hv: tee: add TEE VM memmap support

TEE is a secure VM which has its own partitioned resources while REE is a normal VM which owns the rest of platform resources. The TEE, as a secure world, it can see the memory of the REE VM, also known as normal world, but not the other way around. But please note, TEE and REE can only see their own devices. So this patch does the following things: 1. go through physical e820 table, to ept add all system memory entries. 2. remove hv owned memory. Tracked-On: #6571 Signed-off-by: Jie Deng <jie.deng@intel.com> Reviewed-by: Wang, Yu1 <yu1.wang@intel.com> Acked-by: Eddie Dong <eddie.dong@Intel.com>
2026-01-13 11:33:58 +00:00 · 2021-09-14 15:16:35 +08:00
parent 0b1418d395
commit f3792a74a3
4 changed files with 75 additions and 3 deletions
--- a/hypervisor/include/arch/x86/asm/guest/optee.h
+++ b/hypervisor/include/arch/x86/asm/guest/optee.h
@@ -0,0 +1,15 @@
+/*
+ * Copyright (C) 2021 Intel Corporation. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef TEE_H_
+#define TEE_H_
+
+#include <asm/guest/vm.h>
+#include <asm/vm_config.h>
+
+void prepare_tee_vm_memmap(struct acrn_vm *vm, const struct acrn_vm_config *vm_config);
+
+#endif /* TEE_H_ */