[Qualcomm feedback] Chapter 5.1. Clarify TSM access to memory regions

riscv-non-isa / riscv-ap-tee

This repo holds the work area and revisions of the non-ISA specification created by the RISC-V AP-TEE TG. This specification defines the programming interfaces (ABI) to support the Confidential VM Extension (CoVE) confidential computing architecture for RISC-V application-processor platforms.

https://jira.riscv.org/browse/RVG-76

Creative Commons Attribution 4.0 International

49 stars 19 forks source link

[Qualcomm feedback] Chapter 5.1. Clarify TSM access to memory regions #53

Closed rsahita closed 6 months ago

rsahita commented 7 months ago

Reference: link

A TVM and/or TSM needs to access both types of memory: ◦ Confidential memory - used for TVM code, data ◦ Non-confidential memory - used for communication between TVM and the non-TCB host software and/or non-TCB IO devices.

The examples below only show why TVMs needs access to both. Why do TSMs? Is that for case (1), where TSM is nesting the TVM at the same privilege level?

rsahita commented 6 months ago

right. added a clarification

A TVM and/or TSM needs to access both types of memory:

Confidential memory - used for TVM/TSM code and security-sensitive data; including state such as 1st-stage, G-stage page tables.

Non-confidential memory - used only for shared data, e.g. communication between the TVM/TSM and the non-TCB host software and/or non-TCB IO devices.

rsahita commented 6 months ago

Closing as addressed in PR #70 cc @ozkoyuncu