, + "Unknown tee \"%s\" specified\n", buf); + exit(-ERROR_FAIL); + } + } + parse_vkb_list(config, d_config); xlu_cfg_destroy(config);