TEE Device Interface Security Protocol (TDISP)

Virtualization-based Trusted Execution Environments (TEEs) are used to host confidential computing workloads that may be isolated from hosting environments, i.e., the VMM is not required to be trusted. Hereafter, such TEEs are referred to as Trusted Execution Environment VMs (TVMs) to distinguish them from traditional virtual machines. When a portion of a device (a “TEE Device Interface” (TDI) - the unit of direct assignment, e.g., a Virtual Function when using SR-IOV) is assigned to a TVM, it is necessary to establish and maintain a trusted execution environment for the composition. 

This document defines the TEE Device Interface Security Protocol (TDISP) - An architecture for trusted I/O virtualization providing the following functions:

1. Establishing a trust relationship between a TVM and a device.
2. Securing the interconnect between the host and device. 3. Attach and detach a TDI to a TVM in a trusted manner.

Builds upon the foundation provided by CMA/SPDM and IDE.