[RFC PATCH 00/12] Add RISC-V Worlds ISA support to OpenSBI

Yu-Chien Peter Lin peter.lin at sifive.com
Fri Jun 26 03:14:21 PDT 2026


This RFC patch series adds support for RISC-V Worlds ISA extensions,
enabling hardware-enforced isolation boundaries based on World IDs (WIDs)
by extending the OpenSBI domain framework.

Trust Model and Boot-time Roles
--------------------------------

The implementation follows the two-phase M-mode trust model:

- RoT M-mode phase: Prior boot stage (ROM/SPL) that may program mwid/
  mlwidlist and lock mwid before handing off to OpenSBI.

- Regular M-mode phase (OpenSBI): Treats pmwid/pmwidlist/pmlwidlist as
  read-only input policy from hardware/RoT. Locks mwid during feature
  detection to prevent later M-mode code from changing its own WID.
  Programs per-domain mlwid/mwiddeleg based on DT configuration.

Device Tree Bindings
---------------------

New CPU properties (per-hart):
- riscv,pmwid: Platform-defined M-mode World ID
- riscv,pmwidlist: M-mode permitted WID bitmap (u64, 2 cells)
- riscv,pmlwidlist: S/U-mode permitted WID bitmap (u64, 2 cells)

New domain properties (per-domain):
- next-wid: Override S-mode WID for this domain (u32, 1 cell)
- next-widlist: WID delegation bitmap for this domain (u64, 2 cells)

If a domain lacks next-wid, OpenSBI falls back to pmwid (M-mode and
S-mode run in the same World).

Example DT snippet:

    cpus {
        riscv,nworlds = <4>;
        cpu at 0 {
            riscv,pmwid = <3>;
            riscv,pmwidlist = <0x0 0xf>;
            riscv,pmlwidlist = <0x0 0xf>;
        };
    };

    chosen {
        opensbi-domains {
            trusted-domain {
                next-wid = <1>;
                next-widlist = <0x0 0x2>;
            };
            untrusted-domain {
                next-wid = <0>;
                next-widlist = <0x0 0x1>;
            };
        };
    };

Known Limitations and Future Work
----------------------------------

This RFC implements core functionality but has several areas requiring
refinement in the future revisions:

1. WID Validation:
   - Domain next-wid is NOT validated against pmlwidlist
   - Domain next-widlist is NOT validated as subset of pmlwidlist
   - Invalid WID configuration fails at runtime with software-check
     exceptions rather than at domain registration time
   - Planned: Add validation in sanitize_domain() to catch errors early

2. Resume Path mwid Restoration:
   - Current implementation only re-locks mwid on resume, assuming RoT
     has already restored the correct WID value
   - No mechanism to verify or actively restore mwid to RoT-defined value

Specification References
-------------------------

- RISC-V Worlds ISA Spec: https://github.com/riscv/riscv-worlds
  (Release: riscv-isa-release-4c81a3f-2026-04-14)
- Device Tree Proposal: https://lore.kernel.org/all/20260619105834.1277302-1-peter.lin@sifive.com/

Yu-Chien Peter Lin (12):
  lib: sbi_hart: detect RISC-V Worlds ISA extensions
  lib: utils: fdt_helper: parse RISC-V Worlds DT properties
  lib: sbi_hart: enforce riscv,pmwid for Worlds ISA
  lib: sbi_hart: lock mwid CSR for RoT immutability
  include: sbi_domain: add Worlds WID fields
  include: sbi_types: add PRIx64 format macro
  lib: sbi_domain: print World ID config at boot
  lib: sbi_init: print M-mode World ID at boot
  platform: generic: parse root domain WID config from DT
  lib: utils: fdt_domain: parse per-domain WID properties
  lib: sbi_domain: add Worlds CSR config on domain entry
  docs: add RISC-V Worlds next-wid/next-widlist DT properties

 docs/domain_support.md             | 13 ++++++
 docs/opensbi_config.md             | 13 ++++++
 include/sbi/riscv_encoding.h       | 12 +++++
 include/sbi/sbi_domain.h           |  9 ++++
 include/sbi/sbi_hart.h             | 25 +++++++++++
 include/sbi/sbi_types.h            |  2 +
 include/sbi_utils/fdt/fdt_helper.h |  2 +
 lib/sbi/sbi_domain.c               | 50 +++++++++++++++++++++
 lib/sbi/sbi_domain_context.c       |  3 ++
 lib/sbi/sbi_hart.c                 | 71 ++++++++++++++++++++++++++++++
 lib/sbi/sbi_hsm.c                  |  4 ++
 lib/sbi/sbi_init.c                 | 13 ++++++
 lib/utils/fdt/fdt_domain.c         | 15 +++++++
 lib/utils/fdt/fdt_helper.c         | 61 +++++++++++++++++++++++++
 platform/generic/platform.c        | 33 +++++++++++++-
 15 files changed, 324 insertions(+), 2 deletions(-)

-- 
2.43.7




More information about the opensbi mailing list