Secure interrupt (interrupt belongs to TEE) comes when TEE vcpu is running, the interrupt will be injected to TEE directly. But when REE vcpu is running at that time, we need to switch to TEE for hand

This patch implements the following x86_tee hypercalls, - HC_TEE_VCPU_BOOT_DONE - HC_SWITCH_EE Tracked-On: #6571 Signed-off-by: Jie Deng <jie.deng@...> --- hypervisor/arch/x86/guest/optee.c | 99

This patch adds the x86_tee hypercall interfaces. - HC_TEE_VCPU_BOOT_DONE This hypercall is used to notify the hypervisor that the TEE VCPU Boot is done, so that we can sleep the corresponding TEE VCP

TEE is a secure VM which has its own partitioned resources while REE is a normal VM which owns the rest of platform resources. The TEE, as a secure world, it can see the memory of the REE VM, also kno

Given an e820, this API creates an identical memmap for a specified e820 memory type. Tracked-On: #6571 Signed-off-by: Jie Deng <jie.deng@...> --- hypervisor/arch/x86/guest/vm.c | 18 +++++++++++

Add a configuration to support companion VM. Tracked-On: #6571 Signed-off-by: Jie Deng <jie.deng@...> --- hypervisor/include/arch/x86/asm/vm_config.h | 1 + misc/config_tools/schema/config.xsd |

Add two VM flags for x86_tee. GUEST_FLAG_TEE for TEE VM, GUEST_FLAG_REE for normal rich VM. Tracked-On: #6571 Signed-off-by: Jie Deng <jie.deng@...> --- hypervisor/include/public/acrn_common.h |

The first batch of x86_tee patch 064fd7647f16 ("hv: add priority based scheduler") was got merged. This is the second batch of x86_tee patch set, which includes the following features: - VM flags supp

TEE starts earlier in our configuration. Long time ago, I have ever used synchronization APIs to do this. 1. REE call "vcpu_make_request" to wait. 2. when get the notification from TEE, call signal_ev

I didn't consider normal VM because in our current SCENARIO, we will only have two VMs, TEE and REE. But I think we can add a NORMAL_VM_IS_RUNNING to indicate normal VM here. OK. Because OPTEE call th

No deadloop here since "start_vm" will change the vm->state. But I didn't remember why I use "while" instead of "if" here. For now, it seems "If" is also OK. So If you also don't see any problem here.

"loop search" is removed in 6/7 with the concept of companion VM. Will try to refine this two patches. TEE starts first, it may run and send the notification very quickly. But at this moment, the REE

OK. Will move to the outside. I think both continue and break can't help to recover the error. We need a ASSERT here. But we can only start_vm() when there is no error in prepare_vm(). Check it direct

The TEE's memory (GPA to HPA) is identical mapping so it can't start from 0. But TEE need to access GPA < 1M for its trampoline code. We reserved 4K for this purpose. prepare_service_vm_memmap is usin

TEE VM doesn't need to see the non-secure devices of REE. Tracked-On: #6571 Signed-off-by: Jie Deng <jie.deng@...> --- hypervisor/arch/x86/guest/vm.c | 13 +++++++++---- 1 file changed, 9 inserti

Add the concept of companion VM in configuration so that we use it to refine the "get_tee_vm()" to avoid loop search. Tracked-On: #6571 Signed-off-by: Jie Deng <jie.deng@...> --- hypervisor/arch

Secure interrupt (interrupt belongs to TEE) comes when TEE vcpu is running, the interrupt will be injected to TEE directly. But when REE vcpu is running at that time, we need to switch to TEE for hand

This patch implements the following x86_tee hypercalls, - HC_TEE_BOOT_DONE - HC_SWITCH_EE Tracked-On: #6571 Signed-off-by: Jie Deng <jie.deng@...> --- hypervisor/arch/x86/guest/tee.c | 159 +++++

TEE is a secure VM which has its own partitioned resources while REE is a normal VM which owns the rest of platform resources. The TEE, as a secure world, it can see the memory of the REE VM, also kno

This patch adds the x86_tee hypercall interfaces. - HC_TEE_BOOT_DONE This hypercall is used to notify the hypervisor that the TEE Boot is done so that REE can start. - HC_SWITCH_EE For REE VM, it uses