[PATCH 2/2] Specify M-mode protection content for platforms with M-mode


atishp@...
 

This version of the platform specification doesn't mandate M-mode
requirements. However, it should specify M-mode access protection
from lower privilege modes for platforms that do implement M-mode.
Otherwise, it is not very clear that such protection is required
to avoid lower privilege modes overwriting the memory where resident
firmware continues to run.

Signed-off-by: Atish Patra <atish.patra@...>
---
riscv-platform-spec.adoc | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)

diff --git a/riscv-platform-spec.adoc b/riscv-platform-spec.adoc
index bf92acb32329..a3c9c7b2ffb2 100644
--- a/riscv-platform-spec.adoc
+++ b/riscv-platform-spec.adoc
@@ -543,6 +543,18 @@ software components:
Rationale: The platform specification intends to avoid fragmentation and
promotes interoperability.

+=== Security
+** If M-mode is supported in the platform, all machine mode assets, such as
+code and data, are protected from all non-machine mode accesses from the
+harts in the system. Additionally, I/O agent access protection should also
+required within the system to protect machine mode assets. Therefore, the
+following requirements are recommended for platforms with M-mode:
+
+*** Platform should provide a protection mechanism from non-machine mode hart
+transactions that precisely traps if violated.
+*** Platform should provide a protection mechanism from I/O agents manipulating
+or accessing machine mode assets.
+
// Server extension for OS-A Platform
=== Server Extension
The server extension specifies additional requirements for server class
@@ -932,6 +944,16 @@ configuration.
** It is clearly understood what aspects of the platform boot process are
protected by secure boot.

+** If M-mode is supported in the platform, all machine mode assets, such as
+code and data, are protected from all non-machine mode accesses from the
+harts in the system. Additionally, I/O agent access protection should also
+required within the system to protect machine mode assets. Therefore, the
+following requirements are recommended for platforms with M-mode:
+
+*** Platform should provide a protection mechanism from non-machine mode hart
+transactions that precisely traps if violated.
+*** Platform should provide a protection mechanism from I/O agents manipulating
+or accessing machine mode assets.

==== RAS
All the below mentioned RAS features are required for the OS-A platform server
--
2.31.1

Join tech-unixplatformspec@lists.riscv.org to automatically receive all group messages.