feat(spec): add spec for confidential VM extension (#144)

Signed-off-by: Longbing Zheng <1211998648@qq.com>

Cargo.toml

@@ -6,6 +6,7 @@ members = [
     "library/sbi-spec",
     "library/sbi-testing",
     "library/rustsbi",
+    "library/riscv-cove",
     "library/penglai",
     "prototyper/prototyper",
     "prototyper/bench-kernel",
@@ -17,6 +18,7 @@ default-members = [
     "library/sbi-rt",
     "library/sbi-spec",
     "library/rustsbi",
+    "library/riscv-cove",
     "library/penglai",
 ]
 

library/riscv-cove/CHANGELOG.md

@@ -0,0 +1,7 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]

library/riscv-cove/Cargo.toml

@@ -0,0 +1,14 @@
+[package]
+name = "riscv-cove"
+description = "Definitions and constants in the Confidential VM Extension"
+version = "0.0.0"
+authors = ["Longbing Zheng <1211998648@qq.com>", "Luo Jia <me@luojia.cc>"]
+documentation = "https://docs.rs/riscv-cove"
+edition.workspace = true
+license.workspace = true
+repository.workspace = true
+keywords = ["riscv", "sbi", "rustsbi", "riscv-cove"]
+categories = ["os", "embedded", "hardware-support", "no-std"]
+
+[dev-dependencies]
+static_assertions = "1.1.0"

library/riscv-cove/src/guest.rs

@@ -0,0 +1,65 @@
+//! Chapter 12. COVE Guest Extension (EID #0x434F5647 "COVG").
+
+/// Extension ID for COVE Guest Extension.
+#[doc(alias = "SBI_EXT_COVG")]
+pub const EID_COVG: usize = crate::eid_from_str("COVG") as _;
+pub use fid::*;
+
+/// Declared in §12.
+mod fid {
+    /// Function ID to mark the specified range of TVM physical address space as used for emulated MMIO.
+    ///
+    /// Declared in §12.1.
+    #[doc(alias = "SBI_EXT_COVG_ADD_MMIO_REGION")]
+    pub const ADD_MMIO_REGION: usize = 0;
+    /// Function ID to remove the specified range of TVM physical address space from the emulated MMIO regions.
+    ///
+    /// Declared in §12.2.
+    #[doc(alias = "SBI_EXT_COVG_REMOVE_MMIO_REGION")]
+    pub const REMOVE_MMIO_REGION: usize = 1;
+    /// Function ID to initiate the assignment-change of TVM physical address space from confidential to non-confidential/shared memory.
+    ///
+    /// Declared in §12.3.
+    #[doc(alias = "SBI_EXT_COVG_SHARE_MEMORY_REGION")]
+    pub const SHARE_MEMORY_REGION: usize = 2;
+    /// Function ID to initiate the assignment-change of TVM physical address space from shared to confidential.
+    ///
+    /// Declared in §12.4.
+    #[doc(alias = "SBI_EXT_COVG_UNSHARE_MEMORY_REGION")]
+    pub const UNSHARE_MEMORY_REGION: usize = 3;
+    /// Function ID to allow injection of the specified external interrupt ID into the calling TVM vCPU.
+    ///
+    /// Declared in §12.5.
+    #[doc(alias = "SBI_EXT_COVG_ALLOW_EXTERNAL_INTERRUPT")]
+    pub const ALLOW_EXTERNAL_INTERRUPT: usize = 4;
+    /// Function ID to deny injection of the specified external interrupt ID into the calling TVM vCPU.
+    ///
+    /// Declared in §12.6.
+    #[doc(alias = "SBI_EXT_COVG_DENY_EXTERNAL_INTERRUPT")]
+    pub const DENY_EXTERNAL_INTERRUPT: usize = 5;
+    /// Function ID to get the SBI implementation attestation capabilities.
+    ///
+    /// Declared in §12.7.
+    #[doc(alias = "SBI_EXT_COVG_GET_ATTESTATION_CAPABILITIES")]
+    pub const GET_ATTESTATION_CAPABILITIES: usize = 6;
+    /// Function ID to extend the TVM runtime set of measurements with one additional data blob.
+    ///
+    /// Declared in §12.8.
+    #[doc(alias = "SBI_EXT_COVG_EXTEND_MEASUREMENT")]
+    pub const EXTEND_MEASUREMENT: usize = 7;
+    /// Function ID to get an attestation evidence to report to a remote relying party.
+    ///
+    /// Declared in §12.9.
+    #[doc(alias = "SBI_EXT_COVG_GET_EVIDENCE")]
+    pub const GET_EVIDENCE: usize = 8;
+    /// Function ID to request TSM for a secret available after successful local attestation.
+    ///
+    /// Declared in §12.10.
+    #[doc(alias = "SBI_EXT_COVG_RETRIEVE_SECRET")]
+    pub const RETRIEVE_SECRET: usize = 9;
+    /// Function ID to return a TVM measurement register value for the specified measurement register.
+    ///
+    /// Declared in §12.11.
+    #[doc(alias = "SBI_EXT_COVG_READ_MEASUREMENT")]
+    pub const READ_MEASUREMENT: usize = 10;
+}

