From: Raymond Mao <raymondmaoca@gmail.com>
To: opensbi@lists.infradead.org
Cc: scott@riscstar.com, dave.patel@riscstar.com,
raymond.mao@riscstar.com, robin.randhawa@sifive.com,
samuel.holland@sifive.com, anup.patel@qti.qualcomm.com,
anuppate@qti.qualcomm.com, anup@brainfault.org,
dhaval@rivosinc.com, peter.lin@sifive.com
Subject: [RFC PATCH 0/3] Add QEMU virt WorldGuard support on top of HWISO
Date: Fri, 1 May 2026 14:33:43 -0400 [thread overview]
Message-ID: <20260501183346.1596027-1-raymondmaoca@gmail.com> (raw)
From: Raymond Mao <raymond.mao@riscstar.com>
This series adds an WorldGuard implementation for OpenSBI on top of
previous hardware-isolation framework (HWISO) RFC [1].
The goal is to let OpenSBI program platform WorldGuard checker state
at boot and reprogram WorldGuard hart state during domain transitions.
The current RFC targets the QEMU virt WorldGuard model on top of the
proposed generic HWISO hooks.
This series does the following:
1. Add the WorldGuard CSR definitions and hart extension flags needed
to detect support for MLWID, MWIDDELEG, and SLWID.
2. Document the HWISO/WorldGuard DT bindings and add a QEMU virt
overlay example for domain WID/WID list assignment and checker
permissions.
3. Add a QEMU virt WorldGuard HWISO mechanism that:
- parses checker topology and protected resource permissions from
DT
- programs wgChecker MMIO state at boot
- parses per-hart default WorldGuard execution state
- parses per-domain WorldGuard metadata
- reprograms MLWID, MWIDDELEG, and SLWID on domain transitions
[1] [RFC PATCH] sbi: add hardware isolation abstraction framework
https://lore.kernel.org/opensbi/20260317201849.903071-1-raymondmaoca@gmail.com/
Raymond Mao (3):
hart: add WorldGuard CSR IDs and hart extension flags
docs: document hwiso WorldGuard DT bindings and add QEMU overlay
example
platform: virt: add QEMU virt WorldGuard hwiso mechanism
docs/domain_support.md | 159 +++
include/sbi/riscv_encoding.h | 3 +
include/sbi/sbi_hart.h | 4 +
lib/sbi/sbi_hart.c | 2 +
platform/generic/include/qemu_virt_wg.h | 60 +
platform/generic/objects.mk | 1 +
platform/generic/platform.c | 11 +
.../generic/virt/qemu-virt-hwiso-overlay.dts | 120 ++
platform/generic/virt/qemu_virt_wgchecker.c | 1050 +++++++++++++++++
9 files changed, 1410 insertions(+)
create mode 100644 platform/generic/include/qemu_virt_wg.h
create mode 100644 platform/generic/virt/qemu-virt-hwiso-overlay.dts
create mode 100644 platform/generic/virt/qemu_virt_wgchecker.c
--
2.25.1
--
opensbi mailing list
opensbi@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/opensbi
next reply other threads:[~2026-05-01 18:34 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-01 18:33 Raymond Mao [this message]
2026-05-01 18:33 ` [RFC PATCH 1/3] hart: add WorldGuard CSR IDs and hart extension flags Raymond Mao
2026-05-01 18:33 ` [RFC PATCH 2/3] docs: document hwiso WorldGuard DT bindings and add QEMU overlay example Raymond Mao
2026-05-01 18:33 ` [RFC PATCH 3/3] platform: virt: add QEMU virt WorldGuard hwiso mechanism Raymond Mao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260501183346.1596027-1-raymondmaoca@gmail.com \
--to=raymondmaoca@gmail.com \
--cc=anup.patel@qti.qualcomm.com \
--cc=anup@brainfault.org \
--cc=anuppate@qti.qualcomm.com \
--cc=dave.patel@riscstar.com \
--cc=dhaval@rivosinc.com \
--cc=opensbi@lists.infradead.org \
--cc=peter.lin@sifive.com \
--cc=raymond.mao@riscstar.com \
--cc=robin.randhawa@sifive.com \
--cc=samuel.holland@sifive.com \
--cc=scott@riscstar.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox