Skip to content

Commit

Permalink
Described how interrupts are injected on platforms without AIA support
Browse files Browse the repository at this point in the history
Signed-off-by: Wojciech Ozga <wojciech.ozga@outlook.com>
  • Loading branch information
wojciechozga committed Jun 20, 2024
1 parent 1aae73e commit b64488a
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 10 deletions.
5 changes: 3 additions & 2 deletions src/sbi_cove.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -404,8 +404,9 @@ NACL shared memory region.

===== Management of secure interrupts
The host can use the TEE Interrupt Extension (EXT_COVI) to manage secure TVM
interrupts on
platforms with AIA support.
interrupts on platforms with AIA support, or present these interrupts via HVIP
when resuming the vCPU execution via `sbi_covh_run_tvm_vcpu()` on platforms
without AIA support.

===== TVM teardown
The host can teardown a TVM by calling `sbi_covh_destroy_tvm()`. This
Expand Down
26 changes: 18 additions & 8 deletions src/swlifecycle.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -527,6 +527,12 @@ when resuming.

==== TVM external interrupts

Platforms that do not support hardware-accelerated interrupt-controller
virtualization must rely on the OS/VMM for management of external interrupts.
The OS/VMM presents the external interrupt to the TVM via the HVIP register
when resuming the vCPU execution. The TSM must filter presented interrupts to
enforce that it injects only interrupts allow-listed by the TVM.

Hardware-accelerated interrupt-controller virtualization is possible for TVMs on
platform supporting the Advanced Interrupt Architecture [AIA] and an
implementation-defined method of isolating IMSIC guest interrupt files between
Expand Down Expand Up @@ -689,17 +695,21 @@ triggered.

*sbi_covg_allow_external_interrupt*

Registers an interrupt ID that the OS/VMM is allowed to trigger. Passing an
interrupt ID of -1 allows the injection of all external interrupts. TVM vCPUs
are started with all external interrupts completely denied by default. Generates
a TVM exit to notify the OS/VMM of the interrupt vector.
TVM can register an interrupt ID that the OS/VMM is allowed to trigger. Passing an
interrupt ID of the maximum value of unsigned long (`2^64-1`) allows the injection
of all external interrupts. TVM vCPUs are started with all external interrupts
denied by default. This call results in a TVM exit to notify the OS/VMM of the
interrupt vector.

*sbi_covi_inject_tvm_cpu*

Injects a previously allow-listed interrupt into a TVM. The TSM updates the
interrupt state of the targeted virtual hart. The TSM may also enforce
rate-limiting on the injection of interrupts in order to prevent single-step
attacks by the OS/VMM.
The OS/VMM can use this ABI to inject an interrupt into a TVM's vCPU on systems
supporting AIA. On systems that do not support AIA, it should present the interrupts
via HVIP when resuming the vCPU execution via `sbi_covh_run_tvm_vcpu()`.
In both cases, the TSM updates the interrupt state of the targeted virtual hart after
filtering triggered interrupts using the TVM's allow-list. The TSM may also enforce
rate-limiting on the injection of interrupts in order to prevent single-step attacks
by the OS/VMM.

=== TVM shutdown

Expand Down

1 comment on commit b64488a

@gdhh
Copy link
Contributor

@gdhh gdhh commented on b64488a Jun 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have a question on this. I will have to look at the COVE spec before giving a detailed comment.

Please sign in to comment.