SE_01_003 - QEMU WorldGuard support
- Daniel Barboza
- Jim Shu
About
WorldGuard is a Trusted Execution Environment (TEE) security model that allows hardware-level software isolation. It protects software from improper memory and device accesses that can be initiated by any other piece of software present in the system. This is made via the concept of secure domains, also called "worlds", that isolates code execution and data accesses.
Adding WorldGuard support for QEMU accomplishes two things. It'll enable virtual machine software to be isolated using exclusive secure domains. It'll also enable engineers to write secure systems using the QEMU emulation as an alternative of real hardware that might lack WorldGuard support.
WorldGuard Spec v0.4:
- https://lists.riscv.org/g/security/message/710
- PDF: https://lists.riscv.org/g/security/attachment/711/0/worldguard_rvia_spec-v0.4.pdf
Project Scope and Timelines
Change to target/riscv/{csr.c, cpu_helper.c}Ā around:
- Addition of mlwid, slwid, and mwiddeleg CSR (belongs to RISC-V WG extensions: Smwg, Sswg, Smwgd).
- Addition of mwid and mwidlist HW config to CPU.
- Changes into RISC-V CPU's tlb_fill(). Fill the WID value into MemTxAttrs of CPU transaction.
Addition to hw/misc/{riscv_worldguard.c, riscv_wgchecker.c} around:
- Global WorldGuard device which stores the global config value: NWorld
- wgChecker device which does the permission checks of memory and device access.Ā
- It has similar design to hw/misc/tz-mpc.c
Change to hw/riscv/virt.c around:
- Addition of security machine option.
- Similar to "secure=on" option in hw/arm/virt.c
- When security machine option is enabled:
- Addition a global WG device and wgChecker devices for all resources (memories and devices).
- Changes into subregions of system_memory. Replacement of MemoryRegion of protected resources by wgChecker's upstream regions.
- Similar to hw/arm/mps2-tz.c
Components and Repos
TBD.
After finishing the prototype, will send it to https://github.com/sifive/qemu
Stakeholders and Partners
None
Dependencies
None
Measure of Success
An accepted and tested design and implementation by end of 4Q2023.
RISE Requirements
None