+Bertrand and Stefano
On 16/06/2020 02:24, Volodymyr Babchuk wrote:
Hi Peng,
On Mon, 15 Jun 2020 at 05:07, Peng Fan peng.fan@nxp.com wrote:
Hi All,
While enabling trusty os with xen, I took same approach as OP-TEE, with OP-TEE running in secure world. But I am also thinking this might introduce potential issue is that secure world OS communicate with DomU. If there are some misbehavior in secure world OS, it might let XEN hypervisor not work proper.
In my setup, trusty os sometimes panic in secure world, xen will not able to control the panic core anymore.
May I ask in which case Trusty is panicking?
So I am thinking whether we need to emulating secure world in a XEN VM which is the VM running DomU. Just like what ACRN did to run trusty os.
Well, it depends on whom you are trusting more. Both XEN and TEE are minimal OS implementations with aim at security. I'm speaking about generic TEE OS, not about particular OS like OP-TEE or Trusty. Problem is that, if TEE is running inside VM, it will be susceptible to a hypervisor misbehaviour. You need to understand that Xen and privileged domain (dom0, mostly) can access memory of any guest. At least, in default configuration. There are means to harden this setup. But anyways, Xen can't be stopped from reading TEE's secrets.
IIRC, we discussed this approach for OP-TEE in the past. There was other potential pitfalls with it. For instance, you wouldn't be able to directly access any secure device from that guest (it is running in non-secure world).
There are also issues in term of latency as you may have the following model:
domU -> Xen -> domU TEE -> (Xen -> host TEE -> Xen -> domU TEE) -> Xen -> domU.
The bit in () is if you require to call the host TEE.
One possibility would be to use Secure-EL2 for your Trusty OS. But I don't know whether your platform supports it.
Depending on whether you can modify Trusty OS, alternative would be to make itvirtualization aware as OP-TEE did. The core would need to be resilient and the panic only affect a given client.
Cheers,