Skip to content

0.7.3 msu update #109

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 32 commits into
base: main
Choose a base branch
from
Open

0.7.3 msu update #109

wants to merge 32 commits into from

Conversation

@joxie
Copy link
Collaborator

@joxie joxie commented Sep 5, 2025

This pull request introduces significant updates and clarifications to the Sdsec (ISA extension) documentation for RISC-V, focusing on privilege-based debug and trace control. The changes expand and clarify the specification, introduce new configuration tables, and provide detailed descriptions of privilege levels, debug access, and control registers. Additionally, contributor acknowledgments and documentation resources have been updated.

Major documentation improvements and clarifications:

Extension overview and privilege-based debug control

  • Expanded the introduction to the Sdsec extension, clarifying its security enhancements, mandatory and optional controls for different privilege modes (M/S/VS/U), and added summary tables for debug/trace controls and valid implementation combinations.

Privilege and debug access model

  • Added detailed explanations and tables for determining the "debug access privilege" and the "maximum allowed resume privilege mode," with explicit field mappings and behavioral descriptions for privilege transitions and debug mode entry.
  • Clarified the impact of the mdbgen state on debug mode entry, halt requests, trigger behavior, and single-stepping, including behavior when transitioning between privilege modes.

Optional extension controls and memory access

  • Provided explicit descriptions for S-mode (Smsdedbg), VS-mode (Smvsdedbg), and U-mode (Smudedbg) debug controls, including how each extension manages privilege and access.
  • Clarified how the DMPRV field in various CSRs (sdcsr, vsdcsr) modifies the effective debug access privilege for memory operations in debug mode, and added a detailed table for the DMPRV field. [1] [2]

Contributor and resource updates

  • Added new contributors to the contributors.adoc file.
  • Updated the documentation subproject reference in docs-resources.

These changes provide a more robust, clear, and comprehensive specification for the Sdsec extension and its related privilege and debug control mechanisms.

joxie and others added 5 commits September 1, 2025 18:15
@joxie
Update contributors and enhance debug control documentation
a373fed 
- Added Erik Kraft and Thomas Roecker to the contributors list.
- Expanded the documentation on S-mode, VS-mode, and U-mode debug control, detailing the new fields introduced by the Smsdedbg and Smvsdedbg extensions.
- Clarified the maximum allowed privilege mode and debug access privilege configurations in the sdsec.adoc file.
- Updated the external-debug-security.pdf to reflect changes in the documentation.
@AoteJin
- Add the overview description of sdsec and its optional extensions
2f797d8
@AoteJin
- reorg the overview for sdsec
3833f76
@AoteJin
- Re-org M-mode control subsection
6060a69
@AoteJin
- Update the M-mode control
d381be7
joxie
joxie commented Sep 5, 2025
View reviewed changes
joxie
joxie commented Sep 5, 2025
View reviewed changes
joxie
joxie commented Sep 6, 2025
View reviewed changes
joxie
joxie commented Sep 6, 2025
View reviewed changes
gagachang
gagachang reviewed Sep 8, 2025
View reviewed changes
pdonahue-ventana
pdonahue-ventana reviewed Sep 10, 2025
View reviewed changes
sdsec.adoc Outdated
| 1 | Don't care | Don't care | Don't care | M-Mode
| 0 | 1 | Don't care | Dont care | S/HS-Mode
| 0 | 0 | 1 | Don't care | VS-Mode
| 0 | 0 | 0 | 1 | U/VU-Mode
Copy link
Contributor

@pdonahue-ventana pdonahue-ventana Sep 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Imagine that an external debugger is debugging a VU-mode process inside a guest VM. Does this line mean that the external debugger can change the V bit and break out of that VM and into a U mode process that's running directly under the hypervisor?

Copy link
Collaborator

@AoteJin AoteJin Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The text below mandates that when the VS/VU is allowed for debugging, the external debugger cannot modify the V bit, and the debug scope is contained within VM. Do you think it solves the issue?

