Hi Achin,

Would you mind elaborating more on why the SPM needs to determine the security state and why it is important to do this without trusting the SP? When you say SPM, it sounds like you are talking about the SPMD running in EL3 for ex., that is not a part of the SPMC which perhaps runs as S-EL2 and the SPMD may need to know this to figure out how to map a particular physical page. Is that the use case you are thinking about?

Thanks Raghu

On 6/4/20 3:07 AM, Achin Gupta via Hafnium wrote:

Hi All,

I am thinking of a scenario where a SP shares Non-secure memory with one or more SPs or VMs. The NS memory region could have been donated to the SP by a VM earlier (far fetched but possible).

The question is how does the SPM determine the security state of the memory region being shared by the SP.

It is especially important that the SPM does this without trusting the SP.

I don't think it should rely on the AT* instructions. The SP could change the security state of the region in S1. AFAIK, there are no AT* instructions that only do S2 walks with a IPA as an input.

So is the only option to perform a walk in both the Secure and Non-secure S2 tables to determine where is the address mapped.

This seems a bit clunky. So wondering if I am missing anything and there is an easier way to do this.

What do you reckon?

cheers, Achin