riscv-cove 0.0.0

Definitions and constants in the Confidential VM Extension
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208

//! Chapter 10. COVE Host Extension (EID #0x434F5648 "COVH").

/// Extension ID for COVE Host Extension.
#[doc(alias = "SBI_EXT_COVH")]
pub const EID_COVH: usize = crate::eid_from_str("COVH") as _;
pub use fid::*;

/// Declared in §10.
mod fid {
    /// Function ID to get TEE Security Monitor (TSM) information.
    ///
    /// Declared in §10.2.
    #[doc(alias = "SBI_EXT_COVH_GET_TSM_INFO")]
    pub const GET_TSM_INFO: usize = 0;
    /// Function ID to convert pages.
    ///
    /// Declared in §10.3.
    #[doc(alias = "SBI_EXT_COVH_CONVERT_PAGES")]
    pub const CONVERT_PAGES: usize = 1;
    /// Function ID to reclaim pages.
    ///
    /// Declared in §10.4.
    #[doc(alias = "SBI_EXT_COVH_RECLAIM_PAGES")]
    pub const RECLAIM_PAGES: usize = 2;
    /// Function ID to initiate global fence.
    ///
    /// Declared in §10.5.
    #[doc(alias = "SBI_EXT_COVH_GLOBAL_FENCE")]
    pub const GLOBAL_FENCE: usize = 3;
    /// Function ID to local fence.
    ///
    /// Declared in §10.6.
    #[doc(alias = "SBI_EXT_COVH_LOCAL_FENCE")]
    pub const LOCAL_FENCE: usize = 4;
    /// Function ID to create TVM.
    ///
    /// Declared in §10.7.
    #[doc(alias = "SBI_EXT_COVH_CREATE_TVM")]
    pub const CREATE_TVM: usize = 5;
    /// Function ID to finalize TVM.
    ///
    /// Declared in §10.8.
    #[doc(alias = "SBI_EXT_COVH_FINALIZE_TVM")]
    pub const FINALIZE_TVM: usize = 6;
    /// Function ID to promote to TVM.
    ///
    /// Declared in §10.9.
    #[doc(alias = "SBI_EXT_COVH_PROMOTE_TO_TVM")]
    pub const PROMOTE_TO_TVM: usize = 7;
    /// Function ID to destroy TVM.
    ///
    /// Declared in §10.10.
    #[doc(alias = "SBI_EXT_COVH_DESTROY_TVM")]
    pub const DESTROY_TVM: usize = 8;
    /// Function ID to add TVM memory region.
    ///
    /// Declared in §10.11.
    #[doc(alias = "SBI_EXT_COVH_ADD_TVM_MEMORY_REGION")]
    pub const ADD_TVM_MEMORY_REGION: usize = 9;
    /// Function ID to add TVM page table pages.
    ///
    /// Declared in §10.12.
    #[doc(alias = "SBI_EXT_COVH_ADD_TVM_PAGE_TABLE_PAGES")]
    pub const ADD_TVM_PAGE_TABLE_PAGES: usize = 10;
    /// Function ID to add TVM measured pages.
    ///
    /// Declared in §10.13.
    #[doc(alias = "SBI_EXT_COVH_ADD_TVM_MEASURED_PAGES")]
    pub const ADD_TVM_MEASURED_PAGES: usize = 11;
    /// Function ID to add TVM zero pages.
    ///
    /// Declared in §10.14.
    #[doc(alias = "SBI_EXT_COVH_ADD_TVM_ZERO_PAGES")]
    pub const ADD_TVM_ZERO_PAGES: usize = 12;
    /// Function ID to add TVM shared pages.
    ///
    /// Declared in §10.15.
    #[doc(alias = "SBI_EXT_COVH_ADD_TVM_SHARED_PAGES")]
    pub const ADD_TVM_SHARED_PAGES: usize = 13;
    /// Function ID to create TVM vCPU.
    ///
    /// Declared in §10.16.
    #[doc(alias = "SBI_EXT_COVH_CREATE_TVM_VCPU")]
    pub const CREATE_TVM_VCPU: usize = 14;
    /// Function ID to run TVM vCPU.
    ///
    /// Declared in §10.17.
    #[doc(alias = "SBI_EXT_COVH_RUN_TVM_VCPU")]
    pub const RUN_TVM_VCPU: usize = 15;
    /// Function ID to initiate TVM fence.
    ///
    /// Declared in §10.18.
    #[doc(alias = "SBI_EXT_COVH_TVM_FENCE")]
    pub const TVM_FENCE: usize = 16;
    /// Function ID to invalidate TVM pages.
    ///
    /// Declared in §10.19.
    #[doc(alias = "SBI_EXT_COVH_TVM_INVALIDATE_PAGES")]
    pub const TVM_INVALIDATE_PAGES: usize = 17;
    /// Function ID to validate TVM pages.
    ///
    /// Declared in §10.20.
    #[doc(alias = "SBI_EXT_COVH_TVM_VALIDATE_PAGES")]
    pub const TVM_VALIDATE_PAGES: usize = 18;
    /// Function ID to remove TVM pages.
    ///
    /// Declared in §10.21.
    #[doc(alias = "SBI_EXT_COVH_TVM_REMOVE_PAGES")]
    pub const TVM_REMOVE_PAGES: usize = 19;
}

