This document outlines the plan to ratify a RISC-V Specification, establishing a solid foundation and clear expectations for the entire specification development lifecycle. The timeline set here will serve as a reference to monitor progress and ensure milestones are met. Investing in a well-prepared plan promotes effective communication, enhances collaboration, and streamlines the process.

About

Specification Name: Worldguard ISA extension
Task Group: Fast Track
Task Group Charter: N/A
Spec Jira: RVS-2940: WorldGuardSpecification in Planning

Background

The purpose of this extension is to provide software isolation in a hardware platform by constraining access to system physical addresses.

WorldGuard provides Worlds, uniquely identified by a hardware World Identifier (WID), which are execution contexts that include agents (such as harts and devices) that can initiate a transaction on a physical address within a world, and resources (such as memories and peripheral devices) that respond to transactions at a physical address within a world. Worlds are created and configured by a trusted execution environment, usually at system boot time.

Overview

Harts that support WorldGuard associate a WID with all memory accesses initiated by that hart. The WorldGuard extensions allow different privilege modes on a hart to be tagged with different WIDs.
There are three levels of WG support on RISC-V harts.
- The first level does not require an ISA extension and fixes the WID for all privilege modes on a hart.
- The second level is the Smwg extension, which enables M-mode to control the WID of lower-privilege modes.
- The third level is the Smwgd extension, which further enables M-mode to delegate to [H]S-mode the ability to assign the WID of lower-privilege modes, thereby adding the Sswg extension to [H]S-mode.

Stakeholders Identification

Privilege IC
Security HC

References: Active Groups and Specifications Under Development

Design Considerations

The proposed WorldGuard Smwg, Smwgd, and Sswg extensions allow a hart to assign WIDs to its privilege modes. Three new CSRs are added.

Proposed spec for reference.

Proof-of-Concept and Tests

Proof-of-Concept: SiFive implements the spec (already done in FPGA and silicon).

Software support: Trusted OS (ProvenCore), TEE (ProvenRun), Keystone (WG support in security monitor)

Simulator support: QEMU, Spike, Sail

Tests:

Software Ecosystem Impacts

Impact is on isolation of software execution contexts at platform level.

Firmware for security monitors
Operating systems like REE/TEE
Hypervisors: WG enables Hypervisors to isolate Virtual Machines.

Freeze Checklists

Select one of the options below (ISA or NON-ISA) and complete the table with the required information.

Item	Description	Plan	Resources

Item	Description	Plan	Resources
Opcode	Enough opcode encoding to support GCC.	Allocation of CSRs - Done	Andrew W.
Simulator	Enough simulator support so that basic RISC-V tests can be run. See the policy for more details.	Planned - QEMU	SiFive
psABI	ABI extensions (if necessary)	N/A
GCC	Support on GCC (optimizations not required)	Planned - Need to add CSR names to assembler	SiFive
LLVM	Support on LLVM (optimizations not required)	Planned - Need to add CSR names to assembler	SiFive
RISC-V Test Input	Test configuration input (YAML schema & values, Test Coverage YAML rules, see the policy)	Planned	SiFive
RISC-V Tests	Basic tests that do not cover corner cases. See the policy for more details.	Planned	SiFive
RISC-V SAIL	Enablement of the new specification/extension as part of the RISC-V SAIL Golden Model.	Planned	SiFive

Key Milestones

To define you plan milestone dates, please use the RISC-V Spec Plan Editor.

Milestone	Date

Milestone	Date
Plan Approval	Apr 8, 2025
Internal Review Start	May 12, 2025
ARC Review Freeze Request	Jun 20, 2025
Freeze	Aug 4, 2025
Public Review Start	Aug 5, 2025
TSC Ratification Approval	Sep 24, 2025
BoD Ratification Approval	Oct 29, 2025

Privileged Spec

Worldguard