library/riscv-cove/src/host.rs

@@ -0,0 +1,110 @@
+//! Chapter 10. COVE Host Extension (EID #0x434F5648 "COVH").
+
+/// Extension ID for COVE Host Extension.
+#[doc(alias = "SBI_EXT_COVH")]
+pub const EID_COVH: usize = crate::eid_from_str("COVH") as _;
+pub use fid::*;
+
+/// Declared in §10.
+mod fid {
+    /// Function ID to get TEE Security Monitor (TSM) information.
+    ///
+    /// Declared in §10.2.
+    #[doc(alias = "SBI_EXT_COVH_GET_TSM_INFO")]
+    pub const GET_TSM_INFO: usize = 0;
+    /// Function ID to convert pages.
+    ///
+    /// Declared in §10.3.
+    #[doc(alias = "SBI_EXT_COVH_CONVERT_PAGES")]
+    pub const CONVERT_PAGES: usize = 1;
+    /// Function ID to reclaim pages.
+    ///
+    /// Declared in §10.4.
+    #[doc(alias = "SBI_EXT_COVH_RECLAIM_PAGES")]
+    pub const RECLAIM_PAGES: usize = 2;
+    /// Function ID to initiate global fence.
+    ///
+    /// Declared in §10.5.
+    #[doc(alias = "SBI_EXT_COVH_GLOBAL_FENCE")]
+    pub const GLOBAL_FENCE: usize = 3;
+    /// Function ID to local fence.
+    ///
+    /// Declared in §10.6.
+    #[doc(alias = "SBI_EXT_COVH_LOCAL_FENCE")]
+    pub const LOCAL_FENCE: usize = 4;
+    /// Function ID to create TVM.
+    ///
+    /// Declared in §10.7.
+    #[doc(alias = "SBI_EXT_COVH_CREATE_TVM")]
+    pub const CREATE_TVM: usize = 5;
+    /// Function ID to finalize TVM.
+    ///
+    /// Declared in §10.8.
+    #[doc(alias = "SBI_EXT_COVH_FINALIZE_TVM")]
+    pub const FINALIZE_TVM: usize = 6;
+    /// Function ID to promote to TVM.
+    ///
+    /// Declared in §10.9.
+    #[doc(alias = "SBI_EXT_COVH_PROMOTE_TO_TVM")]
+    pub const PROMOTE_TO_TVM: usize = 7;
+    /// Function ID to destroy TVM.
+    ///
+    /// Declared in §10.10.
+    #[doc(alias = "SBI_EXT_COVH_DESTROY_TVM")]
+    pub const DESTROY_TVM: usize = 8;
+    /// Function ID to add TVM memory region.
+    ///
+    /// Declared in §10.11.
