Skip to content

Commit

Permalink
specification: Clarify the definition of an IOMMU instance
Browse files Browse the repository at this point in the history
And generalize the wording from a single TSM to multiple ones.

Fixes #108

Signed-off-by: Samuel Ortiz <sameo@rivosinc.com>
  • Loading branch information
sameo committed Apr 16, 2024
1 parent 0b915da commit 42a2b66
Showing 1 changed file with 13 additions and 10 deletions.
23 changes: 13 additions & 10 deletions specification/07-theory_operations.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -17,15 +17,18 @@ extensions to support trusted I/O on CoVE-enabled platforms.

==== IOMMU Registration and Setup

The TSM relies on the availability of at least one IOMMU instance exclusvely
associated with the TSM supervisor domain. Those IOMMUs allow the TSM to enforce
the integrity of address translations and protection from DMA into confidential
memory, as well as interrupts originating from assigned TDIs. The host
supervisor domain may assign one or more IOMMU instances to the TSM supervisor
domain, after which, only the TSM can access and program the assigned IOMMU
instances.

IOMMUs assigned to the TSM supervisor domain may generate MSIs in order to signal
A TSM relies on being granted exclusive control over at least one IOMMU instance
on the platform. An IOMMU instance refers to any instantiation of a RISC-V IOMMU
register programming interface, which could range from an actual IOMMU instance
to an MTT-enforced, memory-mapped access to a physically partitioned IOMMU.

Those exclusvely assigned IOMMU instances allow the TSM to enforce the integrity
of address translations and protection from DMA into confidential memory, as
well as interrupts originating from assigned TDIs. The host supervisor domain
may assign one or more IOMMU instances to a TSM supervisor domain, after which,
only the TSM can access and program the assigned IOMMU instances.

IOMMUs assigned to a TSM supervisor domain may generate MSIs in order to signal
the TSM about command completions, transaction faults or device page requests.
Those MSIs target system physical memory, which is owned by the host security
domain manager, e.g. the host VMM. As a consequence, it is the host security
Expand All @@ -34,7 +37,7 @@ program the IOMMUs with those reserved addresses. This IOMMU registration
process is driven by the untrusted domain manager for all IOMMUs that
participate in TEE-IO and operates as described in the following steps:

1. The TSM is loaded into a supervisor domain and provisioned with a CoVE-IO
1. A TSM is loaded into a supervisor domain and provisioned with a CoVE-IO
manifest. It is recommended that the TSM is measured by the root-of-trust for
measurement (RTM) for subsequent attestation.
2. The host supervisor domain manager (e.g. the host VMM) enumerates all
Expand Down

0 comments on commit 42a2b66

Please sign in to comment.