From 827bd3ad9113ab994b64b5a7296133f8d6d9df69 Mon Sep 17 00:00:00 2001 From: andrew dellow <91278399+andrewdellow@users.noreply.github.com> Date: Tue, 24 Sep 2024 11:13:03 +0100 Subject: [PATCH 1/3] Update chapter2.adoc isolation taxonomy Signed-off-by: andrew dellow <91278399+andrewdellow@users.noreply.github.com> --- specification/src/chapter2.adoc | 93 +++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) diff --git a/specification/src/chapter2.adoc b/specification/src/chapter2.adoc index 2340c37..1f4c9b8 100644 --- a/specification/src/chapter2.adoc +++ b/specification/src/chapter2.adoc @@ -163,6 +163,99 @@ Examples of confidential workloads include: management, payment clients, DRM clients * Hosted confidential third party workloads + + + + + + + + +RISC-V has a range of isolation mechanisms available and in development. + +[#cat_sr_sub_iso] +[width=100%] +[%header, cols="10,25,5,5,5,10"] +|=== +| Technololgy +| Use Case +| Privilege level +| Memory +| Granularity +| Limitations + +| PMP, ePMP +| Boot code isolation, code and date isolation by privilege level. + + Building block for simple trusted execution isolation using high privilege security monitor +| M +| Physical +| Fine Grained +| Switching overhead, limited resource + +| SPMP +| OS managed code and date isolation by privilege level. + + Building block to all multiple OS to manage U mode isolation +| S +| Physical +| Fine Grained +| Switching overhead, limited resource + +| Virtual Memory +MMU +| Isolation between S and U, and tasks on U mode. +Guest – Guset Isolation (VS – VS) +Host – Guset Isolation (HS-VS) +| S +HS/VS +| Virtual +| Page Based +| + +| IOPMP +| System Level PMP +| n/a +| Physical +| Page Based +| + +| Pointer Masking +| Simple SW based memory tagging, memory range restriction +| S U +| Both +| Coarse +| + +| Smmtt, SDID +| Building block for Confidential compute, trusted execution +| S-S Isolation +| Physical +| Page or larger +| + +| Hardware Fault Isolation +| Simple memory range based task Isolation. Accelerates isolation of containers for webasm etc. +| U +| Virtual +| Fine Grained +| + +| Memory Tagging +| Faults on access to an incorrect TAG. +used for debug, garbage collection, security isolation +| S U +| Virtual +| tbd +| Probabilistic, performance impact, tag storage overhead + +| CHERI +| Full Capability based access for memory safety and isolation +| M S U +| Both +| Fine Grained +| HW/SW impact + +|=== + ==== Device assignment Isolation policy needs to extend to device assignment: From 6113b551c57c5f32460a1bb8fcf47302388e072c Mon Sep 17 00:00:00 2001 From: andrew dellow <91278399+andrewdellow@users.noreply.github.com> Date: Tue, 24 Sep 2024 17:07:51 +0100 Subject: [PATCH 2/3] Update chapter2.adoc Signed-off-by: andrew dellow <91278399+andrewdellow@users.noreply.github.com> --- specification/src/chapter2.adoc | 31 ++++++++++++------------------- 1 file changed, 12 insertions(+), 19 deletions(-) diff --git a/specification/src/chapter2.adoc b/specification/src/chapter2.adoc index 1f4c9b8..14ae5eb 100644 --- a/specification/src/chapter2.adoc +++ b/specification/src/chapter2.adoc @@ -163,14 +163,6 @@ Examples of confidential workloads include: management, payment clients, DRM clients * Hosted confidential third party workloads - - - - - - - - RISC-V has a range of isolation mechanisms available and in development. [#cat_sr_sub_iso] @@ -185,7 +177,7 @@ RISC-V has a range of isolation mechanisms available and in development. | Limitations | PMP, ePMP -| Boot code isolation, code and date isolation by privilege level. + +| Boot code isolation, code and data isolation by privilege level. + Building block for simple trusted execution isolation using high privilege security monitor | M | Physical @@ -193,8 +185,8 @@ RISC-V has a range of isolation mechanisms available and in development. | Switching overhead, limited resource | SPMP -| OS managed code and date isolation by privilege level. + - Building block to all multiple OS to manage U mode isolation +| OS managed code and data isolation by privilege level. + + Building block to allow multiple OS to manage U mode isolation | S | Physical | Fine Grained @@ -202,10 +194,10 @@ RISC-V has a range of isolation mechanisms available and in development. | Virtual Memory MMU -| Isolation between S and U, and tasks on U mode. -Guest – Guset Isolation (VS – VS) -Host – Guset Isolation (HS-VS) -| S +| S - U, U - U isolation + +Guest – Guest isolation (VS–VS) + +Host – Guest isolation (HS-VS) +| S + HS/VS | Virtual | Page Based @@ -226,14 +218,14 @@ HS/VS | | Smmtt, SDID -| Building block for Confidential compute, trusted execution -| S-S Isolation +| Building block for confidential computing, trusted execution +| S-S isolation | Physical | Page or larger | | Hardware Fault Isolation -| Simple memory range based task Isolation. Accelerates isolation of containers for webasm etc. +| Simple memory range based task isolation. Accelerates isolation of containers for webasm etc. | U | Virtual | Fine Grained @@ -245,7 +237,8 @@ used for debug, garbage collection, security isolation | S U | Virtual | tbd -| Probabilistic, performance impact, tag storage overhead +| Probabilistic, performance impact, + +tag storage overhead | CHERI | Full Capability based access for memory safety and isolation From 9785e32aae9f5b6e79cb75d99a2b83acc35a215d Mon Sep 17 00:00:00 2001 From: andrew dellow <91278399+andrewdellow@users.noreply.github.com> Date: Tue, 24 Sep 2024 17:09:11 +0100 Subject: [PATCH 3/3] Update chapter2.adoc Signed-off-by: andrew dellow <91278399+andrewdellow@users.noreply.github.com> --- specification/src/chapter2.adoc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/specification/src/chapter2.adoc b/specification/src/chapter2.adoc index 14ae5eb..f1a527c 100644 --- a/specification/src/chapter2.adoc +++ b/specification/src/chapter2.adoc @@ -218,8 +218,9 @@ HS/VS | | Smmtt, SDID -| Building block for confidential computing, trusted execution -| S-S isolation +| Building block for confidential computing, trusted execution. + +S-S isolation +| S | Physical | Page or larger |