/// Possible state of a TEE Virtual Machine (TVM).
#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash)]
#[repr(u32)]
pub enum TvmState {
    /// TVM has been created, but isn’t yet ready to run.
    Initializing = 0,
    /// TVM is in a runnable state, and can be executed.
    Runnable = 1,
}

#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash)]
#[repr(u32)]
pub enum TsmPageType {
    /// 4 KiB.
    Page4K = 0,
    /// 2 MiB.
    Page2M = 1,
    /// 1 GiB.
    Page1G = 2,
    /// 512 GiB.
    Page512G = 3,
}

/// Possible state of a TEE Security Manager (TSM).
#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash)]
#[repr(u32)]
pub enum TsmState {
    /// TSM has not been loaded on this platform.
    NotLoaded = 0,
    /// TSM has been loaded, but has not yet been initialized.
    Loaded = 1,
    /// TSM has been loaded & initialized, and is ready to accept ECALLs.
    Ready = 2,
}

// TODO generic type of T replacing `usize`s, see sbi_spec::binary::SbiRet
/// Information structure of a TEE Security Manager (TSM).
#[derive(Clone, Debug, PartialEq, Eq, Hash)]
#[repr(C)]
pub struct TsmInfo {
    /// The raw current state of the TSM.
    ///
    /// If the state is not [`Ready`], the remanining fields are invalid
    /// and will be initialized to zero.
    ///
    /// [`Ready`]: struct.TsmState.html#Ready
    pub tsm_state: u32,
    /// Identifier of the TSM implementation.
    ///
    /// This identifier is intended to distinguish among different TSM
    /// implementations, potentially managed by different organizations,
    /// that might target different deployment models and, thus,
    /// implement subset of CoVE specification.
    pub tsm_impl_id: u32,
    /// Version number of the running TSM.
    pub tsm_version: u32,
    /// A bit mask of CoVE features supported by the running TSM.
    ///
    /// Every bit in this field corresponds to a capability defined by
    /// constants. Presense of bit `i` indicates that both the TSM and
    /// hardware support the corresponding capability.
    pub tsm_capabilities: usize,
    /// The number of 4-KiB pages which must be donated to the TSM for
    /// storing TVM state in `covh_create_tvm_vcpu`.
    ///
    /// `0` if the TSM does not support the dynamic memory allocation
    /// capability.
    pub tvm_state_pages: usize,
    /// The maximum number of vCPUs a TVM can support.
    pub tvm_max_vcpus: usize,
    /// The number of 4-KiB pages which must be donated to the TSM when
    /// creating a new vCPU.
    ///
    /// `0` if the TSM does not support the dynamic memory allocation
    /// capability.
    pub tvm_vcpu_state_pages: usize,
}

/// Specified parameters of creating a confidential TEE Virtual Machine (TVM).
#[derive(Clone, Debug, PartialEq, Eq, Hash)]
#[repr(C)]
pub struct TvmCreateParams {
    /// The base physical address of the 16KB confidential memory region
    /// that should be used for the TVM's page directory.
    ///
    /// Must be 16KB-aligned.
    pub tvm_page_directory_addr: usize,
    /// The base physical address of the confidential memory region to
    /// be used to hold the TVM's state.
    ///
    /// Must be page-aligned and the number of pages must be at least
    /// the value returned in tsm_info.vm_state_pages returned by the
    /// call to sbi_covh_get_tsm_info().
    pub tvm_state_addr: usize,
}

// TODO unit tests on offsets of TsmInfo.