On 10.05.23 16:21, 'Vladimir Neyelov' via Jailhouse wrote: > HI all, > We use jailhouse hypervisor on our platforms. Standard configuration is > root cell - linux, secondary cell - ThreadX. But now we want to add > optee os support. How jailhouse can interact with optee os. What is the > common way to run optee os in jailhouse.
OP-TEE OS runs in secure word, Jailhouse runs in non-secure EL2. All what Jailhouse has to deal with are service calls from EL1 and above to EL3 and, eventually, to the secure world. Jailhouse traps all SMC calls and only handles or forwards a view of them, see https://github.com/siemens/jailhouse/blob/e57d1eff6d55aeed5f977fe4e2acfb6ccbdd7560/hypervisor/arch/arm-common/smccc.c#L117. Now, simply allowing all calls to OP-TEE is likely no option as those may either have side effects on the platform. If they follow a standard calling convention, maybe a permission list could be created and then enforced by Jailhouse according to a cell configuration. I vaguely recall similar thoughts about other EL3-targeting calls. Key issue, also there, is that you can police access just based on service call IDs or so. But the situation may be even more complicated when a TEE service or the OS itself are not aware of partitioning and not keeping requests from different instances (which could be different cells in Jailhouse) separate. Obviously: Anything that is harmless by design and across all boards and TEE implementations could be allowed by default in Jailhouse, but I'm not expecting to find much of that. Jan -- Siemens AG, Technology Competence Center Embedded Linux -- You received this message because you are subscribed to the Google Groups "Jailhouse" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jailhouse-dev/716a8a07-3a7f-f20f-d08a-a9cb4ee607c2%40siemens.com.
