Hi,
Subject: Re: [Tee-dev] TEE with XEN
Hi Peng,
On Mon, 15 Jun 2020 at 05:07, Peng Fan peng.fan@nxp.com wrote:
Hi All,
While enabling trusty os with xen, I took same approach as OP-TEE, with OP-TEE running in secure world. But I am also thinking this might introduce potential issue is that secure world OS communicate with DomU. If there are some misbehavior in secure world OS, it might let XEN hypervisor not work proper.
In my setup, trusty os sometimes panic in secure world, xen will not able to control the panic core anymore.
So I am thinking whether we need to emulating secure world in a XEN VM which is the VM running DomU. Just like what ACRN did to run trusty os.
Well, it depends on whom you are trusting more. Both XEN and TEE are minimal OS implementations with aim at security.
XEN is targeting safety. TEE is targeting security.
I'm speaking about generic
TEE OS, not about particular OS like OP-TEE or Trusty. Problem is that, if TEE is running inside VM, it will be susceptible to a hypervisor misbehaviour. You need to understand that Xen and privileged domain (dom0, mostly) can access memory of any guest. At least, in default configuration. There are means to harden this setup. But anyways, Xen can't be stopped from reading TEE's secrets.
Yes. Understand.
If this is okay for your needs, then you can run TEE as a VM of course.
So, this is heavilly depends on your security threats model. There can't be universal solution. Also, I'm proposing to check Google's requirements for Trusty environment.
Let me try to ask Google guys to see any feedback.
Thanks, Peng.
Do they allow it to run outside of TrustZone? For example, GPD TEE System Architecture document clearly says that TEE should be separated from REE by hardware mechanisms that are not controlled by REE (section 2.2.1). I believe, that should be a similar document for Trusty.
-- WBR Volodymyr Babchuk aka lorc [+380976646013] mailto: vlad.babchuk@gmail.com