Workloads from embedded to servers require confidentiality and integrity protection of data in use against software and hardware adversaries. Providing these protection properties requires architectural support for page-based and region-based physical memory isolation managed at the machine level to be able to create supervisor domains which can host isolated S(H) software. The supervisor domain software can extend the machine-trusted computing base (TCB) to host isolated VMs, applications, and even nested hypervisors within a domain. The M-mode software (referred to here as the root supervisor domain manager) is expected to isolate memory across supervisor domains. Each domain’s supervisor domain manager is used to isolate workloads within that domain using existing privileged mode architecture ((V)U (V)S). Isolated supervisor domains may then provide assurances of data/code confidentiality and integrity independent of other supervisor domains.

The SmMTT task group will define privileged ISA extensions to be used by machine mode to isolate physical memory across supervisor domains. Specifically, per-hart controls for a supervisor domain identifier will be specified along with a memory tracking table (MTT) structure that will specify if a supervisor domain is allowed to access physical memory pages (at architectural page-size granularity per Sv extensions implemented on the hart, or in conjunction with PMP without Sv support). Interaction of the MTT with ePMP will be specified. The MTT will be programmed by M-mode software. M-mode software shall be able to program an MTT structure to specify permissions for any physical address and thus enforce isolation across supervisor domains on a per-hart basis. The MTT shall provide a scalable and compact structure that allows for direct specification of access for a supervisor domain, and extensibility for additional physical page attributes. The MTT shall allow caching of the MTT and MTT-derived access permissions, along with M-mode ISA support for fencing. The TG will specify how a common MTT definition shall be used for physical memory accesses by devices (including the IOMMU) to enforce supervisor domain isolation for devices. The TG will also specify supervisor and guest page table extensions to associate meta-data with address translations for workloads operating in a supervisor domain to support memory sharing (and other use cases requiring metadata) between supervisor domains. The design will follow the threat model compiled in the Trusted Computing SIG and specified in the Security Model.

The TG will develop written specification, simulator (Spike and/or QEMU), priv. software prototypes for supervisor domain security manager (e.g. TSM), compliance (ACT test), and Sail (model) specification for the RISC-V SmMTT extensions. The TG will interface with sub-groups in the Security HC: Trusted computing SIG (AP-TEE TG, AP-TEE-IO TG, Runtime Integrity SIG) as well as the Privileged Software HC, BRS TG and Hypervisor SIG.