...
The IOPMP is a hardware checker located in a bus fabric. It has the ability to check each transaction passing through it on the fly. It is an essential component used to create isolation spaces for trusted execution environments by controlling transactions initiated, especially by I/O agents. This project will help programmers of secure systems using the QEMU emulation as an alternative before their hardware supports IOPMP.
The IOPMP spec v1v0.09.0-draft31: https://github.com/riscv-non-isa/iopmp-spec/blobreleases/main/riscv_iopmp_specification.pdftag/v0.9.1
Project Scope and Timelines
...
- IOPMP device which checks the permission of memory acces with source id (SIDrequestor-role-ID (RRID).
Change to include/exec/memory.h around:
- Addtion function translate_size in IOMMUMemoryRegionClass which has ability to reject paritally hit.
Addtion to hw/dma/riscv_iopmp_dma.c around:
...
Change to hw/riscv/virt.c around:
- Addition of IOPMP "iopmp" machine option.
- When IOPMP "iopmp" option is enabled:
- Addition IOPMP device and DMA deviceRegister the
- DMA device to IOPMP with source id.The devices on the generic PCIe host bridge connect to the IOPMP device
Components and Repos
TBDCurrent verison(v8) patch
[v8] Support RISC-V IOPMP | Patchew
Stakeholders and Partners
...
Other QEMU for RISC-V contributors, including:
- RISE
- Daniel Henrique Barboza
- External
- Alistair Francis (QEMU for RISC-V maintainer)
Dependencies
None
Measure of Success
...
| Page Properties | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...