[RFC PATCH 04/12] lib: sbi_hart: lock mwid CSR for RoT immutability
Yu-Chien Peter Lin
peter.lin at sifive.com
Fri Jun 26 03:14:25 PDT 2026
Lock the M-mode World ID (mwid) CSR during hart re-initialization to
enforce immutability of the WID established by the root-of-trust.
OpenSBI does not assign the WID value itself; it only sets MWID_LOCK
to freeze the value established by prior RoT stage. The MWID_LOCK bit
at XLEN-1 is sticky and makes the CSR read-only until reset, enforcing
a temporal security boundary per the RISC-V Worlds specification.
Signed-off-by: Yu-Chien Peter Lin <peter.lin at sifive.com>
---
lib/sbi/sbi_hart.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/lib/sbi/sbi_hart.c b/lib/sbi/sbi_hart.c
index cb0c66ea..4fbe46d7 100644
--- a/lib/sbi/sbi_hart.c
+++ b/lib/sbi/sbi_hart.c
@@ -804,6 +804,13 @@ int sbi_hart_reinit(struct sbi_scratch *scratch)
if (rc)
return rc;
+ /*
+ * Assume MWID is restored by root-of-trust M-mode in previous
+ * stage. Lock mwid so RoT-defined WID remains immutable.
+ */
+ if (sbi_hart_has_extension(scratch, SBI_HART_EXT_SMWID))
+ csr_set(CSR_MWID, MWID_LOCK);
+
return 0;
}
--
2.43.7
More information about the opensbi
mailing list