-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
specifications: Explicitly call out the unbinding flows #110
Conversation
bc02d1c
to
74015b9
Compare
confidential data and abort any outstanding DMA requests, as described in the | ||
xref:interface-unbinding[Interface Unbinding] section. Implicit TDI unbinding | ||
from the host supervisor domain manager represents a security threat that is part | ||
of the xref:05-security_model.adoc#security-model[CoVE-IO threat model] scope. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Both TSM and DSM must guarantee TVM confidentiality
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jyao1 Changes applied. Let me know if that looks good to you.
And refer to the threat model from the high level device and interface lifecycle section. Fixes riscv-non-isa#89 Signed-off-by: Samuel Ortiz <sameo@rivosinc.com>
situation, both the DSM and the TSM must protect the confidentiality and | ||
integrity of the TVM assets. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
any ref/example on how that is done - e.g. on subsequent use of the TDI, the DSM would enforce it would transition into the error state; also what about in-flight transactions in that case?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm - had one minor comment (sorry for delay)
And refer to the threat model from the high level device and interface lifecycle section.
Fixes #89