Hell all,
Just a small update and one question.
Currently I have the PoC for proposed approach. Right now it halfly consist of hacks, but anyways, I'm able to run xtest in two domains in parallel. And it even passes :) If someone is really interested, then you can find this PoC at [1]. But it is in very pity state. I'm reworking it shape into something that can be pushed for a review.
And so I have a question. One of my changes introduces new VA space, where I map whole secure RAM. This simplifies guests pagetables management and some other tasks. Something similar is done in the pager code, but pager creates alias mappings in runtime, only for pages that it want to access. But for me it is easier to have a static view of a whole secure RAM, than to remap needed pages in runtime. So, this is my question: is that design decision in pager was intentional? Like, from security standpoint it is better not to have whole secure RAM mapped or something like that...
There are two options before me: I can leave whole secure RAM mapped and make pager to use this mapping, or I can make my code to behave like pager (i.e. map needed pages dynamically).
What do you think?
[1] https://github.com/lorc/optee_os/tree/virt_hard