search

riscv-non-isa / riscv-ap-tee

This repo holds the work area and revisions of the non-ISA specification created by the RISC-V AP-TEE TG. This specification defines the programming interfaces (ABI) to support the Confidential VM Extension (CoVE) confidential computing architecture for RISC-V application-processor platforms.
https://jira.riscv.org/browse/RVG-76
Creative Commons Attribution 4.0 International
49 stars 19 forks source link

[Qualcomm feedback] Chapter 5.1 Clarify SW policy for TVM-accessible memory #54

Closed rsahita closed 6 months ago

rsahita commented 7 months ago

Reference: link

The TSM manages the type and accessibility of all memory assigned to the TVM, to mitigate attacks from non-TCB software. The TSM enforces isolation between TVMs by using the G-stage page table. • Hart operating with the confidential supervisor domain context has MTT permissions to access Confidential and Non-confidential memory

access to non-confidential memory is bounded right - why is it not bounded to only TVM shared memory?

It has to be bounded for sure, but I believe the point of this note is that he fact alone that the memory is non-confidential is (by itself) not reason to cause a fault. Compare with next point, where the reverse is expected to programmatically cause a fault

rsahita commented 6 months ago

The RDSM configures the MTT such that a hart executing in the hosting domain does not have access to any confidential memory regions. The RDSM configures the MTT for the confidential domain to allow access to confidential memory exclusively to that domain, but may also allow access to non-confidential (shared) memory regions to one or more secondary domains.

adding this clarification to the description.

rsahita commented 6 months ago

Closing as addressed in PR #70 cc @ozkoyuncu