Copy link
Collaborator Author

@joxie joxie Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pdonahue-ventana are you okay to resolve this comment now?

eknxp
eknxp reviewed Oct 6, 2025
View reviewed changes
sdsec.adoc Outdated
[[Sdseccsr]]
=== Debug Control CSR

The CSR `msdcfg`, which holds the debug and trace control fields (<<dbgctlcsr>>), is defined in the RISC-V Supervisor Domains Access Protection specification cite:[smmtt]. The Smsdedbg and/or Smsdetrc extensions must be implemented to support security control for debugging and/or tracing in the corresponding privilege modes.
Copy link

@eknxp eknxp Oct 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems that the debug and trace control fields were renamed in the "RISC-V Supervisor Domains Access Protection" specification (e.g., SDEDBGALW to SEDA). Further, the control bits for the lower levels anyway do not exist there. I think it would be cleaner if the CSR and necessary fields for external debug and trace access control would be defined in this specification (with the new optional extensions it covers more use cases then supervisor domains). The "RISC-V Supervisor Domains Access Protection" specification could then just refer to the extension it requires and link the related control bits with msdcfg.{SEDA,SETA}.

@eknxp
Copy link

eknxp commented Oct 6, 2025

I read through the specification and noticed some other parts that should be updated to reflect the optional debug access control extensions:

  • Introduction: Only mentions debug access control for supervisor domains, but not lower privilege levels.
  • 4.6 System Bus Access: I think the info box should be rewritten so that it covers the new debug access privileges.
  • Appendix A: Text and figures, especially the paragraph "Application-level debugging is primarily accomplished through self-hosted debugging, allowing the management of debug policies by supervisor domains. As a result, user-level debugging management is not addressed within this extension." should be removed.

joxie
joxie commented Oct 20, 2025
View reviewed changes
joxie
joxie commented Oct 20, 2025
View reviewed changes
joxie
joxie commented Oct 20, 2025
View reviewed changes
joxie
joxie commented Oct 20, 2025
View reviewed changes
@AoteJin AoteJin closed this Nov 3, 2025
@AoteJin AoteJin reopened this Nov 3, 2025
@AoteJin
Copy link
Collaborator

AoteJin commented Nov 3, 2025

I read through the specification and noticed some other parts that should be updated to reflect the optional debug access control extensions:

  • Introduction: Only mentions debug access control for supervisor domains, but not lower privilege levels.
  • 4.6 System Bus Access: I think the info box should be rewritten so that it covers the new debug access privileges.
  • Appendix A: Text and figures, especially the paragraph "Application-level debugging is primarily accomplished through self-hosted debugging, allowing the management of debug policies by supervisor domains. As a result, user-level debugging management is not addressed within this extension." should be removed.

The introduction and SBA part are updated. I left the appendix untouched and will update it when the spec become stabilized.

@AoteJin AoteJin mentioned this pull request Nov 19, 2025
Closed
@joxie joxie marked this pull request as ready for review November 21, 2025 00:47
AoteJin and others added 5 commits November 21, 2025 17:08
@AoteJin
- proofread and fix inaccurate descriptions
33f93f8
@AoteJin
- Fix the table format
a9ee235
@joxie
- Refine language for clarity and consistency in the Debug Module Sec…
0bdd573 
…urity Extension documentation.

- Adjust descriptions for debug and trace control fields to enhance readability and precision.
- Ensure proper formatting and grammatical accuracy throughout the document.
@AoteJin
- fix the fields honored when DMPRV is 1
ce8de0e 
- fix typo
@joxie
Clarify conditions for debug and trace control fields in the Sdsec do…
bfd7498 
…cumentation. Update descriptions for `SDEDBGALW`, `VSEDBGALW`, `USEDBGALW`, `SDETRCALW`, `VSETRCALW`, and `USETRCALW` to specify that they only take effect when certain conditions are met, enhancing accuracy and readability.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AoteJin AoteJin AoteJin left review comments

+3 more reviewers

@gagachang gagachang gagachang left review comments

@pdonahue-ventana pdonahue-ventana pdonahue-ventana left review comments

@eknxp eknxp eknxp left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@joxie @eknxp @AoteJin @gagachang @pdonahue-ventana