From: Dan Williams <dan.j.williams@intel.com>
To: linux-coco@lists.linux.dev
Cc: Tom Lendacky <thomas.lendacky@amd.com>,
Bjorn Helgaas <bhelgaas@google.com>,
Xu Yilun <yilun.xu@linux.intel.com>,
Xiaoyao Li <xiaoyao.li@intel.com>,
Samuel Ortiz <sameo@rivosinc.com>, Lukas Wunner <lukas@wunner.de>,
Wu Hao <hao.wu@intel.com>,
Isaku Yamahata <isaku.yamahata@intel.com>,
Yilun Xu <yilun.xu@intel.com>, Alexey Kardashevskiy <aik@amd.com>,
John Allen <john.allen@amd.com>,
bhelgaas@google.com, kevin.tian@intel.com,
gregkh@linuxfoundation.org, linux-pci@vger.kernel.org,
lukas@wunner.de
Subject: [RFC PATCH v2 0/6] Towards a shared TSM sysfs-ABI for Confidential Computing
Date: Fri, 12 Apr 2024 01:51:43 -0700 [thread overview]
Message-ID: <171291190324.3532867.13480405752065082171.stgit@dwillia2-xfh.jf.intel.com> (raw)
Here is a revised attempt at creating a shared sysfs-ABI for the concept
of a TSM (TEE Security Manager) as described by PCIe TDISP (PCIe 6.2
Section 11 TEE Device Interface Security Protocol). It remains an RFC
until at least one vendor (Intel, AMD, