On 08/23/2018 02:57 PM, Volodymyr Babchuk wrote:
Hi Julien,
Hi Volodymyr,
On 23.08.18 16:43, Julien Grall wrote:
I don't think we should use XSM to enforce the use of TEE. This
contradictory to your next patch where you let the user configure
OP-TEE for a given guest.
IHMO, XSM should only be used to restrict usage of calls in a fine
grain. For an overall control, that should be go through a DOMCTL tell
Xen to initialize OP-TEE for that domain.
Just to be sure. You are proposing to add flag "TEE_ENABLED" for a
domain and set it during domain construction, based on configuration,
right?
I am suggesting another field xen_arch_domainconfig to tell whether TEE
needs to be enabled.
What did you mean by "fine grain"?
XSM is mostly used to decided whether a given hypercall can be used by a
domain. Here you use it to tell whether the whole TEE can be used for a
domain.
You probably don't need any XSM for your use case here as you want the
guest to access, if enabled, all the OP-TEE calls.
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
[email protected]
https://lists.xenproject.org/mailman/listinfo/xen-devel
