Hi Tamas,
On 02/09/2017 06:11 PM, Tamas K Lengyel wrote:
On Wed, Feb 8, 2017 at 5:08 PM, Julien Grall <julien.gr...@arm.com> wrote:
On 08/02/2017 23:28, Tamas K Lengyel wrote:
On Wed, Feb 8, 2017 at 3:04 PM, Julien Grall <julien.gr...@arm.com> wrote:
You haven't understood my point. Xen is currently emulating PSCI call for
the guest to allow powering up and down the CPUs and other stuff. If you
decide to trap all the SMCs, you would have to handle them.
Sure, it's more work on the monitor side, but other then that, what's
the problem?
Because you will have to introduce hypercalls to get all the necessary
information from Xen that will not be available from outside.
Given that SMC has been designed to target different services (PSCI,
Trusted OS...) it would be normal to have monitor app only monitoring a
certain set of SMC call. You cannot deny a such use case as it would
avoid an monitor app to handle every single call that would be consumed
by XEN but not forwarded to the secure firmware.
And yes it is emulation as you don't seem to be willing passing those SMC to
the firmware or even back to Xen. If we expect a VM to emulate a trusted
firmware, then you have a security problem. Some hardware may be only
accessible through the secure world and I doubt some trusted app vendor will
be willing to move cryptography stuff in non secure world. I would highly
recommend to skim through the OP-TEE thread, it will provide you some
insights of the constraints.
The firmware is not hardware, it's just a piece of code that has been
baked into the board in some manner. Emulation in my book is doing in
software what hardware is supposed to do. I don't expect all vendors
to be happy to move their proprietary whatever to a VM. Again, this is
an experimental setup with no real world applications at the moment.
As for certain hardware being only accessible from the TZ, in that
case the monitor application would have to call into the firmware. My
setup doesn't prohibit using the TZ, it just prohibits it being
accessible from untrusted guests directly.
To be honest, I am not here to criticize your project or else. I am just
trying to explain you there are other potential use cases and we should
not ignore them.
I am also not expecting none of the person involved in the thread to
write the code now. However, it is always good to have a full view and
get a direction how it should go.
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
