Volodymyr Babchuk writes ("[Xen-devel] [PATCH v5 09/10] tools/arm: tee: add "tee" option for xl.cfg"):
This enumeration controls TEE type for a domain. Currently there is two possible options: either 'none' or 'optee'.
'none' is the default value and it basically disables TEE support at all.
'native' enables access to a "real" OP-TEE installed on a platform.
It is possible to add another types in the future.
Could improve this bit maybe ?
+=item B<"optee">
+Allow guest to access to OP-TEE enabled on the platform. Guest will not be created +if platform does not have OP-TEE with virtualization feature or if OP-TEE will +deny access.
To me (who doesn't really understand this stuff very well) this doesn't answer a very important question: if I enable this, what (if any) host/machine/&c resources will this grant the guest access to ?
It sounds like the the answer should be "none", because if I search for "op-tee" online I would get the impression that it is an emulator. Normally granting access to an emulator does not grant access to host resources.
But in this series you talk about it being a mediator so I suspect that is not right.
Ian.