MT103/202 DIRECT WIRE TRANSFER PAYPAL TRANSFER CASHAPP TRANSFER ZELLE TRANSFER LOAN DEAL TRANSFER WISE WESTERN UNION TRANSFER BITCOIN FLASHING BANK ACCOUNT LOADING/FLASHING IBAN TO IBAN TRANSFER MONEYGRAM TRANSFER IPIP/DTC SLBC PROVIDER CREDIT CARD TOP UP DUMPS/ PINS SEPA TRANSFER WIRE TRANSFER BITCOIN TOP UP GLOBALPAY INC US SKRILL USA UNIONPAY RECEIVER
Thanks. NOTE; ONLY SERIOUS / RELIABLE RECEIVERS CAN CONTACT. DM ME ON WHATSAPP +44 7529 555638 On Wednesday, May 10, 2023 at 4:37:11 PM UTC+1 Jan Kiszka wrote: > On 10.05.23 16:21, 'Vladimir Neyelov' via Jailhouse wrote: > > HI all, > > We use jailhouse hypervisor on our platforms. Standard configuration is > > root cell - linux, secondary cell - ThreadX. But now we want to add > > optee os support. How jailhouse can interact with optee os. What is the > > common way to run optee os in jailhouse. > > OP-TEE OS runs in secure word, Jailhouse runs in non-secure EL2. All > what Jailhouse has to deal with are service calls from EL1 and above to > EL3 and, eventually, to the secure world. Jailhouse traps all SMC calls > and only handles or forwards a view of them, see > > https://github.com/siemens/jailhouse/blob/e57d1eff6d55aeed5f977fe4e2acfb6ccbdd7560/hypervisor/arch/arm-common/smccc.c#L117 > . > > Now, simply allowing all calls to OP-TEE is likely no option as those > may either have side effects on the platform. If they follow a standard > calling convention, maybe a permission list could be created and then > enforced by Jailhouse according to a cell configuration. I vaguely > recall similar thoughts about other EL3-targeting calls. Key issue, also > there, is that you can police access just based on service call IDs or so. > > But the situation may be even more complicated when a TEE service or the > OS itself are not aware of partitioning and not keeping requests from > different instances (which could be different cells in Jailhouse) separate. > > Obviously: Anything that is harmless by design and across all boards and > TEE implementations could be allowed by default in Jailhouse, but I'm > not expecting to find much of that. > > Jan > > -- > Siemens AG, Technology > Competence Center Embedded Linux > > -- You received this message because you are subscribed to the Google Groups "Jailhouse" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jailhouse-dev/3b233d96-6ddd-4fe0-9b81-f469d435bdb9n%40googlegroups.com.
