Devlore: Extending Arm CCA to Integrated Devices A Journey Beyond Memory to Interrupt Isolation
Abstract
Arm Confidential Computing Architecture (CCA) executes sensitive computation in an abstraction called realm VMs and protects it from the hypervisor, host OS, and other co-resident VMs. However, CCA does not allow integrated devices on the platform to access realm VMs and doing so requires intrusive changes to software and is simply not possible to achieve securely for some devices. In this paper, we present Devlore which allows realm VMs to directly access integrated peripherals. Devlore memory isolation re-purposes CCA hardware primitives (granule protection and stage-two page tables), while our interrupt isolation adapts a delegate-but-check strategy. Our choice of offloading interrupt management to the hypervisor but adding correctness checks in the trusted software allows Devlore to preserve compatibility and performance. We evaluate Devlore on Arm FVP to demonstrate 5 diverse peripherals attached to realm VMs.
- Publication:
-
arXiv e-prints
- Pub Date:
- August 2024
- DOI:
- arXiv:
- arXiv:2408.05835
- Bibcode:
- 2024arXiv240805835B
- Keywords:
-
- Computer Science - Cryptography and Security