OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

virtio-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [virtio-dev] [PATCH v2] Add virtio rpmb device specification

> -----Original Message-----
> From: virtio-dev@lists.oasis-open.org [mailto:virtio-dev@lists.oasis-open.org]
> On Behalf Of Stefan Hajnoczi
> Sent: Wednesday, July 31, 2019 22:57
> To: Huang, Yang <yang.huang@intel.com>
> Cc: virtio-dev@lists.oasis-open.org; mst@redhat.com; Zhu, Bing
> <bing.zhu@intel.com>; Winkler, Tomas <tomas.winkler@intel.com>
> Subject: Re: [virtio-dev] [PATCH v2] Add virtio rpmb device specification
> On Tue, Jul 30, 2019 at 09:46:14PM +0800, Huang Yang wrote:
> > It is a virtio based RPMB (Replay Protected Memory Block) device.
> Please include the request structs.  There is not enough information in this spec
> to implement the device.


> > +\devicenormative{\subsubsection}{Device Operation}{Device Types /
> > +RPMB Device / Device Operation}
> > +
> > +The device provides a simulated RPMB backed by ordinary file or
> > +  other medium in host. It SHOULD keep consistent behaviors with
> Or it could be a real hardware?  The specification shouldn't discuss these
> implementation details except to say that virtio-rpmb could be backed in a
> number of ways.

This is a good catch. 

But how to implement a physical RPMB backed solution is out of scope.

If there are multiple guests who want to use RPMB. And their devices are backed by a same physical RPMB.
1. Who owns key, who owns RPMB. They should share a same key. If Guest1 programmed a Key1, the Guest2 MUST use the same Key1.
2. Device SHOULD  isolate the RPMB space to protect from overwritten between guests.
    But address remapping cannot work. Because address remapping by virtio device will cause to a wrong MAC, it will result to write failure.
3. RPMB capacity is limited up to 16MB. It cannot support the sharing among a large number of guests.

If users want to implement it backed by hardware RPMB, they should have a whole picture design, which is out of scope of the spec.
Of course, physical backed RPMB still adapts to the rules of the spec.
I will change it to "could be backed in a number of ways."

Both simulated and physical RPMB backed solution are implemented on Project ACRN.
If you are interested, "Secure Storage Virtualization" in this slide shows a high level design of physical RPMB backed solution: 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]