Apply suggestions from PR review

Signed-off-by: Ravi Sahita <rsahita@yahoo.com>
riscv · May 23, 2024 · f3978e8 · f3978e8
1 parent 63a5849
commit f3978e8
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 14 deletions.
diff --git a/chapter2.adoc b/chapter2.adoc
@@ -33,7 +33,7 @@ Note that isolation of data within a device is
 out of scope of this specification.
 
 * `Smsdia` (<<Smsdia>>) - This extension enables assignment of IMSIC
-interrupt file(s) or an APLIC domain to a Supervisor Domain. The interface also
+interrupt file(s) or an APLIC domain to a supervisor domain. The interface also
 describes CSRs to allow M-mode software to retain control on notification of
 interrupts when Supervisor domains are enabled.
 

diff --git a/chapter3.adoc b/chapter3.adoc
@@ -224,10 +224,10 @@ and/or the SDID value in rs2, and always perform a global fence for all SDs.
 === M-mode Supervisor Domain Fine-Grain Invalidation Instruction
 
 In some high-performance implementations, a finer-granular invalidation and
-fencing is required that allows for synchrnonization operations to be more
+fencing is required that allows for synchronization operations to be more
 efficiently batched. When `Sinval` is implemented with `Smsdid`, the
 `MINVAL.SPA` instruction must be implemented to support such fine-granular
-invalidation of phyical memory access-permission caches.
+invalidation of physical memory access-permission caches.
 
 [caption="Figure {counter:image}: ", reftext="Figure {image}"]
 [title="MINVAL.SPA instruction"]

diff --git a/chapter4.adoc b/chapter4.adoc
@@ -282,6 +282,6 @@ instruction must be used to ensure that updates to the `MTT` data structures are
 observed by subsequent implicit reads to those structures by a hart.
 ====
 
-if `mttp.MODE` is changed for a given SDID, a `MFENCE.SPA` with rs1=x0 and rs2
+If `mttp.MODE` is changed for a given SDID, a `MFENCE.SPA` with rs1=x0 and rs2
 set either to x0 or the given SDID, must be executed to order subsequent PA
 access checks with the `MODE` change, even if the old or new `MODE` is `Bare`.
diff --git a/glossary.adoc b/glossary.adoc
@@ -50,9 +50,9 @@ by virtualizing hart, guest physical memory and input/output (IO) resources.
 | Relying party | An entity that An entity that uses the attestation process
 to assesses the trustworthiness of an attester.
 
-| Supervisor Domains | A RISC-V privileged architecture extension defined in
+| Supervisor Domain (SD) | A RISC-V privileged architecture extension defined in
 this specification, to support isolation across more than one supervisor
-execution contexts. Supervisor domains enable the reduction of the supervisor
+execution context. Supervisor domains enable the reduction of the supervisor
 Trusted Computing Base (TCB), with differentiated access to memory and other
 platform resources. All host software elements including OS and type-1 or
 type-2 VMM and hosted VMs operate in a "hosting" supervisor domain. The hosting
@@ -75,7 +75,7 @@ mechanisms that allow creating attestable and isolated execution environment.
 | Tenant workload | All software elements owned and deployed by a single
 organization that may be hosted by a platform operator e.g. cloud provider
 on a platform that can host more than one organizations workload simultaneously.
-For example, in a virtualizated environment, the tenant workload elements may
+For example, in a virtualized environment, the tenant workload elements may
 include VS-mode guest kernel and VU-mode guest user-space applications. Tenant
 workloads may also operate in the context of one of more supervisor domains.
 

diff --git a/intro.adoc b/intro.adoc
@@ -75,7 +75,7 @@ assign resources to other domains.
 
 In order to avoid re-factoring of deployed software, workloads and
 applications, new hardware primitives are required to support flexible isolation
-of data in caches and memory. The new primitives are also require to isolate
+of data in caches and memory. The new primitives are also required to isolate
 resources such as interrupts, IO, QoS mechanisms and debug/trace mechanisms for
 robust isolation of supervisor domains. The hardware primitives must support
 performant and scalable physical memory isolation at a page-level to support
@@ -92,7 +92,7 @@ device-mapped regions) by a hart/device operating within a supervisor domain.
 Associating a hart/device with a supervisor domain implies that any
 physical-addressable region access occurring in the context of the supervisor
 domain is subject to access-checks for that domain. Hence, software or hardware
-accesses that originate from other supervisor domains other than the allowed
+accesses that originate from supervisor domains other than the allowed
 supervisor domain can be explicitly prevented/allowed. The RDSM has access to
 physical memory for all supervisor domains. In typical security usages, write
 accesses to the MTT structures must be restricted and managed by the RDSM.
@@ -164,7 +164,7 @@ supervisor domains). There are also security aspects to be considered during
 assigning it to another SD. Refer to the RISC-V CoVE cite:[CoVE] ABI and threat
 model as a reference.
 
-A hart/device may perform accesses to memory exclusively accessible to it's
+A hart/device may perform accesses to memory exclusively accessible to its
 supervisor domain, or to memory shared globally with one or more supervisor
 domains. Memory sharing between supervisor domains is achieved by simply making
 the physical memory region accessible to the supervisor domains via the MTT
@@ -176,20 +176,20 @@ access disallowed by the MTT, the IO sub-system may log an error for the RDSM
 which may delegeate it to a supervisor domain.
 
 The intra-domain isolation of memory between two harts/devices belonging
-to the same supervisor domain, but different tenant workloads, is
-achieved via the use of MMU, PMP Smepmp, IOMMU and IOPMP depending on the
+to the same supervisor domain, but different tenant workloads, may be
+achieved via the use of MMU, PMP/Smepmp, SPMP, IOMMU and IOPMP depending on the
 type of platform and the type of access. To successfully achieve this
 isolation, the page table structures for a domain's workloads must be
 managed by the Supervisor Domain Security Manager (SDSM) and the paging
 structures must be located in memory exclusively-accessible only to the
-Supervisor Domain. Additional security properties may be enforced based
+supervisor domain. Additional security properties may be enforced based
 on type (data fetch, instruction fetch, etc.) and locality (hart
 supervisor domain identifier) of memory accesses as required for the
 security policy specific to usages. An example policy may be to require
 certain accesses to target only exclusively-owned domain memory. The MTT
 checker may utilize the supervisor domain identifier or additional metadata
 for the access to enforce such policies. The description of different types
-of Supervisor Domain policies possible is outside the scope of this document.
+of supervisor domain policies possible is outside the scope of this document.
 
 Additional protection/isolation for memory associated with a supervisor domain
 is orthogonal (and usage-specific). Such additional protection for memory may