Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reserve Device ID 46 for TEE Device #175

Closed
jeshwanthamd opened this issue Sep 6, 2023 · 9 comments
Closed

Reserve Device ID 46 for TEE Device #175

jeshwanthamd opened this issue Sep 6, 2023 · 9 comments
Labels
virtio-v1.4-cs01

Comments

@jeshwanthamd
Copy link

jeshwanthamd commented Sep 6, 2023
edited by mstsirkin
Loading

Please reserve device ID 46 for the TEE device as requested in https://lists.oasis-open.org/archives/virtio-comment/202309/msg00341.html
@jeshwanthamd
Copy link
Author

@cohuck Any feedback on this issue?

@KANGKANGABC
Copy link

You mentioned that there is a certain demand for virtio-tee in the industry, but there are a few things to consider:
1.Whether security can be accepted and whether there are encryption measures to maintain a certain degree of isolation with HostOS?
2.Abstract to what level? API compatible or App compatible or Module compatible?

@jeshwanthamd
Copy link
Author

You mentioned that there is a certain demand for virtio-tee in the industry, but there are a few things to consider: 1.Whether security can be accepted and whether there are encryption measures to maintain a certain degree of isolation with HostOS? 2.Abstract to what level? API compatible or App compatible or Module compatible?

Hi @KANGKANGABC
We are yet to publish the spec, the questions are not in scope at this stage. I would recommend let this issue scope only for reserving an ID for TEE Device.

@jeshwanthamd
Copy link
Author

Hi,
Below is the updated patch.

https://lists.oasis-open.org/archives/virtio-dev/202309/msg00351.html

@jeshwanthamd
Copy link
Author

Sent this patch to virtio-comment also as per the review comment.
https://lists.oasis-open.org/archives/virtio-comment/202309/msg00311.html

@jeshwanthamd
Copy link
Author

@paravmellanox Can you please help take this forward?

@jeshwanthamd
Copy link
Author

v3 of the patch available in https://lists.oasis-open.org/archives/virtio-comment/202309/msg00341.html

@cohuck
Copy link
Contributor

cohuck commented Oct 10, 2023

BALLOT CREATED AT URL: https://www.oasis-open.org/committees/ballot.php?id=3798

cohuck pushed a commit that referenced this issue Oct 30, 2023
@jeshwanthamd @cohuck
virtio-tee: Reserve device ID 46 for TEE device
3fdaa17 
In a virtual environment, an application running in guest VM may want
to delegate security sensitive tasks to a Trusted Application (TA)
running within a Trusted Execution Environment (TEE). A TEE is a trusted
OS running in some secure environment, for example, TrustZone on ARM
CPUs, or a separate secure co-processor etc.

A virtual TEE device emulates a TEE within a guest VM. Such a virtual
TEE device supports multiple operations such as:

VIRTIO_TEE_CMD_OPEN_DEVICE – Open a communication channel with virtio
                             TEE device.
VIRTIO_TEE_CMD_CLOSE_DEVICE – Close communication channel with virtio
                              TEE device.
VIRTIO_TEE_CMD_GET_VERSION – Get version of virtio TEE.
VIRTIO_TEE_CMD_OPEN_SESSION – Open a session to communicate with
                              trusted application running in TEE.
VIRTIO_TEE_CMD_CLOSE_SESSION – Close a session to end communication
                               with trusted application running in TEE.
VIRTIO_TEE_CMD_INVOKE_FUNC – Invoke a command or function in trusted
                             application running in TEE.
VIRTIO_TEE_CMD_CANCEL_REQ – Cancel an ongoing command within TEE.
VIRTIO_TEE_CMD_REGISTER_MEM - Register shared memory with TEE.
VIRTIO_TEE_CMD_UNREGISTER_MEM - Unregister shared memory from TEE.

We would like to reserve device ID 46 for Virtio-TEE device.

Fixes: #175

Signed-off-by: Jeshwanth Kumar <jeshwanthkumar.nk@amd.com>
Reviewed-by: Rijo Thomas <Rijo-john.Thomas@amd.com>
Reviewed-by: Parav Pandit <parav@nvidia.com>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
@paravmellanox
Copy link
Contributor

Following commit fixes the issue:
3fdaa17 virtio-tee: Reserve device ID 46 for TEE device

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
virtio-v1.4-cs01
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mstsirkin @cohuck @KANGKANGABC @paravmellanox @jeshwanthamd