There are cases in a virtualized environment where a privileged guest needs to communicate with OP-TEE OS without the presence of a hypervisor (eg system recovery). As OP-TEE OS with virtualization support requires all guests to be announced and requests to be tagged with vm id, the above task would require reflashing OP-TEE OS with a build that disables virtualization support.
The following patches introduce compatibilty between a natively running OS (ie without a hypervisor) and OP-TEE OS configured with virtualization support. This is achieved by the driver announcing itself to OP-TEE, and tagging subsequent requests with a predetermined vm id.
For this change to be interoperable with virtualized environments, a hypervisor has the following options:
1. Filter out the OPTEE_SMC_SEC_CAP_VIRTUALIZATION capability, so that the driver is not aware of executing in a virtualized setup. In that case, the driver will not announce itself or update the vm id parameter.
2. Gracefully handle the announcement of addition / removal of guests from the driver (OPTEE_SMC_VM_CREATED / OPTEE_SMC_VM_DESTROYED), and overwrite the vm id parameter as normal.
Enabling this option does not have an impact on OP-TEE OS configured without virtualization support.
Please notice that this patch depends on 9733b072a12a from mainline Linux, which is not available in Linaro's tree.
Michalis Pappas (2): tee: optee: Add protocol definitions for virtualization tee: optee: Allow native systems to interact with virtualization-enabled OP-TEE
drivers/tee/optee/Kconfig | 23 +++++++++++++++ drivers/tee/optee/core.c | 43 ++++++++++++++++++++++++++++ drivers/tee/optee/optee_smc.h | 54 +++++++++++++++++++++++++++++++++++ 3 files changed, 120 insertions(+)
-- 2.17.1
Please mind our privacy noticehttps://www.opensynergy.com/datenschutzerklaerung/privacy-notice-for-business-partners-pursuant-to-article-13-of-the-general-data-protection-regulation-gdpr/ pursuant to Art. 13 GDPR. // Unsere Hinweise zum Datenschutz gem. Art. 13 DSGVO finden Sie hier.https://www.opensynergy.com/de/datenschutzerklaerung/datenschutzhinweise-fuer-geschaeftspartner-gem-art-13-dsgvo/