Arm Confidential Computing Architecture (CCA) executes sensitive computation in an abstraction called realm VMs and protects it from the hypervisor, host OS, and other co-resident VMs. However, CCA does not allow integrated devices on the platform to access realm VMs and doing so requires intrusive changes to software and is simply not possible to achieve securely for some devices. In this paper, we present Devlore which allows realm VMs to directly access integrated peripherals. Devlore memory isolation re-purposes CCA hardware primitives (granule protection and stage-two page tables), while our interrupt isolation adapts a delegate-but-check strategy. Our choice of offloading interrupt management to the hypervisor but adding correctness checks in the trusted software allows Devlore to preserve compatibility and performance. We evaluate Devlore on Arm FVP to demonstrate 5 diverse peripherals attached to realm VMs.

翻译：Arm机密计算架构（CCA）在称为领域虚拟机（realm VM）的抽象中执行敏感计算，并保护其免受虚拟机监控器（hypervisor）、主机操作系统及其他共存虚拟机的干扰。然而，CCA不允许平台上的集成设备访问领域虚拟机，实现此类访问需要对软件进行侵入式修改，且对于某些设备而言根本无法安全实现。本文提出Devlore，使得领域虚拟机能够直接访问集成外设。Devlore的内存隔离机制重新利用了CCA硬件原语（颗粒保护与二级页表），而其中断隔离则采用了一种委托但验证的策略。我们选择将中断管理卸载至虚拟机监控器，但在可信软件中添加正确性检查，这使得Devlore能够保持兼容性与性能。我们在Arm FVP平台上对Devlore进行评估，展示了五种不同的外设成功接入领域虚拟机。