[PATCH 1/1] Proposal to add Coffer to the SBI impl IDs list
This is a proposal to add Coffer Trusted Execution Environment(TEE) as a new member of SBI Implementations List.
Coffer is a TEE implemented for RISC-V 32/64 systems. It utilizes the minimal hardware isolating primitive PMPs to provide a seperate execution environment for the TAs (Trusted Applications).
Unlike Diosix, it does not aim to provide a fully functional hypervised container, it more focuses on the I/O security and TAs attestations to run small TAs.
The final goal of Coffer is to provide an easy-to-use TEE software interface and implementation for all RISC-V devices with only PMP available which includes a massive number of IoT devices.
Apart from that, I also hopes to see one day that SBI Standard can be implemented on other platforms like ARM.
Currently, Coffer can already support booting Linux on both QEMU and an actual board called Nezha D1 which is also the first massively produced RISC-V SoC that support Linux.
It also comes with the basic isolation mechanism to isolate different S-Mode programs using PMPs.
I'm also working on porting Coffer to SiFive board, which has been tested on QEMU SiFive emulation but not on the actual board.
Written in a memory safe and strong typed language Rust, Coffer can be formally verified to ensure its correctness and functionality, which is an essential property for systems that requires high security. Moreover, as Coffer focus on IoT devices, it ensures I/O security through IPI mechanism to securely transfer I/O periphrals between different TAs and Linux itself.
As Coffer requires its own SBI calls to communicate between S-Mode programs and Coffer itself, I hope this can be archived through firmware
specific extension space. Thus, I want to request an implementation ID for the Coffer project so that Coffer can provide its TEE functionality while implementing the SBI standard.
Below is the patch to assign impl ID 6 to Coffer. I'm very glad to answer any doubts and questions w.r.t the Coffer project.
diff --git a/riscv-sbi.adoc b/riscv-sbi.adoc index 3ec9486..127d8c7 100644 --- a/riscv-sbi.adoc +++ b/riscv-sbi.adoc @@ -277,6 +277,7 @@ value for this CSR. | 3 | KVM | 4 | RustSBI | 5 | Diosix +| 6 | Coffer |=== == Legacy Extensions (EIDs #0x00 - #0x0F)