Skip to content

Commit

Permalink
specifications: Add a device lifecycle sub section
Browse files Browse the repository at this point in the history 
Fixes #33

Signed-off-by: Samuel Ortiz <sameo@rivosinc.com>
  • Loading branch information
@sameo
sameo committed Nov 7, 2023
1 parent fd57084 commit 54c31c1
Show file tree
Hide file tree
Showing 4 changed files with 2,513 additions and 7 deletions.
51 changes: 45 additions & 6 deletions specification/07-theory_operations.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ initiated CoVE-IO `COVH` calls that require SPDM requests to be sent to the devi
DOE mailbox follows the flow described below:

.SPDM Flow With CoVE
[source,mermaid]
[mermaid,source]
....
%%{init: {'theme': 'neutral', 'themeVariables': {'darkMode': true}, "flowchart" : { "curve" : "basis" } } }%%
sequenceDiagram
Expand Down Expand Up @@ -282,7 +282,7 @@ The TSM establishes a secured SPDM session with the physical device DSM by going
through the steps described in the Secured SPDM Session section.

.Device Connection - Secured SPDM Session
[source,mermaid]
[mermaid,source]
....
%%{init: {'theme': 'neutral', 'themeVariables': {'darkMode': true}, "flowchart" : { "curve" : "basis" } } }%%
sequenceDiagram
Expand Down Expand Up @@ -427,7 +427,7 @@ The IDE link initial setup must go through the following steps:
b. Receives an `IDE_KM_KEY K_GOSTOP_ACK` from the DSM.

.Device Connection - IDE Link Setup
[source,mermaid]
[mermaid,source]
....
%%{init: {'theme': 'neutral', 'themeVariables': {'darkMode': true}, "flowchart" : { "curve" : "basis" } } }%%
sequenceDiagram
Expand Down Expand Up @@ -595,7 +595,7 @@ Binding an interface and a TVM together goes through the following steps:
13. The TVM can start using the device.

.Device Interface Binding - Bind Interface
[source,mermaid]
[mermaid,source]
....
%%{init: {'theme': 'neutral', 'themeVariables': {'darkMode': true}, "flowchart" : { "curve" : "basis" } } }%%
sequenceDiagram
Expand Down Expand Up @@ -736,7 +736,7 @@ that it is ready to use the TDI, by calling into the
`sbi_covg_start_interface()` `COVG` ABI.

.Device Interface Verification
[source,mermaid]
[mermaid, source]
....
%%{init: {'theme': 'neutral', 'themeVariables': {'darkMode': true}, "flowchart" : { "curve" : "basis" } } }%%
sequenceDiagram
Expand Down Expand Up @@ -801,7 +801,7 @@ note over TVM,TSM: Check Device Interface MMIO mappings
....

.Device Interface Acceptation
[source,mermaid]
[mermaid, source]
....
%%{init: {'theme': 'neutral', 'themeVariables': {'darkMode': true}, "flowchart" : { "curve" : "basis" } } }%%
sequenceDiagram
Expand Down Expand Up @@ -839,3 +839,42 @@ TVM ->> TVM: Use device interface
....

=== Interface Unbinding

=== Device and Interface Lifecycle

When combined together, the flows and ABIs described in the previous sections
are used to build the lifecycle of a TDISP capable device on a CoVE-IO
compatible platform, as illustrated in the follwing figure:

[[COVE_IO_LIFECYCLE]]
.Device and Interface Lifecycle
image::images/cove-io-lifecycle.svg[align="center"]

The host supervisor domain manager owns the physical device, and manages its
lifecycle. The TSM enforces that this lifecycle management is done without
compromising any TVM confidential assets.

As the platform resources owner, the host supervisor domain manager can assign
a TDI to a TVM by binding them together. At any point in time, it can reclaim
that physical resource by unbinding it from its TVM.

Before binding a TDI and a TVM together, the host supervisor domain manager must
first require the TSM to connect to the physical device through secured SPDM. As
part of servicing that request, the TSM also protects the physical link with
PCIe IDE.

Only once the TSM is securily connected to the physical device, The host
supervisor domain manager can proceed with binding a device interface and a TVM
together. Once bound to a TVM, the device interface is locked but the MMIO and
DMA paths between the two are not enabled yet.

The TVM to which a TDI is bound to is the I/O gatekeeper. After detecting and
verifying the bound interface, it may accept it into its TCB and enable all I/O
paths between the two parties. The TVM may only use a bound TDI after accepting
it, by requesting the TSM to start the device interface.

Both the host supervisor domain manager and the TVM can disable I/O between the
TDI and the TVM, by respectively unbinding or stopping the device interface.

Finally, the host supervisor domain manager can fully reclaim the physical
device by requesting the TSM to disconnect from it.
1 change: 0 additions & 1 deletion specification/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ build:
--failure-level=ERROR \
--require=asciidoctor-bibtex \
--require=asciidoctor-diagram \
--require=asciidoctor-mathematical \
--out-file=$(PDF_RESULT) \
$(HEADER_SOURCE)

Expand Down
Loading

0 comments on commit 54c31c1

Please sign in to comment.