[Qualcomm feedback] Chapter 4: Clarification on multiple supervisor domains

[rsahita]

Reference: link

More than one confidential supervisor domains may be hosted by the TSM-driver. Similarly, more than one TVMs may be hosted by the host OS/VMM via confidential supervisor domains. Each TVM may consist of the guest firmware, a guest OS and applications. The software components included in the TVM are implementation specific.

It is not clear what differentiates a confidential supervisor domain from the regular supervisor domain from the perspective of the isolation mechanisms (isa and non-isa). Is this distinction only attained for a specific SW implementation and services and flows provided? sounds like it but just want to understand if there is any subtlety

[rsahita]

From the perspective of confidential computing, the usage of supervisor domains is described in the intro of this section -

The design describes an isolated (Confidential) Supervisor Domain to enforce TCB and confidentiality properties, while using an isolated (Hosting) Supervisor Domain for the host domain, thus maintaining the OS/VMMs role as the resource manager (for both legacy VMs and TVMs). The resources managed by the hosting supervisor domain (OS/VMM) include memory, CPU, I/O resources and platform capabilities to host the TVM workload.

the main distinction between a supervisor domain used to host confidential workloads, vs the hosting supervisor domain is the function separation between resource management and security management. Other usages may have different functions associated with supervisor domains. hope that addresses the question.

cc @ozkoyunku