[Qualcomm feedback] Chapter 5.1.4: Clarify caching behavior

Question

[Qualcomm feedback] Chapter 5.1.4: Clarify caching behavior

rsahita opened this issue 6 months ago · 2 comments

Reference: link

During confidential memory conversion or reclamation, the HW TCB and SW TCB (TSM) must
enforce via memory-management fences that stale data is not accessible to the TVM (or the hosting
OS/VMM). During confidential memory assignment to a TVM (or during conversion of confidential
memory to shared), the TCB must enforce that stale translations may not be held to memory yielded
by a TVM (and used by the host for another TVM or VM or the host). These properties are
implemented by the TSM in conjunction with the HW (e.g. MTT cache invalidations) via the
proposed COVH interface.

Why is stale data only concerns cached data or cached translations? how about stale data that is in actual memory? should there be a requirement dictating scrubbing of private data pre-conversion?

Answer 1 · 2024-02-06T00:24:42.000Z

(was answered in the PDF): If the TVM is shutdown, the TSM does the scrubbing, if the TVM is converting memory from confidential to non-confidential, then it's the TVM responsibility to scrub it (per sbi_covg_share_memory_region)

Answer 2 · 2024-03-10T22:08:14.000Z

Closing as addressed in PR #70
cc @ozkoyuncu