Sean Halle wrote:
I have to admit thatHi Sean,
I'm afraid I wasn't completely clear on what question you're asking.
Is your baseline case a Fedora OS that doesn't configure PMP? I don't
know the current behavior of Fedora, but it's certainly possible it
doesn't use PMP to date. If that's the case, the number of PMP entries
your system would need per hart is obviously minimized, possibly zero.
That said, your existing hardware may implement some number of PMP
entries anyway, and I would not know what that number is, for purposes
of comparison. So I think there are yet too many unknowns in this
question for me to try to answer.
In terms of the cost of my proposal for four security levels versus
the task group's working proposal, it's impossible to give any exact
numbers without an actual implementation, but I can suggest some
ballpark estimates. First, there is a cost per PMP entry of one
flip-flop (definitely) and perhaps a dozen additional gates. Add to
that another maybe two dozen gates shared by all PMP entries; how many
gates, I'm not sure. Altogether that should be relatively small
on a per-PMP-entry basis. By far, the most expensive parts of a PMP
implementation have got to be the address CSRs and the checking for
address matches, both of which are unchanged by any of these security
enhancement proposals, either the working proposal or mine.
With my proposal, some systems might need fewer PMP entries than with
the working proposal, which could be a net hardware savings if fewer
entries are actually implemented. Such (potential) savings would be
very much software-dependent.
- John Hauser