[Qualcomm feedback] Chapter 4: Clarify isolation from all non-TCB SW

riscv-non-isa / riscv-ap-tee

This repo holds the work area and revisions of the non-ISA specification created by the RISC-V AP-TEE TG. This specification defines the programming interfaces (ABI) to support the Confidential VM Extension (CoVE) confidential computing architecture for RISC-V application-processor platforms.

https://jira.riscv.org/browse/RVG-76

Creative Commons Attribution 4.0 International

49 stars 19 forks source link

[Qualcomm feedback] Chapter 4: Clarify isolation from all non-TCB SW #46

Closed rsahita closed 6 months ago

rsahita commented 7 months ago

Reference: link

In order to isolate the TVMs from the host OS/VMM and non-confidential VMs, the TSM state must be isolated first - this is achieved by enforcing isolation for memory assigned to the supervisor domain that the TSM occupies - this is called the TSM-memory-region.

or any other supervisor domain for that matter.

rsahita commented 6 months ago

will be addressed in combined PR for chapter 4

rsahita commented 6 months ago

address in PR #71

cc @ozkoyuncu