+    #[doc(alias = "SBI_EXT_COVH_ADD_TVM_MEMORY_REGION")]
+    pub const ADD_TVM_MEMORY_REGION: usize = 9;
+    /// Function ID to add TVM page table pages.
+    ///
+    /// Declared in §10.12.
+    #[doc(alias = "SBI_EXT_COVH_ADD_TVM_PAGE_TABLE_PAGES")]
+    pub const ADD_TVM_PAGE_TABLE_PAGES: usize = 10;
+    /// Function ID to add TVM measured pages.
+    ///
+    /// Declared in §10.13.
+    #[doc(alias = "SBI_EXT_COVH_ADD_TVM_MEASURED_PAGES")]
+    pub const ADD_TVM_MEASURED_PAGES: usize = 11;
+    /// Function ID to add TVM zero pages.
+    ///
+    /// Declared in §10.14.
+    #[doc(alias = "SBI_EXT_COVH_ADD_TVM_ZERO_PAGES")]
+    pub const ADD_TVM_ZERO_PAGES: usize = 12;
+    /// Function ID to add TVM shared pages.
+    ///
+    /// Declared in §10.15.
+    #[doc(alias = "SBI_EXT_COVH_ADD_TVM_SHARED_PAGES")]
+    pub const ADD_TVM_SHARED_PAGES: usize = 13;
+    /// Function ID to create TVM vCPU.
+    ///
+    /// Declared in §10.16.
+    #[doc(alias = "SBI_EXT_COVH_CREATE_TVM_VCPU")]
+    pub const CREATE_TVM_VCPU: usize = 14;
+    /// Function ID to run TVM vCPU.
+    ///
+    /// Declared in §10.17.
+    #[doc(alias = "SBI_EXT_COVH_RUN_TVM_VCPU")]
+    pub const RUN_TVM_VCPU: usize = 15;
+    /// Function ID to initiate TVM fence.
+    ///
+    /// Declared in §10.18.
+    #[doc(alias = "SBI_EXT_COVH_TVM_FENCE")]
+    pub const TVM_FENCE: usize = 16;
+    /// Function ID to invalidate TVM pages.
+    ///
+    /// Declared in §10.19.
+    #[doc(alias = "SBI_EXT_COVH_TVM_INVALIDATE_PAGES")]
+    pub const TVM_INVALIDATE_PAGES: usize = 17;
+    /// Function ID to validate TVM pages.
+    ///
+    /// Declared in §10.20.
+    #[doc(alias = "SBI_EXT_COVH_TVM_VALIDATE_PAGES")]
+    pub const TVM_VALIDATE_PAGES: usize = 18;
+    /// Function ID to remove TVM pages.
+    ///
+    /// Declared in §10.21.
+    #[doc(alias = "SBI_EXT_COVH_TVM_REMOVE_PAGES")]
+    pub const TVM_REMOVE_PAGES: usize = 19;
+}

