Skip to content

VirtIO–SCMI Based Controlled SoC Resource Access for Non-Root VMs #231

New issue
New issue
Open
Open
VirtIO–SCMI Based Controlled SoC Resource Access for Non-Root VMs#231
Labels
featureNew feature or requestsecuritysecurity related
@Inquisitor-201

Description

@Inquisitor-201
Inquisitor-201
opened on Dec 18, 2025

Current hvisor passthrough works for MMIO/IRQ/IOMMU, but non-root VMs on SoCs (ARM/RISC-V) often fail device init due to lack of controlled access to platform resources (clock, reset, power).

Proposed Feature:

  • Implement a VirtIO–SCMI forwarding mechanism: non-root VMs request platform resources via VirtIO, routed through hvisor to root Linux.
  • Keep hvisor lightweight: only forward messages and enforce isolation.
  • Root Linux handles actual resource operations via CCF, Reset Controller, genpd.
  • Provide non-root VMs with secure, portable access to platform resources to enable proper device initialization.

Benefits:

  • Improve device passthrough usability in embedded/edge SoCs.
  • Keep hypervisor TCB minimal.
  • Standardized, maintainable solution leveraging SCMI & VirtIO.

Notes / Considerations:

  • Focus on end-to-end prototype first (RK3588 or similar SoC).
  • Evaluate functional correctness, security isolation, and overhead.

Metadata

Metadata

Assignees

No one assigned

    Labels

    featureNew feature or requestsecuritysecurity related

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions