The following normative architecture extensions are defined.
-
Smsdid
([Smsdid]) - An interface to program the active supervisor domain under which a hart is operating. This is a dynamic control state on the hart that is held in an M-mode CSR and modifiable by the RDSM via CSR r/w instructions - herewith called thesupervisor domain identifier
assigned to the hart. The SDID is a local identifier for the hart and may be used to tag hart-local resources to access-control data associated with the supervisor domain. The supervisor domain identifier is independent from the hart privilege levels and is held in a M-mode CSR. This extension may be used independently or may be combined with other extensions in this specification. -
Smmpt
([Smmpt]) - An extension to set the access permissions for a memory region or page associated with a supervisor domain. This extension allows for dynamic changes of access permission. Such dynamic changes may require flushing of appropriate state cached in harts. The access properties are programmed via an Machine-level Memory Protection Tables (MPT) structure. The physical page number (PPN) of the root table of the MPT is programmed into a M-mode CSR. WhenSmmpt
is implemented, MPT and e(PMP) are always active. Although there is no option to disable MPT, it can be effectively disabled if granular memory access control is not required by configuring MPT mode to beBare
. -
IO-MPT
([IO-MPT]) - A non-ISA extension that enables programming of an IO interconnect to associate an IOMMU and devices in scope of that IOMMU with an SD. The assignment of IOMMUs to supervisor domains is also expected to be under the purview of the RDSM. IO-MPT extension specifies the memory access control mechanisms for memory accesses performed by the IOMMU as well as by the devices associated with that SD. Note that isolation of data within a device is out of scope of this specification. -
Smsdia
([Smsdia]) - This extension enables assignment of IMSIC interrupt file(s) or an APLIC domain to a supervisor domain. The extension also provides CSRs to allow M-mode software to retain control on notification of interrupts when Supervisor domains are enabled. -
Smsdedbg
([Smsdedbg]) - This extension provides the controls to indicate if external debug is allowed for a supervisor domain. Whether external debug is authorized or not is expected to be done via a root of trust (RoT) and is outside the scope of this specification. -
Smsdetrc
([Smsdetrc]) - This extension provides the controls to indicate if external trace is allowed for a supervisor domain. Whether external trace is authorized or not is expected to be done via a root of trust (RoT) and is outside the scope of this specification. -
Smsqosid
and CBQRI for Supervisor Domains ([Smsdqos]) - This extension provides an interface for the RDSM to enforce that resource accesses from a supervisor domain or the RDSM must not be observable by entities that are not within their TCB using the resource usage monitors. Similarly, the resource allocations for a supervisor domain or the RDSM must not be influenced by entities outside their TCB.