library/riscv-cove/src/interrupt.rs

@@ -0,0 +1,65 @@
+//! Chapter 11. COVE Interrupt Extension (EID #0x434F5649 "COVI").
+
+/// Extension ID for COVE Interrupt Extension.
+#[doc(alias = "SBI_EXT_COVI")]
+pub const EID_COVI: usize = crate::eid_from_str("COVI") as _;
+pub use fid::*;
+
+/// Declared in §11.
+mod fid {
+    /// Function ID to initialize TVM AIA.
+    ///
+    /// Declared in §11.1.
+    #[doc(alias = "SBI_EXT_COVI_INIT_TVM_AIA")]
+    pub const INIT_TVM_AIA: usize = 0;
+    /// Function ID to set the guest physical address of the specified vCPU's virtualized IMSIC.
+    ///
+    /// Declared in §11.2.
+    #[doc(alias = "SBI_EXT_COVI_SET_TVM_AIA_CPU_IMSIC_ADDR")]
+    pub const SET_TVM_AIA_CPU_IMSIC_ADDR: usize = 1;
+    /// Function ID to convert the non-confidential guest interrupt file for use with a TVM.
+    ///
+    /// Declared in §11.3.
+    #[doc(alias = "SBI_EXT_COVI_CONVERT_AIA_IMSIC")]
+    pub const CONVERT_AIA_IMSIC: usize = 2;
+    /// Function ID to reclaim the confidential TVM interrupt file.
+    ///
+    /// Declared in §11.4.
+    #[doc(alias = "SBI_EXT_COVI_RECLAIM_TVM_AIA_IMSIC")]
+    pub const RECLAIM_TVM_AIA_IMSIC: usize = 3;
+    /// Function ID to bind a TVM vCPU to the current physical CPU.
+    ///
+    /// Declared in §11.5.
+    #[doc(alias = "SBI_EXT_COVI_BIND_AIA_IMSIC")]
+    pub const BIND_AIA_IMSIC: usize = 4;
+    /// Function ID to begin the unbinding process for the specified vCPU from its guest interrupt files.
+    ///
+    /// Declared in §11.6.
+    #[doc(alias = "SBI_EXT_COVI_UNBIND_AIA_IMSIC_BEGIN")]
+    pub const UNBIND_AIA_IMSIC_BEGIN: usize = 5;
+    /// Function ID to complete the unbinding process for the specified vCPU from its guest interrupt files.
+    ///
+    /// Declared in §11.7.
+    #[doc(alias = "SBI_EXT_COVI_UNBIND_AIA_IMSIC_END")]
+    pub const UNBIND_AIA_IMSIC_END: usize = 6;
+    /// Function ID to inject an external interrupt into the specified vCPU.
+    ///
+    /// Declared in §11.8.
+    #[doc(alias = "SBI_EXT_COVI_INJECT_TVM_CPU")]
+    pub const INJECT_TVM_CPU: usize = 7;
+    /// Function ID to begin the rebinding process for the specified vCPU to the current physical CPU.
+    ///
+    /// Declared in §11.9.
+    #[doc(alias = "SBI_EXT_COVI_REBIND_AIA_IMSIC_BEGIN")]
+    pub const REBIND_AIA_IMSIC_BEGIN: usize = 8;
+    /// Function ID to clone the old guest interrupt file of the specified vCPU.
+    ///
+    /// Declared in §11.10.
+    #[doc(alias = "SBI_EXT_COVI_REBIND_AIA_IMSIC_CLONE")]
+    pub const REBIND_AIA_IMSIC_CLONE: usize = 9;
+    /// Function ID to complete the rebinding process for the specified vCPU.
+    ///
+    /// Declared in §11.11.
+    #[doc(alias = "SBI_EXT_COVI_REBIND_AIA_IMSIC_END")]
+    pub const REBIND_AIA_IMSIC_END: usize = 10;
+}

