Support for CoVE v0.7

security-monitor/src/confidential_flow/declassify_to_confidential_vm.rs

@@ -3,7 +3,7 @@
 // SPDX-License-Identifier: Apache-2.0
 use crate::confidential_flow::handlers::mmio::{MmioLoadResponse, MmioStoreResponse};
 use crate::confidential_flow::handlers::sbi::SbiResponse;
-use crate::non_confidential_flow::handlers::cove_hypervisor_extension::RunConfidentialHart;
+use crate::non_confidential_flow::handlers::cove_host_extension::RunConfidentialHart;
 
 /// Declassifiers that expose part of the hypervisor's state to a confidential VM's hart.
 pub enum DeclassifyToConfidentialVm {

security-monitor/src/core/architecture/riscv/sbi/covh_extension.rs

@@ -47,21 +47,28 @@ impl CovhExtension {
     }
 }
 
-/// State of the security monitor communicated to the hypervisor. This structure is defined in CoVE specification.
-#[repr(u32)]
-pub enum SecurityMonitorState {
-    NotLoaded = 0,
-    Loaded = 1,
-    Ready = 2,
-}
-
 /// Information written by the security monitor to the hypervisor memory, representing the state of the security monitor. This structure is
 /// defined in CoVE specification.
 #[repr(C)]
-pub struct SecurityMonitorInfo {
-    pub security_monitor_state: SecurityMonitorState,
-    pub security_monitor_version: u32,
+pub struct TsmInfo {
+    pub tsm_state: u32,
+    pub tsm_impl_id: u32,
+    pub tsm_version: u32,
+    pub tsm_capabilities: u64,
     pub state_pages: u64,
     pub max_vcpus: u64,
     pub vcpu_state_pages: u64,
 }
+
+impl TsmInfo {
+    pub const COVE_TSM_STATE_NOT_LOADED: u32 = 0;
+    pub const COVE_TSM_STATE_LOADED: u32 = 1;
+    pub const COVE_TSM_STATE_READY: u32 = 2;
+    pub const COVE_TSM_IMPL_ACE: u32 = 2;
+    pub const COVE_TSM_CAP_PROMOTE_TVM: u64 = 1 << 0;
+    pub const COVE_TSM_CAP_ATTESTATION_LOCAL_MASK: u64 = 1 << 1;
+    pub const COVE_TSM_CAP_ATTESTATION_REMOTE_MASK: u64 = 1 << 2;
+    pub const COVE_TSM_CAP_AIA_MASK: u64 = 1 << 3;
+    pub const COVE_TSM_CAP_MRIF_MASK: u64 = 1 << 4;
+    pub const COVE_TSM_CAP_MEMORY_ALLOCATION_MASK: u64 = 1 << 5;
+}

security-monitor/src/non_confidential_flow/finite_state_machine.rs

@@ -11,7 +11,7 @@ use crate::core::architecture::TrapCause;
 use crate::core::architecture::TrapCause::*;
 use crate::core::control_data::{ConfidentialVmId, HardwareHart, HypervisorHart};
 use crate::error::Error;
-use crate::non_confidential_flow::handlers::cove_hypervisor_extension::{
+use crate::non_confidential_flow::handlers::cove_host_extension::{
     DestroyConfidentialVm, GetSecurityMonitorInfo, PromoteToConfidentialVm, RunConfidentialHart,
 };
 use crate::non_confidential_flow::handlers::nested_acceleration_extension::{NaclProbeFeature, NaclSetupSharedMemory};

security-monitor/src/non_confidential_flow/handlers/cove_hypervisor_extension/get_security_monitor_info.rs → security-monitor/src/non_confidential_flow/handlers/cove_host_extension/get_security_monitor_info.rs

@@ -1,7 +1,7 @@
 // SPDX-FileCopyrightText: 2023 IBM Corporation
 // SPDX-FileContributor: Wojciech Ozga <woz@zurich.ibm.com>, IBM Research - Zurich
 // SPDX-License-Identifier: Apache-2.0
-use crate::core::architecture::riscv::sbi::{SecurityMonitorInfo, SecurityMonitorState};
+use crate::core::architecture::riscv::sbi::TsmInfo;
 use crate::core::architecture::GeneralPurposeRegister;
 use crate::core::control_data::{ConfidentialVm, HypervisorHart};
 use crate::core::memory_layout::NonConfidentialMemoryAddress;
@@ -37,22 +37,24 @@ impl GetSecurityMonitorInfo {
     }
 
     fn fill_tsm_info_state(&self) -> Result<usize, Error> {
-        let info = SecurityMonitorInfo {
-            security_monitor_state: SecurityMonitorState::Ready,
-            security_monitor_version: self.get_version(),
+        let info = TsmInfo {
+            tsm_state: TsmInfo::COVE_TSM_STATE_READY,
+            tsm_impl_id: TsmInfo::COVE_TSM_IMPL_ACE,
+            tsm_version: self.get_version(),
+            tsm_capabilities: TsmInfo::COVE_TSM_CAP_PROMOTE_TVM | TsmInfo::COVE_TSM_CAP_ATTESTATION_LOCAL_MASK,
             state_pages: 0,
             max_vcpus: u64::try_from(ConfidentialVm::MAX_NUMBER_OF_HARTS_PER_VM).unwrap_or(0),
             vcpu_state_pages: 0,
         };
         // Check that the input arguments define a memory region in non-confidential memory that is large enough to store the
-        // `SecurityMonitorInfo` structure.
+        // `TsmInfo` structure.
         let ptr = NonConfidentialMemoryAddress::new(self.tsm_info_address as *mut usize)?;
         NonConfidentialMemoryAddress::new((self.tsm_info_address + self.tsm_info_len) as *mut usize)?;
-        ensure!(self.tsm_info_len >= core::mem::size_of::<SecurityMonitorInfo>(), Error::InvalidParameter())?;
+        ensure!(self.tsm_info_len >= core::mem::size_of::<TsmInfo>(), Error::InvalidParameter())?;
         // below unsafe operation is ok because pointer is a valid address in non-confidential memory, and we have enough space to write the
         // reponse.
-        unsafe { (ptr.as_ptr() as *mut SecurityMonitorInfo).write(info) };
-        Ok(core::mem::size_of::<SecurityMonitorInfo>())
+        unsafe { (ptr.as_ptr() as *mut TsmInfo).write(info) };
+        Ok(core::mem::size_of::<TsmInfo>())
     }
 
     fn get_version(&self) -> u32 {

security-monitor/src/non_confidential_flow/handlers/mod.rs

@@ -1,7 +1,7 @@
 // SPDX-FileCopyrightText: 2023 IBM Corporation
 // SPDX-FileContributor: Wojciech Ozga <woz@zurich.ibm.com>, IBM Research - Zurich
 // SPDX-License-Identifier: Apache-2.0
-pub mod cove_hypervisor_extension;
+pub mod cove_host_extension;
 pub mod nested_acceleration_extension;
 pub mod opensbi;
 pub mod supervisor_binary_interface;