A two-way isolation between Realm and RMM

[jinbpark]

A modern secure hypervisor offers a capability to isolate VM (Realm) from VMM (RMM) (i.e., host hyp can't corrupt guest) I think this capability gets really important in confidential computing.

If with memory encryption, it's trivial to get this capability, because, in AMD for example, all confidential VMs are encrypted with per-VM key that only hardware knows. And when the host hypervisor tries to access other VM's page, it's going to get decrypted by a mismatched key (host has a different key), achieving that kind of isolation.

However, when it comes to the CCA spec without memory encryption, it's still unclear to me how CCA offers this isolation at the platform level. (Maybe, without memory encryption, it doesn't offer such isolation? RMM spec doesn't state that clearly.) For example, through RSI_REALM_CONFIG, RMM can write something into Realm memory space, which can be viewed as breaking VM<->VMM isolation. (Actually, not that good example though)