[Qualcomm feedback] Chapter 5.1 Clarify SW policy for TVM-accessible memory
rsahita opened this issue · 2 comments
Reference: link
The TSM manages the type and accessibility of all memory assigned to the TVM, to mitigate
attacks from non-TCB software. The TSM enforces isolation between TVMs by using the G-stage
page table.
• Hart operating with the confidential supervisor domain context has MTT permissions to access
Confidential and Non-confidential memory
access to non-confidential memory is bounded right - why is it not bounded to only TVM shared memory?
It has to be bounded for sure, but I believe the point of this note is that he fact alone that the memory is non-confidential is (by itself) not reason to cause a fault.
Compare with next point, where the reverse is expected to programmatically cause a fault
The RDSM configures the MTT such that a hart executing in the hosting domain
does not have access to any confidential memory regions. The RDSM configures the
MTT for the confidential domain to allow access to confidential memory
exclusively to that domain, but may also allow access to non-confidential
(shared) memory regions to one or more secondary domains.
adding this clarification to the description.
Closing as addressed in PR #70
cc @ozkoyuncu