Hello all,
This is follow for patch series [1]. There was lots of discussions for that series and I tried to address all of them in this new patchset.
Currently, I had a working solution for OP-TEE virtualization and it is being upstreamed right now ([2]). So, I think it is a good time to introduce support in XEN as well.
This series include generic TEE mediator framework and full-scale OP-TEE mediator which is working with mentioned chages in OP-TEE. So, multiple domains can work simultaneously with OP-TEE.
I added XSM support, so now it is possible to control which domains can work with TEEs. Also I changed way how TEE discovery is done. Now it is very generic and should support any platform.
[1] https://lists.xenproject.org/archives/html/xen-devel/2017-10/msg01451.html [2] https://github.com/OP-TEE/optee_os/pull/2370
Volodymyr Babchuk (6): arm: add SMC wrapper that is compatible with SMCCC arm: add generic TEE mediator framework arm: tee: add OP-TEE header files optee: add OP-TEE mediator libxl: create DTS node for OP-TEE if it is enabled xsm: add tee access policy support
MAINTAINERS | 5 + tools/flask/policy/modules/dom0.te | 3 + tools/flask/policy/modules/domU_with_tee.te | 23 + tools/flask/policy/modules/modules.conf | 1 + tools/flask/policy/modules/xen.if | 12 + tools/libxl/libxl_arm.c | 29 + tools/libxl/libxl_create.c | 1 + tools/libxl/libxl_types.idl | 1 + tools/xl/xl_parse.c | 1 + xen/arch/arm/Kconfig | 10 + xen/arch/arm/Makefile | 1 + xen/arch/arm/arm32/Makefile | 1 + xen/arch/arm/arm32/smc.S | 39 ++ xen/arch/arm/arm64/Makefile | 1 + xen/arch/arm/arm64/asm-offsets.c | 4 + xen/arch/arm/arm64/smc.S | 30 + xen/arch/arm/domain.c | 7 + xen/arch/arm/setup.c | 4 + xen/arch/arm/shutdown.c | 2 + xen/arch/arm/tee/Kconfig | 4 + xen/arch/arm/tee/Makefile | 2 + xen/arch/arm/tee/optee.c | 972 ++++++++++++++++++++++++++++ xen/arch/arm/tee/tee.c | 89 +++ xen/arch/arm/vsmc.c | 5 + xen/arch/arm/xen.lds.S | 7 + xen/include/asm-arm/processor.h | 11 + xen/include/asm-arm/tee/optee_msg.h | 444 +++++++++++++ xen/include/asm-arm/tee/optee_smc.h | 507 +++++++++++++++ xen/include/asm-arm/tee/tee.h | 103 +++ xen/include/xsm/dummy.h | 10 + xen/include/xsm/xsm.h | 13 + xen/xsm/dummy.c | 4 + xen/xsm/flask/hooks.c | 15 + xen/xsm/flask/policy/access_vectors | 7 + xen/xsm/flask/policy/security_classes | 1 + 35 files changed, 2369 insertions(+) create mode 100644 tools/flask/policy/modules/domU_with_tee.te create mode 100644 xen/arch/arm/arm32/smc.S create mode 100644 xen/arch/arm/arm64/smc.S create mode 100644 xen/arch/arm/tee/Kconfig create mode 100644 xen/arch/arm/tee/Makefile create mode 100644 xen/arch/arm/tee/optee.c create mode 100644 xen/arch/arm/tee/tee.c create mode 100644 xen/include/asm-arm/tee/optee_msg.h create mode 100644 xen/include/asm-arm/tee/optee_smc.h create mode 100644 xen/include/asm-arm/tee/tee.h