Initial draft of TEE and TEE AIA SBI extensions #5
Conversation
specification/sbi_atee.adoc
Outdated
| is a pointer to the `tvm_create_params` described below, and tvm_create_params_len is | ||
| the size of the structure in bytes. | ||
|
|
||
| Callers of this API should first invoke `sbi_tee_tsm_get_info()` to obtain information |
There was a problem hiding this comment.
I think sbi_tee_tsm_get_info should be FID #0 so that the reader is already aware of the function. There are multiple reference to tsm_info in this function.
There was a problem hiding this comment.
This is the question raised earlier as well. Should we renumber our existing FIDs so that they appear in a somewhat more chronological sequence? We initially ordered them by alphabetical order (of Rust enums), which is why the function IDs got shuffled around.
There was a problem hiding this comment.
I think chronological sequence more sense in the spec as it helps coherent reading. All other SBI extensions assign FIDs in that order as well.
There was a problem hiding this comment.
I have taken a stab at it, and have added more exposition...PTAL.
specification/sbi_atee.adoc
Outdated
| unsigned long tvm_page_directory_addr; | ||
| /* | ||
| The base physical address of the confidential memory region to be used | ||
| to hold the TVM’s global state. Must be page-aligned and the number of |
There was a problem hiding this comment.
What is the global state of the TVM ? It is not explained anywhere.
There was a problem hiding this comment.
I have removed global, and added some exposition...PTAL.
specification/sbi_atee.adoc
Outdated
| */ | ||
| unsigned long tvm_num_vcpus; | ||
| /* The base physical address of the confidential memory region to be used | ||
| to hold the TVM’s vCPU state. Must be page-aligned and must be at least |
There was a problem hiding this comment.
Similar comment as above. It would be good to add some explanations about the vCPU & global state.
There was a problem hiding this comment.
See the exposition to see if it helps. I have removed references to the global.
specification/sbi_atee.adoc
Outdated
| The `tvm_guest_id` is the unique identifier returned by a previous call to`sbi_tee_create_tvm()`, | ||
| and the `tvm_vcpu_id` must have been previously added using `sbi_tee_tvm_vcpu_create`. | ||
|
|
||
| The `tvm_guest_id` must be in a "runnable" state. Note that the function does not |
There was a problem hiding this comment.
How many states do we have ?
Uninitialized --> Initializing -> Runnable ?
There was a problem hiding this comment.
@atishp04 Do we need anything beyond the following?
enum tvm_state {
/* The TVM has been created, but isn't yet ready to run /
TVM_INITIALIZING = 0,
/ The TVM is in a runnable state */
TVM_RUNNABLE = 1,
};
atulkharerivos
force-pushed
the
topic/tee_and_tee_aia_sbi_draft
branch
3 times, most recently
from
36e17f8 to
8864703
Compare
atulkharerivos
force-pushed
the
topic/tee_and_tee_aia_sbi_draft
branch
from
8864703 to
a0638d7
Compare
atulkharerivos
force-pushed
the
topic/tee_and_tee_aia_sbi_draft
branch
from
c2cbeaf to
af0593e
Compare
atulkharerivos
force-pushed
the
topic/tee_and_tee_aia_sbi_draft
branch
from
af0593e to
f6af5fe
Compare
atulkharerivos
force-pushed
the
topic/tee_and_tee_aia_sbi_draft
branch
2 times, most recently
from
06b31d4 to
1ebc2fd
Compare
atulkharerivos
force-pushed
the
topic/tee_and_tee_aia_sbi_draft
branch
from
1ebc2fd to
2471ae1
Compare
There was a problem hiding this comment.
thanks Atul - these flows are very good to understand the ABI interactions - some comments:
On the tsm_detection_and_tvm_creation flow:
*as part of the add vcpu loop - TSM should report the number of vcpus that have been added- if the relying party does not see the expected number it can disapprove attestation.
*should also show the other vcpus being entered - since the guest OS will typically maintain its own checks to register all TVM (v)cpus
On the tvm_runtime_execution flow:
- on the fault/ecall exit - should note that TSM saves (and scrubs) TVM GPR and extended register state (V) before notifying host about TVM exit - similarly loads vhart saved state to resume
- for demand fault in of confidential memory - should show that the TVM has to accept the GPA before it can use the mapping.
- we should show a flow for secure interrupt handling - as well as debug and perfmon opt-in also in this runtime svg
On the tvm_destruction_and_memory_reclamation flow:
- should make a top level note that the host may stop a TVM unilaterally (it does not have to wait for a TVM to exit from TVM-execution loop) - it can achieve that via injection of an interrupt which causes a trap into the TSM giving control to the VMM. (so should show an IPI sequence)
- post the destroy TVM call - to reclaim confidential memory, should show the same sequence as before to synchronize TLBs to prevent stale mappings being held in a hart for a TVM (and to flush any tracking information that may being held in caches).
| }; | ||
| ------- | ||
|
|
||
| == TEE Interrupt Extension (EID #0x54414949) |
There was a problem hiding this comment.
Needs to be updated for interrupt injection.
Here's a first pass at transcribing the existing TEE and TEE AIA interfaces into a SBI format. Note that we'll have to revisit the implementation of sbi_tee_tvm_add_measured_pages() since it's likely not compatible with RISCV32.