7
| Table of Contents |
|---|
About
WorldGuard is a Trusted Execution Environment (TEE) security model that allows hardware-level software isolation. It protects software from improper memory and device accesses that can be initiated by any other piece of software present in the system. This is made via the concept of secure domains, also called "worlds", that isolates code execution and data accesses.
...
Project Scope and Timelines
Change to target/riscv/{csr.c, cpu_helper.c} around:
- Addition of mlwid, slwid, and mwiddeleg CSR (belongs to RISC-V WG extensions: Smwg, Sswg, Smwgd).
- Addition of mwid and mwidlist HW config to CPU.
- Changes into RISC-V CPU's tlb_fill(). Fill the WID value into MemTxAttrs of CPU transaction.
Addition to hw/misc/{riscv_worldguard.c, riscv_wgchecker.c} around:
- Global WorldGuard device which stores the global config value: NWorld
- wgChecker device which does the permission checks of memory and device access.
- It has similar design to hw/misc/tz-mpc.c
Change to hw/riscv/virt.c around:
- Addition of security machine option.
- Similar to "secure=on" option in hw/arm/virt.c
- When security machine option is enabled:
- Addition a global WG device and wgChecker devices for all resources (memories and devices).
- Changes into subregions of system_memory. Replacement of MemoryRegion of protected resources by wgChecker's upstream regions.
- Similar to hw/arm/mps2-tz.c
Components and Repos
TBD.
After finishing the prototype, will send it to https://github.com/sifive/qemu
Stakeholders and Partners
None
Dependencies
None
Measure of Success
An accepted and tested design and implementation by end of 4Q2023.
RISE Requirements
None
Status
| Page Properties | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...