Note: lists.riscv.org will be down for maintenance on Wednesday, October 5th, starting at 9AM Pacific Time (4PM Wednesday October 5, 2022 UTC), for approximately one hour.
Re: [PATCH 0/1] SBI: Introduce Physical Memory Protection Extension
Let's continue the discussion here as it has a wider audience than
The assumption that there'll always be a PMP rule for marking the firmware's memory isn't always true. M-mode can access any region without a matching PMP rule so basically the firmware can be anywhere and work fine, without any PMP rule marking its region. With the current PMP spec this is probably the best approach since it will also prevent S-mode from ever accessing this region (S-mode will fail if there is no matching PMP rule). Why waste a rule for the firmware's region to deny any access from S-mode, when you can have the same result by not putting that rule on PMP ? Even if that assumption was always true, what about systems without PMP, systems with a different number of PMP regions, or systems with custom PMP-equivalent solutions ? Trap-n-emulate is not that generic (e.g. in the case of different number of PMP regions). Any interface from S-mode to PMP or a PMP-equivalent mechanism, should be more abstract than this IMHO.
We should also consider the security implications of exposing the PMP configuration to a less privileged mode. It's one thing to let S-mode know about the DRAM regions that it can't touch because the firmware is there, and another to reveal the full PMP configuration. PMP may contain settings that S-mode doesn't even know about, devices that are not on the device tree for example or DRAM regions that are outside the device tree's /memory node range (so S-mode won't touch them anyway). I'm not a fan of security through obscurity but there are good reasons to keep PMP configuration accessible only to M-mode (in addition to having a more abstract API with S-mode to be able to handle the various system configurations / implementations). We can have S-mode request M-mode to protect specific physical regions that S-mode manages through PMP (or a vendor-specific PMP-equivalent mechanism) but anything more than that doesn't make much sense to me.
If we just want to prevent S-mode from touching firmware's memory we can either exclude its region from the /memory node on the device tree, or let the firmware modify the device tree it passes on to the next-stage boot loader and add a reserved-memory node. I think that's the best approach since it's the most generic one and it's standards-compliant, plus the device-tree is platform-specific anyway, even if it's included on the kernel blob directly without passing through OpenSBI or whatever boot loader is there, we can always add there a reserved region, or modify the /memory node manually.