library/riscv-cove/src/lib.rs

@@ -0,0 +1,93 @@
+//! Confidential VM Extension (CoVE) structure and constant definitions.
+//!
+//! Confidential VM Extension (CoVE) provides an interface for a scalable
+//! Trusted Execution Environment (TEE) that supports hardware virtual-machine-based
+//! workloads on RISC-V platforms.
+//!
+//! This crate can be integrated as part of RustSBI and used in Prototyper,
+//! or included as a component of Rust-based bare-metal applications or operating
+//! systems to facilitate invoking services provided by the Confidential VM Extension.
+#![no_std]
+
+// §10
+pub mod host;
+// §11
+pub mod interrupt;
+// §12
+pub mod guest;
+
+/// Converts SBI EID from str.
+const fn eid_from_str(name: &str) -> i32 {
+    match *name.as_bytes() {
+        [a] => i32::from_be_bytes([0, 0, 0, a]),
+        [a, b] => i32::from_be_bytes([0, 0, a, b]),
+        [a, b, c] => i32::from_be_bytes([0, a, b, c]),
+        [a, b, c, d] => i32::from_be_bytes([a, b, c, d]),
+        _ => unreachable!(),
+    }
+}
+#[cfg(test)]
+mod tests {
+    use static_assertions::const_assert_eq;
+    // §10
+    #[test]
+    fn test_cove_host() {
+        use crate::host::*;
+        const_assert_eq!(0x434F5648, EID_COVH);
+        const_assert_eq!(0, GET_TSM_INFO);
+        const_assert_eq!(1, CONVERT_PAGES);
+        const_assert_eq!(2, RECLAIM_PAGES);
+        const_assert_eq!(3, GLOBAL_FENCE);
+        const_assert_eq!(4, LOCAL_FENCE);
+        const_assert_eq!(5, CREATE_TVM);
+        const_assert_eq!(6, FINALIZE_TVM);
+        const_assert_eq!(8, DESTROY_TVM);
+        const_assert_eq!(9, ADD_TVM_MEMORY_REGION);
+        const_assert_eq!(10, ADD_TVM_PAGE_TABLE_PAGES);
+        const_assert_eq!(11, ADD_TVM_MEASURED_PAGES);
+        const_assert_eq!(12, ADD_TVM_ZERO_PAGES);
+        const_assert_eq!(13, ADD_TVM_SHARED_PAGES);
+        const_assert_eq!(14, CREATE_TVM_VCPU);
+        const_assert_eq!(15, RUN_TVM_VCPU);
+        const_assert_eq!(16, TVM_FENCE);
+        const_assert_eq!(17, TVM_INVALIDATE_PAGES);
+        const_assert_eq!(18, TVM_VALIDATE_PAGES);
+        const_assert_eq!(19, TVM_REMOVE_PAGES);
+    }
+
+    // §11
+    #[test]
+    fn test_cove_interrupt() {
+        use crate::interrupt::*;
+        const_assert_eq!(0x434F5649, EID_COVI);
+        const_assert_eq!(0, INIT_TVM_AIA);
+        const_assert_eq!(1, SET_TVM_AIA_CPU_IMSIC_ADDR);
+        const_assert_eq!(2, CONVERT_AIA_IMSIC);
+        const_assert_eq!(3, RECLAIM_TVM_AIA_IMSIC);
+        const_assert_eq!(4, BIND_AIA_IMSIC);
+        const_assert_eq!(5, UNBIND_AIA_IMSIC_BEGIN);
+        const_assert_eq!(6, UNBIND_AIA_IMSIC_END);
+        const_assert_eq!(7, INJECT_TVM_CPU);
+        const_assert_eq!(8, REBIND_AIA_IMSIC_BEGIN);
+        const_assert_eq!(9, REBIND_AIA_IMSIC_CLONE);
+        const_assert_eq!(10, REBIND_AIA_IMSIC_END);
+    }
+
+    // §12
+    #[test]
+    fn test_cove_guest() {
+        use crate::guest::*;
+        const_assert_eq!(0x434F5647, EID_COVG);
+        const_assert_eq!(0, ADD_MMIO_REGION);
+        const_assert_eq!(1, REMOVE_MMIO_REGION);
+        const_assert_eq!(2, SHARE_MEMORY_REGION);
+        const_assert_eq!(3, UNSHARE_MEMORY_REGION);
+        const_assert_eq!(4, ALLOW_EXTERNAL_INTERRUPT);
+        const_assert_eq!(5, DENY_EXTERNAL_INTERRUPT);
+        const_assert_eq!(6, GET_ATTESTATION_CAPABILITIES);
+        const_assert_eq!(7, EXTEND_MEASUREMENT);
+        const_assert_eq!(8, GET_EVIDENCE);
+        const_assert_eq!(9, RETRIEVE_SECRET);
+        const_assert_eq!(10, READ_MEASUREMENT);
+    }
+}