Re: [RISC-V] [tech-tee] comments on PMP enhancements


Nick Kossifidis
 

Hello Tariq,

Στις 2020-02-17 11:02, Mr Tariq Kurd έγραψε:
Hi Nick,
Thanks for the feedback, and I understand your arguments.
When you say "It" above are you talking about:
1. my original proposal (DMC and DPL)
2. my updated proposal (M-bit in each PMP entry)
The best solution for us would be the M-bit in each PMP entry and also
DMC, as this gives us the smallest PMP hardware for our embedded
cores.
I can write a two proposals, one for the M-bit and one for DMC and
email them if you like
Tariq
I'm referring to your original proposal of a bit that when set allows for locked rules to be removed / edited (DPL) temporarily. I also see some value as I mentioned for the DMC bit you also proposed and it seems others believe it would be useful, although it can be implemented differently. I understand that you want to be flexible to allow both locked and unlocked rules for M-mode with the per-entry M bit but to me this introduces a security risk and doesn't provide any security benefits.

As we discussed on our conf call we can simply add the two bits you propose on mseccfg introduced on the group's proposal, if you agree with having them disabled by default (to also be backwards compatible), not define DPL as a security control (DMC on the other hand is a security control and we can define it as such), and allow DPL to be locked (possibly with another bit) so that it can't be re-enabled after sw is done using it.

Regards,
Nick

Join tech-privileged@lists.riscv.org to automatically receive all group messages.