[Qualcomm feedback] Chapter 5.1 Clarify SW policy for TVM-accessible memory

Question

[Qualcomm feedback] Chapter 5.1 Clarify SW policy for TVM-accessible memory

rsahita opened this issue 6 months ago · 2 comments

Reference: link

The TSM manages the type and accessibility of all memory assigned to the TVM, to mitigate
attacks from non-TCB software. The TSM enforces isolation between TVMs by using the G-stage
page table.
• Hart operating with the confidential supervisor domain context has MTT permissions to access
Confidential and Non-confidential memory

access to non-confidential memory is bounded right - why is it not bounded to only TVM shared memory?

It has to be bounded for sure, but I believe the point of this note is that he fact alone that the memory is non-confidential is (by itself) not reason to cause a fault.
Compare with next point, where the reverse is expected to programmatically cause a fault

Answer 1 · 2024-03-10T04:52:19.000Z

The RDSM configures the MTT such that a hart executing in the hosting domain
does not have access to any confidential memory regions. The RDSM configures the
MTT for the confidential domain to allow access to confidential memory
exclusively to that domain, but may also allow access to non-confidential
(shared) memory regions to one or more secondary domains.

adding this clarification to the description.

Answer 2 · 2024-03-10T22:08:50.000Z

Closing as addressed in PR #70
cc @ozkoyuncu