IOPMP

References:

Proposal Overview

“The block is designed to filter requests to memory and peripherals”

“Requests are checked on the basis of request address (and size) and the request source ID (SID)”

Possible usage scenarios:

  • filtering the CPU requests when the CPU PMP managed by OS or hypervisor is not trusted;
  • filtering the DMA requests when the IOMMU settings managed by hypervisor are not trusted;
  • filtering all the requests to memory or peripheral device.

Proposed Features

  1. Base IOPMP function

  2. SID entry point: iopmp rule number that the checking start from.

    • always start from 0 if not implemented;
    • help to reduce the number of rule checks.

  3. Rule masking

  4. Jump rule

  5. Flexible unclock control

  6. Strong ordering

  7. Boot access

More

Created Feb 7, 2022 // Last Updated Feb 7, 2022

If you could revise
the fundmental principles of
computer system design
to improve security...

... what would you change?