On Mon, 20 Apr 2020 at 15:27, Achin Gupta <achin.gupta@arm.com> wrote:
Hi Francois,

On Mon, Apr 20, 2020 at 11:45:02AM +0000, François Ozog via TF-A wrote:
> Hi,
>
> I am trying to identify a mechanism to enforce a form of two-way
> isolation between BL33 runtime services in OS, for instance:
> - a pair of 2MB areas that could be RO by one entity and RW by the other
> - an execute only BL33 2MB area?

Stupid Q! Are you referring to isolation between EFI runtime services and the
OS?

It is not clear what you mean by BL33 runtime services?
Not a stupid Q. I  concentrate effectively on EFI runtime but more generally this is the non-trusted firmware component that delivers runtime services to OS.
(My flow is somewhat convoluted: TFA loads minimal Linux as BL33, Linux kexecs a UEFI reduced U-Boot (without drivers) which bootefi the distro).

cheers,
Achin

>
> This is similar to hypervisor except it only deals with memory, no
> vCPU, no GIC virtualization...
>
> Could EL3 or EL2 install protective mappings ? BL33 could ask either
> EL2 hypervisor or SecureMonitor to actually install them.
>
> Cordially,
>
> FF
> --
> TF-A mailing list
> TF-A@lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tf-a
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


--
François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group
T: +33.67221.6485
francois.ozog@linaro.org | Skype: ffozog