From f3978e8c99266b317b1864a858d2021305eb1484 Mon Sep 17 00:00:00 2001 From: Ravi Sahita Date: Thu, 23 May 2024 15:06:41 -0700 Subject: [PATCH] Apply suggestions from PR review Signed-off-by: Ravi Sahita --- chapter2.adoc | 2 +- chapter3.adoc | 4 ++-- chapter4.adoc | 2 +- glossary.adoc | 6 +++--- intro.adoc | 14 +++++++------- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/chapter2.adoc b/chapter2.adoc index 0be5df6..a7a9766 100644 --- a/chapter2.adoc +++ b/chapter2.adoc @@ -33,7 +33,7 @@ Note that isolation of data within a device is out of scope of this specification. * `Smsdia` (<>) - This extension enables assignment of IMSIC -interrupt file(s) or an APLIC domain to a Supervisor Domain. The interface also +interrupt file(s) or an APLIC domain to a supervisor domain. The interface also describes CSRs to allow M-mode software to retain control on notification of interrupts when Supervisor domains are enabled. diff --git a/chapter3.adoc b/chapter3.adoc index 99f692b..b91ed5b 100644 --- a/chapter3.adoc +++ b/chapter3.adoc @@ -224,10 +224,10 @@ and/or the SDID value in rs2, and always perform a global fence for all SDs. === M-mode Supervisor Domain Fine-Grain Invalidation Instruction In some high-performance implementations, a finer-granular invalidation and -fencing is required that allows for synchrnonization operations to be more +fencing is required that allows for synchronization operations to be more efficiently batched. When `Sinval` is implemented with `Smsdid`, the `MINVAL.SPA` instruction must be implemented to support such fine-granular -invalidation of phyical memory access-permission caches. +invalidation of physical memory access-permission caches. [caption="Figure {counter:image}: ", reftext="Figure {image}"] [title="MINVAL.SPA instruction"] diff --git a/chapter4.adoc b/chapter4.adoc index 3d968f3..0096900 100644 --- a/chapter4.adoc +++ b/chapter4.adoc @@ -282,6 +282,6 @@ instruction must be used to ensure that updates to the `MTT` data structures are observed by subsequent implicit reads to those structures by a hart. ==== -if `mttp.MODE` is changed for a given SDID, a `MFENCE.SPA` with rs1=x0 and rs2 +If `mttp.MODE` is changed for a given SDID, a `MFENCE.SPA` with rs1=x0 and rs2 set either to x0 or the given SDID, must be executed to order subsequent PA access checks with the `MODE` change, even if the old or new `MODE` is `Bare`. diff --git a/glossary.adoc b/glossary.adoc index b30c191..60ad7e9 100644 --- a/glossary.adoc +++ b/glossary.adoc @@ -50,9 +50,9 @@ by virtualizing hart, guest physical memory and input/output (IO) resources. | Relying party | An entity that An entity that uses the attestation process to assesses the trustworthiness of an attester. -| Supervisor Domains | A RISC-V privileged architecture extension defined in +| Supervisor Domain (SD) | A RISC-V privileged architecture extension defined in this specification, to support isolation across more than one supervisor -execution contexts. Supervisor domains enable the reduction of the supervisor +execution context. Supervisor domains enable the reduction of the supervisor Trusted Computing Base (TCB), with differentiated access to memory and other platform resources. All host software elements including OS and type-1 or type-2 VMM and hosted VMs operate in a "hosting" supervisor domain. The hosting @@ -75,7 +75,7 @@ mechanisms that allow creating attestable and isolated execution environment. | Tenant workload | All software elements owned and deployed by a single organization that may be hosted by a platform operator e.g. cloud provider on a platform that can host more than one organizations workload simultaneously. -For example, in a virtualizated environment, the tenant workload elements may +For example, in a virtualized environment, the tenant workload elements may include VS-mode guest kernel and VU-mode guest user-space applications. Tenant workloads may also operate in the context of one of more supervisor domains. diff --git a/intro.adoc b/intro.adoc index fca9a10..d92abd8 100644 --- a/intro.adoc +++ b/intro.adoc @@ -75,7 +75,7 @@ assign resources to other domains. In order to avoid re-factoring of deployed software, workloads and applications, new hardware primitives are required to support flexible isolation -of data in caches and memory. The new primitives are also require to isolate +of data in caches and memory. The new primitives are also required to isolate resources such as interrupts, IO, QoS mechanisms and debug/trace mechanisms for robust isolation of supervisor domains. The hardware primitives must support performant and scalable physical memory isolation at a page-level to support @@ -92,7 +92,7 @@ device-mapped regions) by a hart/device operating within a supervisor domain. Associating a hart/device with a supervisor domain implies that any physical-addressable region access occurring in the context of the supervisor domain is subject to access-checks for that domain. Hence, software or hardware -accesses that originate from other supervisor domains other than the allowed +accesses that originate from supervisor domains other than the allowed supervisor domain can be explicitly prevented/allowed. The RDSM has access to physical memory for all supervisor domains. In typical security usages, write accesses to the MTT structures must be restricted and managed by the RDSM. @@ -164,7 +164,7 @@ supervisor domains). There are also security aspects to be considered during assigning it to another SD. Refer to the RISC-V CoVE cite:[CoVE] ABI and threat model as a reference. -A hart/device may perform accesses to memory exclusively accessible to it's +A hart/device may perform accesses to memory exclusively accessible to its supervisor domain, or to memory shared globally with one or more supervisor domains. Memory sharing between supervisor domains is achieved by simply making the physical memory region accessible to the supervisor domains via the MTT @@ -176,20 +176,20 @@ access disallowed by the MTT, the IO sub-system may log an error for the RDSM which may delegeate it to a supervisor domain. The intra-domain isolation of memory between two harts/devices belonging -to the same supervisor domain, but different tenant workloads, is -achieved via the use of MMU, PMP Smepmp, IOMMU and IOPMP depending on the +to the same supervisor domain, but different tenant workloads, may be +achieved via the use of MMU, PMP/Smepmp, SPMP, IOMMU and IOPMP depending on the type of platform and the type of access. To successfully achieve this isolation, the page table structures for a domain's workloads must be managed by the Supervisor Domain Security Manager (SDSM) and the paging structures must be located in memory exclusively-accessible only to the -Supervisor Domain. Additional security properties may be enforced based +supervisor domain. Additional security properties may be enforced based on type (data fetch, instruction fetch, etc.) and locality (hart supervisor domain identifier) of memory accesses as required for the security policy specific to usages. An example policy may be to require certain accesses to target only exclusively-owned domain memory. The MTT checker may utilize the supervisor domain identifier or additional metadata for the access to enforce such policies. The description of different types -of Supervisor Domain policies possible is outside the scope of this document. +of supervisor domain policies possible is outside the scope of this document. Additional protection/isolation for memory associated with a supervisor domain is orthogonal (and usage-specific). Such additional protection for memory may