diff --git a/bibliography.adoc b/bibliography.adoc index 8eda84a..4cc3eb7 100644 --- a/bibliography.adoc +++ b/bibliography.adoc @@ -1,17 +1,4 @@ [bibliography] == Bibliography -* [[[R1,1]]] The RISC-V Instruction Set Manual Volume II: Privileged -Architecture Document Version 20211203 -(https://drive.google.com/file/d/1EMip5dZlnypTk7pt4WWUKmtjUKTOkBqh/view[link]) - -* [[[R2,2]]] Common Terminology for Confidential Computing - Whitepaper, -Accessed July 10, 2023 -(https://confidentialcomputing.io/wp-content/uploads/sites/10/2023/03/Common-Terminology-for-Confidential-Computing.pdf[link]) - -* [[[R3,3]]] RISC-V Advanced Interrupt Architecture 1.0 -(https://github.com/riscv/riscv-aia/releases/download/1.0/riscv-interrupts-1.0.pdf[link]) - -* [[[R4,4]]] RISC-V Confidential VM Extension (CoVE) - Draft specification -(https://github.com/riscv-non-isa/riscv-ap-tee/blob/main/specification/riscv-cove.pdf[link]) - +bibliography::[] diff --git a/chapter2.adoc b/chapter2.adoc index 9810c9b..4e5e67b 100644 --- a/chapter2.adoc +++ b/chapter2.adoc @@ -151,7 +151,7 @@ during the transition between domain assignment settings. This transitory state should not be visible to lower privilege levels (i.e. supervisor domains). There are also security aspects to be considered during (re)configuration, e.g., clearing memory used by the current SD before -assigning it to another SD. Refer to the RISC-V CoVE <> ABI and threat +assigning it to another SD. Refer to the RISC-V CoVE cite:[CoVE] ABI and threat model as a reference. A hart/device may perform accesses to memory exclusively accessible to it's diff --git a/chapter8.adoc b/chapter8.adoc index 29a3878..9dde0cd 100644 --- a/chapter8.adoc +++ b/chapter8.adoc @@ -3,8 +3,8 @@ == `Smsdedbg`: Supervisor Domain External Debug The <> CSR contains the `sdedbgalw` bit that controls whether the -current scheduled SD is allowed to be external-debugged. This bit is context -switched (along with rest of the `msdcfg`) per SD. +current scheduled SD is allowed to be external-debugged cite:[ExtDbg]. This bit +is context switched (along with rest of the `msdcfg`) per SD. === `Smsdedbg` interaction with external debug security controls (Informative) diff --git a/example.bib b/example.bib index 6ebb7a5..0844807 100644 --- a/example.bib +++ b/example.bib @@ -1,4 +1,25 @@ + +@electronic{ISA, + title = {The RISC-V Instruction Set Manual Vol. II: Privileged Architecture}, + url = {https://github.com/riscv/riscv-isa-manual} +} + +@electronic{CCC, + title = {Common Terminology for Confidential Computing}, + url = {https://confidentialcomputing.io/wp-content/uploads/sites/10/2023/03/Common-Terminology-for-Confidential-Computing.pdf} +} + +@electronic{CoVE, + title = {RISC-V Confidential VM Extension}, + url = {https://github.com/riscv-non-isa/riscv-ap-tee} +} + @electronic{AIA, title = {RISC-V Advanced Interrupt Architecture}, url = {https://github.com/riscv/riscv-aia} } + +@electronic{ExtDbg, + title = {RISC-V Debug Specification}, + url = {https://github.com/riscv/riscv-debug-spec} +} diff --git a/intro.adoc b/intro.adoc index ecd983e..1dadcd5 100644 --- a/intro.adoc +++ b/intro.adoc @@ -2,7 +2,7 @@ == Introduction -RISC-V privileged architecture <> defines mode for execution of supervisor +RISC-V privileged architecture cite:[ISA] defines execution mode for supervisor software called S-mode. S-mode software may optionally enable Hypervisor extension to host virtual machines. Typically, there is a single supervisor domain of execution with access to all physical memory. This document describes @@ -48,7 +48,7 @@ supervisor domain, here referred to as the Supervisor Domain Security Manager (SDSM). A key goal of using multiple domains is to be able to reduce the common TCB -across domains, and should enable the attestation <> of each domain +across domains, and should enable the attestation cite:[CCC] of each domain independently from other domains. Sensitive data may be entrusted to a particular domain after verifying the trust properties statically (via boot) or dynamically (via attestation). These trust properties are established as part @@ -62,7 +62,7 @@ be used are: * A trusted execution environment domain that isolates security services/applications. -* A confidential computing <> domain which enforces confidentiality and +* A confidential computing cite:[CCC] domain which enforces confidentiality and integrity for workload data-in-use from the host/untrusted hypervisor, along with attestation of the TCB. * A host (operator) domain that manages resources on the platform, and may