On 28.07.20 07:36, Rick Xu wrote:
I encountered a problem. Our hardware does not support SMMU. How will
this affect the use of Jailhouse?
This won't prevent the usage of Jailhouse. If you scan configs/arm64,
many boards to not have an SMMU configured, still they work.
But you won't achieve safe & secure isolation between cells without an
SMMU. That's because cell can now misprogram assigned hardware to target
memory outside of their range with DMA requests.
A degrade setup under such conditions would be promoting one cell as
trusted, assigning all DMA-capable hardware to it so that it can drive
it also on behalf of other cells that may only have virtual devices
(bare ivshmem, virtio over ivshmem) or DMA-uncapable hardware. But that
is rarely realizable.
Jan
--
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux
--
You received this message because you are subscribed to the Google Groups
"Jailhouse" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jailhouse-dev/25e2314e-ff29-c14e-2a07-b9ad04616f21%40siemens.com.
