Dears,
May I know is there any tee virtualization implementation on RENESAS RCAR3 platform?
............................................... Kind Regards / 美好祝愿 Xu Wei / 徐伟 Central Technology, Innovation & Technology Center / 技术中心, 技术研究院 Advanced Development Singapore / 前期研发, 新加坡 Desay SV Automotive Singapore Pte. Ltd. 德赛西威汽车电子新加坡有限公司 Address地址: 3A International Business Park #09-13 Tower B ICON@IBP, Singapore 609935 Post Code邮编: 609935 Tel. 电话: (65) 63021703 Fax.传真: (65) 66594779 E-mail邮箱: wade.xu@desay-svautomotive.com Website网址: http://www.desaysv.com/
Hi Xuwei,
On Fri, Oct 4, 2019 at 8:42 AM Xu, Wei SGP Wade.Xu@desay-svautomotive.com wrote:
Dears,
May I know is there any tee virtualization implementation on RENESAS RCAR3 platform?
If you're talking about Normal World virtualization, then yes, OP-TEE supports it. Volodymyr (CC'd) can probably tell more since he is the main contributor and maintainer of the virtualization code and of the RCAR platform (see the MAINTAINERS file [1]).
If you're considering Secure World virtualization (multiple TEE instances), then no, OP-TEE doesn't support it yet.
[1] https://github.com/OP-TEE/optee_os/blob/master/MAINTAINERS
Hello Wei,
Xu, Wei SGP writes:
May I know is there any tee virtualization implementation on RENESAS RCAR3 platform?
Yes, it is in Technological Preview state right now. I implemented support in OP-TEE and Xen hypervisor (and there is a small patch to Linux kernel).
It is all merged into mainlines, but problem is that Renesas uses quite old versions of software. Also, they have own flavor of OP-TEE, which is not compatible with virtualization.
So, if you want to try virtualization on your platform, you need to perform some additional actions.
Basically you need:
1. Revert Renesas patch to optee driver in Linux
2. Backport all optee patches from Linux mainline to your kernel.
3. Take and build the latest OP-TEE release from OP-TEE mainline (at https://github.com/OP-TEE/optee_os). Don't forget to enable virtualization support with CFG_VIRTUALIZATION=y
4. Also build OP-TEE client from mainline.
5. Take either Xen 4.12 or master branch, enable expert mode, by doing "export XEN_CONFIG_EXPERT=y" and build it with OP-TEE mediator support.
You can contact me for details.
Also, there is an instruction how to build our whole system with 3 domains: https://github.com/xen-troops/meta-xt-prod-devel/blob/master/INSTALL.txt
It will include OP-TEE with virtualization and Android with OP-TEE keymaster support.
The only problem, that we didn't tested it for a while. So there can be glitches.
-- Volodymyr Babchuk at EPAM
Hi, Volodymyr,
Thanks for your comments. Let's study it first
.......................................... Kind Regards / 美好祝愿 Xu Wei / 徐伟
-----Original Message----- From: Volodymyr Babchuk [mailto:Volodymyr_Babchuk@epam.com] Sent: Friday, 4 October 2019 7:33 PM To: tee-dev@lists.linaro.org; Xu, Wei SGP Wade.Xu@desay-svautomotive.com Cc: Artem Mygaiev Artem_Mygaiev@epam.com Subject: Re: [Tee-dev] tee virtualization on renesas RCAR3 platform
Hello Wei,
Xu, Wei SGP writes:
May I know is there any tee virtualization implementation on RENESAS RCAR3 platform?
Yes, it is in Technological Preview state right now. I implemented support in OP-TEE and Xen hypervisor (and there is a small patch to Linux kernel).
It is all merged into mainlines, but problem is that Renesas uses quite old versions of software. Also, they have own flavor of OP-TEE, which is not compatible with virtualization.
So, if you want to try virtualization on your platform, you need to perform some additional actions.
Basically you need:
1. Revert Renesas patch to optee driver in Linux
2. Backport all optee patches from Linux mainline to your kernel.
3. Take and build the latest OP-TEE release from OP-TEE mainline (at https://github.com/OP-TEE/optee_os). Don't forget to enable virtualization support with CFG_VIRTUALIZATION=y
4. Also build OP-TEE client from mainline.
5. Take either Xen 4.12 or master branch, enable expert mode, by doing "export XEN_CONFIG_EXPERT=y" and build it with OP-TEE mediator support.
You can contact me for details.
Also, there is an instruction how to build our whole system with 3 domains: https://github.com/xen-troops/meta-xt-prod-devel/blob/master/INSTALL.txt
It will include OP-TEE with virtualization and Android with OP-TEE keymaster support.
The only problem, that we didn't tested it for a while. So there can be glitches.
-- Volodymyr Babchuk at EPAM
-
Jérôme Forissier -
Volodymyr Babchuk -
Xu, Wei SGP