nwf
commented
1 month ago Readers should note the similarity with the Zstid proposal from the RISC-V CHERI standardization effort.
Open nwf-msr opened 8 months ago
nwf
commented
1 month ago Readers should note the similarity with the Zstid proposal from the RISC-V CHERI standardization effort.
Right now, CGP is just an ISA name for one of the GPRs reachable by all register selectors. We have contemplated instead converting it to a SCR. That SCR would likely be ambiently readable, via
AUICGPas well as the existing SCR access instructions, but would require ASR to modify, restricting modification to the TCB switcher.[^1] As we already consider library code as running within the calling compartment,[^2] this does not change the security model.The effect on code density should be investigated: does freeing up a GPR eliminate enough spills to offset the cost of fetching CGP via AUICGP in all cases?
[^1]: Requiring ASR to modify means that a compartment and the libraries it calls cannot foul up its CGP. The switcher could also rely on the constancy of this SCR outside itself, but it's not clear that there would be significant gains.
[^2]: Though the fast unsealer and perhaps other "privileged libraries" blur the text here, as they manipulate secrets not exposed to the calling compartment.