[Qualcomm feedback] Chapter 7.3: Clarify memory conversion/donation operation

riscv-non-isa / riscv-ap-tee

This repo holds the work area and revisions of the non-ISA specification created by the RISC-V AP-TEE TG. This specification defines the programming interfaces (ABI) to support the Confidential VM Extension (CoVE) confidential computing architecture for RISC-V application-processor platforms.

https://jira.riscv.org/browse/RVG-76

Creative Commons Attribution 4.0 International

49 stars 19 forks source link

[Qualcomm feedback] Chapter 7.3: Clarify memory conversion/donation operation #61

Closed rsahita closed 6 months ago

rsahita commented 7 months ago

Reference: link

The RISC-V architecture supports page types of 4KB, 2MB, 1GB and 512GB. The untrusted OS/VMM may assign memory to the TVM at any architecture-supported page size. The TSM configures the memory tracking table (MTT) via the TSM-driver to track the assignment of memory pages to TVMs.

Why is this authority the TSM itself? I think the sole authority is the tsm-driver in M-mode but who triggers the assignment? it has to be converted during creation time ie doesn't it come from the host and then validated by TSM?

rsahita commented 7 months ago

from Qualcomm feedback: As explained in section 8.1.1 it is actually the host triggering these transitions/assignments and the tsm driver enforces it by managing mtt

Logging to clarify in spec.

rsahita commented 6 months ago

Updated to say:

The RISC-V architecture supports page types of 4KB, 2MB, 1GB and 512GB. The untrusted OS/VMM may assign memory to the TVM at any architecture-supported page size. This assignment is enforced via the TSM-driver and the TSM. Specifically, the TSM-driver configures the memory tracking table (MTT) after enforcing the security requirements to track the assignment of memory pages to a supervisor domain/TSM. The TSM manages subsequent assignment of memory to TVMs.

rsahita commented 6 months ago

Addressed by PR #68 cc @ozkoyuncu