Loading...

XML

Word

Printable

Type: Group
Resolution: Unresolved
Priority: Medium
Labels:
None

RVI Staff Action:
Not Required
Group Type:
Task Group (TG)
Groups.io:
https://lists.riscv.org/g/tech-ap-tee
Charter:
https://github.com/riscv-admin/ap-tee
Chair:
Ravi Sahita
Chair Email:
ravi@rivosinc.com
Is Acting Chair?:
No
Chair Affiliation:
Rivos Inc.
Vice-Chair:
Guerney D. H. Hunt
Vice-Chair Email:
gdhh@us.ibm.com
Is Acting Vice-Chair?:
No
Vice-chair Affiliation:
IBM

Confidential computing defines the mechanisms for protecting the confidentiality and integrity of data-in-use against software and hardware attacks. The data-in-use protection is achieved via a hardware-attested Trusted Compute Base (TCB). This TG will define the threat model, reference architecture and interfaces for Scalable Trusted Execution Environments on RISC-V Application Processor-based platforms to support confidential-compute scenarios. The TG will focus on multi-tenant hardware-virtualized workloads to enable the broadest set of confidential workloads while minimizing application changes.

The TG aims to deliver:

A non-ISA specification for an ABI between the TCB and non-TCB components. This ABI enables OS/VMM software to manage confidential workloads, while keeping the OS/VMM software, firmware, developers and system operators outside the TCB. A related non-ISA specification for an ABI between the TCB and workload components e.g. a TEE VM will be specified.
ISA extensions required to fill potential gaps in the ratified privileged ISA (specifically H-extension) needed to satisfy security, performance, TCB isolation, and attestation requirements of various deployment models. Creation of new ISA extensions will be in collaboration with the Privileged Arch. TG and will work with the Priv committee to proceed in the appropriate fashion (as part of this TG or a new TG under priv or fastrack).
A non-normative security analysis document for implementers of this capability that describes platform recommendations including the relevant standard protocols for attestation for interoperability.

Development of these specifications will happen in collaboration with other SIGs/TGs, such as Privileged Arch., Hypervisor, Microarchitecture Side Channels, IOMMU, and Runtime Integrity.

As part of the DoD, the TG will create at least one open-source implementation. The POC consists of required SBI extension(s) for the proposed interfaces hosted by TCB elements e.g., a software and/or hardware-based TEE Security Manager (TSM). The required changes will be made to the Linux/KVM host and Linux guest software to validate the proposed interface. Any ISA proposals made will be modeled via tools such as QEMU/Spike to support the POC.

Period	Chair	Vice-Chair
2023-2024	Ravi Sahita ravi@rivosinc.com	Guerney D. H. Hunt gdhh@us.ibm.com

develops

RVS-1906 Confidential VM Extension (CoVE)

Specification Under Development

is direct-lined by

RVG-68 Security (HC)

Active

is dotted-lined by

RVG-39 Privileged Software (HC)

Active

Assignee:: Ravi Sahita

Reporter:: Rafael Sene

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 14/Jul/23 8:08 PM

Updated:: 12/Apr/24 9:13 PM

Group Creation Date:: 08/Mar/22

Chair Start Date:: 01/Apr/24

Chair End Date:: 12/Apr/25

Vice-Chair Start Date:: 01/Apr/24

Vice-chair End Date:: 12/Apr/25

Details

Description

Attachments

Issue Links

Activity

People

Dates