On Thu, Aug 01, 2019 at 01:14:11AM +0000, Huang, Yang wrote: > > -----Original Message----- > > From: virtio-dev@lists.oasis-open.org > > [mailto:virtio-dev@lists.oasis-open.org] > > On Behalf Of Stefan Hajnoczi > > Sent: Wednesday, July 31, 2019 22:57 > > To: Huang, Yang <yang.hu...@intel.com> > > Cc: virtio-dev@lists.oasis-open.org; m...@redhat.com; Zhu, Bing > > <bing....@intel.com>; Winkler, Tomas <tomas.wink...@intel.com> > > Subject: Re: [virtio-dev] [PATCH v2] Add virtio rpmb device specification > > > > On Tue, Jul 30, 2019 at 09:46:14PM +0800, Huang Yang wrote: > > > It is a virtio based RPMB (Replay Protected Memory Block) device. > > > > Please include the request structs. There is not enough information in > > this spec > > to implement the device. > > OK. > > > > +\devicenormative{\subsubsection}{Device Operation}{Device Types / > > > +RPMB Device / Device Operation} > > > + > > > +The device provides a simulated RPMB backed by ordinary file or > > > + other medium in host. It SHOULD keep consistent behaviors with > > > > Or it could be a real hardware? The specification shouldn't discuss these > > implementation details except to say that virtio-rpmb could be backed in a > > number of ways. > > This is a good catch. > > But how to implement a physical RPMB backed solution is out of scope. > > If there are multiple guests who want to use RPMB. And their devices are > backed by a same physical RPMB. > 1. Who owns key, who owns RPMB. They should share a same key. If Guest1 > programmed a Key1, the Guest2 MUST use the same Key1. > 2. Device SHOULD isolate the RPMB space to protect from overwritten between > guests. > But address remapping cannot work. Because address remapping by virtio > device will cause to a wrong MAC, it will result to write failure. > 3. RPMB capacity is limited up to 16MB. It cannot support the sharing among a > large number of guests. > > If users want to implement it backed by hardware RPMB, they should have a > whole picture design, which is out of scope of the spec. > Of course, physical backed RPMB still adapts to the rules of the spec. > I will change it to "could be backed in a number of ways."
Yes, all of this is out of scope. I think the VIRTIO spec should avoid saying "guest" and "host" whenever possible and just stick to "driver" and "device". VIRTIO is used in other contexts too, like hardware PCI devices or for cross-CPU communication without virtualization, so it's nice to be as general as we can. > Both simulated and physical RPMB backed solution are implemented on Project > ACRN. > If you are interested, "Secure Storage Virtualization" in this slide shows a > high level design of physical RPMB backed solution: > https://events.linuxfoundation.org/wp-content/uploads/2017/12/Implement-Android-Tamper-Resistant-Secure-Storage-Bing-Zhu_and-Secure-it-in-Virtualization-Bing-Zhu-Intel-Corporation.pdf Thanks for the link!
signature.asc
Description: PGP signature
