v2? cgp as SCR #43
Labels
maybe-v2
Tracking issues for possible changes for an ISAv2
Comments
|
Readers should note the similarity with the Zstid proposal from the RISC-V CHERI standardization effort. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right now, CGP is just an ISA name for one of the GPRs reachable by all register selectors. We have contemplated instead converting it to a SCR. That SCR would likely be ambiently readable, via
AUICGPas well as the existing SCR access instructions, but would require ASR to modify, restricting modification to the TCB switcher.1 As we already consider library code as running within the calling compartment,2 this does not change the security model.The effect on code density should be investigated: does freeing up a GPR eliminate enough spills to offset the cost of fetching CGP via AUICGP in all cases?
Footnotes
Requiring ASR to modify means that a compartment and the libraries it calls cannot foul up its CGP. The switcher could also rely on the constancy of this SCR outside itself, but it's not clear that there would be significant gains. ↩
Though the fast unsealer and perhaps other "privileged libraries" blur the text here, as they manipulate secrets not exposed to the calling compartment. ↩
The text was updated successfully, but these errors were encountered: