On Wed, Dec 02, 2020 at 07:54:48AM +0000, Alex Bennée via Stratos-dev wrote:
Masami Hiramatsu masami.hiramatsu@linaro.org writes:
Hi Alex,
Have you enabled the OP-TEE support on Xen on your matchartbin?
No I haven't... I'm not even sure how you would do so.
When I ran Xen Dom0 with OP-TEE, I got below error.
[ 6.482047] optee: probing for conduit method. (XEN) d0v18 Unhandled SMC/HVC: 0xbf00ff01 [ 6.482301] nvme nvme0: 1/0/0 default/read/poll queues [ 6.490154] optee: api uid mismatch [ 6.498962] optee: probe of firmware:optee failed with error -22
Would you know this issue?
No - perhaps some of the security folk have some insight?
When the kernel first run it either does a SMC or a HVC to see whether OP-TEE is running and runs with the expected version. I believe that is what is failing here. Which one depends on what you have it configured to be in DT. Since this is Xen it must be configured to use HVC. So as Ruchika mentioned in another reply, I'd guess that OP-TEE (TEE core on secure side hasn't been built with Virtualization enabled). It's a long time since I tried this personally, but the information for how to run it can be found here: https://optee.readthedocs.io/en/latest/architecture/virtualization.html
Hi Joakim,
2020年12月2日(水) 17:10 Joakim Bech joakim.bech@linaro.org:
On Wed, Dec 02, 2020 at 07:54:48AM +0000, Alex Bennée via Stratos-dev wrote:
Masami Hiramatsu masami.hiramatsu@linaro.org writes:
Hi Alex,
Have you enabled the OP-TEE support on Xen on your matchartbin?
No I haven't... I'm not even sure how you would do so.
When I ran Xen Dom0 with OP-TEE, I got below error.
[ 6.482047] optee: probing for conduit method. (XEN) d0v18 Unhandled SMC/HVC: 0xbf00ff01 [ 6.482301] nvme nvme0: 1/0/0 default/read/poll queues [ 6.490154] optee: api uid mismatch [ 6.498962] optee: probe of firmware:optee failed with error -22
Would you know this issue?
No - perhaps some of the security folk have some insight?
When the kernel first run it either does a SMC or a HVC to see whether OP-TEE is running and runs with the expected version. I believe that is what is failing here. Which one depends on what you have it configured to be in DT. Since this is Xen it must be configured to use HVC. So as Ruchika mentioned in another reply, I'd guess that OP-TEE (TEE core on secure side hasn't been built with Virtualization enabled). It's a long time since I tried this personally, but the information for how to run it can be found here: https://optee.readthedocs.io/en/latest/architecture/virtualization.html
Thank you for the information. Yes, currently I configured OP-TEE to use SMC on my machine. OK, I'll try to follow the above instruction.
Thanks,
-- Regards, Joakim
stratos-dev@op-lists.linaro.org
-
Joakim Bech -
Masami Hiramatsu