[Qualcomm feedback] Chapter 6.1.1. Clarify when devices are in TCB of TVMs

Question

[Qualcomm feedback] Chapter 6.1.1. Clarify when devices are in TCB of TVMs

rsahita opened this issue 8 months ago · 2 comments

Reference: link

Table 1 in chapter 6
row for TVM <-> Directly assigned, TEE-IO compliant devices

There may also be non TEE-IO compliant devices assigned to a TVM (e.g. non-PCIe onchip devices).

Answer 1 · 2024-02-06T03:33:23.000Z

That is not the case - if a device is allowed to directly DMA from confidential memory (which is assigned to a TVM), it has to be a TEE-IO capable device (even for non-PCIe onchip devices) -- though the TEE-IO requirements for on-chip devices may be a lower bar (for e.g. no link encryption/integrity may be required)

Answer 2 · 2024-03-09T00:00:32.000Z

closing this one (explanation in the prev. comment). cc @ozkoyuncu