Workloads from embedded to servers require confidentiality and integrity protection of data in use against software and hardware adversaries. Providing these protection properties requires architectural support for page-based physical memory isolation managed at the machine level to be able to create supervisor domains which can host isolated S(H) and (V)U, V(S) mode software. A supervisor domain can then extend the machine-trusted computing base (TCB) to host isolated VMs/applications. The M-mode root supervisor domain manager is expected to isolate memory across supervisor domains; and each domain’s supervisor domain manager is used to isolate workloads using existing privileged mode architecture. Isolated supervisor domains may then provide assurances of data and code confidentiality and integrity independent of other supervisor domains.
The SmMTT task group will define privileged ISA extensions to be used by machine mode to isolate physical memory across supervisor domains. Specifically, per-hart controls for a supervisor domain identifier will be specified along with a memory tracking table (MTT) structure that will specify if a supervisor domain is allowed to access physical memory pages (at architectural page-size granularity). The MTT will be programmed by an M-mode root-domain security manager (RDSM). The RDSM shall be able to program an MTT structure to specify permissions for any physical address and thus enforce isolation across supervisor domains on a per-hart basis. The MTT shall provide a scalable and compact structure that allows for direct specification of access for a supervisor domain, and extensibility for additional physical page attributes. The MTT shall allow caching of the MTT and MTT-derived access permissions, along with M-mode ISA support for fencing. The TG will also specify supervisor and guest page table extensions to associate meta-data with address translations for workloads operating in a supervisor domain to support memory sharing (and other use cases requiring metadata) between supervisor domains. The design will follow the threat model compiled in the Trusted Computing SIG and specified in the Security Model.
The TG will develop written specification, executable model, simulator (Spike/QEMU), priv. software prototypes for supervisor domain security manager (e.g. TSM), and compliance suite (Sail specification) for the RISC-V SmMTT extensions. The TG will interface with sub-groups in the Security HC: Trusted computing SIG (AP-TEE TG, AP-TEE-IO TG, Runtime Integrity SIG) as well as the Privileged Software HC, BRS TG and Hypervisor SIG.