Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

specification: Make IDE key ownership model clearer #107

Merged
merged 1 commit into from
Mar 22, 2024
Merged

specification: Make IDE key ownership model clearer #107

merged 1 commit into from
Mar 22, 2024

Conversation

sameo
Copy link
Collaborator

@sameo sameo commented Mar 18, 2024

Fixes #83

@sameo sameo requested a review from jyao1 March 18, 2024 07:35
@sameo
Copy link
Collaborator Author

sameo commented Mar 18, 2024

cc @ ozkoyuncu

jyao1
jyao1 reviewed Mar 19, 2024
View reviewed changes
specification/07-theory_operations.adoc Outdated
device and the RP.
* The TSM configures the RP PCIe IDE extended capability.
* For each physical device from which a TDI is bound to a TVM, the TSM that
manages this TVM also generates, owns and distributes the IDE stream keys to
Copy link
Collaborator

@jyao1 jyao1 Mar 19, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we support one TSM manages the TVM, and another TSM managers the device SPDM? Or do we mandate only one TSM must manage both TVM and the corresponding device SPDM?

Also, one device must be managed by one specific TSM right? Or do we allow 2 TSM manage one device?

I think we should clarify the topology for multiple TSMs.

(Also, the relationship with IOMMU instance - maybe in #82)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO since the TSM owns the binding between the device context setup in the IOMMU and the physical SPDM session between the device - I think its required for security that the single TSM does both.

Mutually distrusting supervisor domains with different TSMs are granted resources directly from the hosting domain and are not expected to be in the TCB of another domain by default. Such models may be created but those are achieved via attestation.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rsahita @jyao1 I tried to make that clearer with the latest version of this PR. PTAL.

@jyao1 jyao1 mentioned this pull request Mar 19, 2024
Closed
rsahita
rsahita requested changes Mar 19, 2024
View reviewed changes
Copy link
Collaborator

@rsahita rsahita left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some feedback

@sameo sameo force-pushed the topic/multiple-tsms branch from 7629ee5 to d49d889 Compare March 22, 2024 06:38
rsahita
rsahita reviewed Mar 22, 2024
View reviewed changes
specification/07-theory_operations.adoc Outdated
generate, own and distribute the IDE stream keys to both the physical device
and the RP.
* A TSM must not bind a TVM that it manages with a TDI from a physical device
for which it does own the IDE keys. In other words, TDIs can only be bound to
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you mean “does not own”?
this sentence reads weird

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I meant does not own. Does that read better now?

rsahita
rsahita approved these changes Mar 22, 2024
View reviewed changes
Copy link
Collaborator

@rsahita rsahita left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With some minor clarification needed

@sameo sameo force-pushed the topic/multiple-tsms branch from d49d889 to 4ad094d Compare March 22, 2024 14:26
rsahita
rsahita reviewed Mar 22, 2024
View reviewed changes
specification/07-theory_operations.adoc Outdated
* The TSM that establishes the SPDM connection with a physical device must
generate, own and distribute the IDE stream keys to both the physical device
and the RP.
* A TDI must not be bound to a TVM if the TSM managing the TVM does not owns the
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit typo - owns -> own

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah, thanks. Fixed now.

@sameo sameo force-pushed the topic/multiple-tsms branch from 4ad094d to 53ed5c2 Compare March 22, 2024 15:29
@sameo sameo merged commit 5a1ae45 into riscv-non-isa:main Mar 22, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jyao1 jyao1 jyao1 approved these changes

@rsahita rsahita rsahita approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Qualcomm feedback] 7.1.2. PCIe Root Port Registration
3 participants
@sameo @rsahita @jyao1