This repo holds the work area and revisions of the non-ISA specification created by the RISC-V AP-TEE TG. This specification defines the programming interfaces (ABI) to support the Confidential VM Extension (CoVE) confidential computing architecture for RISC-V application-processor platforms.
Confidential VMs (under a VMM) are shown in figure 1 and Confidential applications (managed by
an untrusted host OS) are shown in the architecture figure 2. As evident from the architecture, the
difference between these two scenarios is the software TCB (owned by the tenant within the TVM)
for the tenant workload - in the application TEE case, a minimal guest runtime may be used;
whereas in the VM TEE case, an enlightened guest OS is expected in the TVM TCB.
The statement "under a VMM" may be misleading, as figure 1 depicts 3 non-confidential VMs on top of the host VMM.
Suggestion to use "managed by VMM", similar to second part of sentence (managed by an untrusted host OS).
Figure 1 does not show that. The TVM appears as grey box without any TCB component.
Reference: link
The statement "under a VMM" may be misleading, as figure 1 depicts 3 non-confidential VMs on top of the host VMM. Suggestion to use "managed by VMM", similar to second part of sentence (managed by an untrusted host OS).
Figure 1 does not show that. The TVM appears as grey box without any TCB component.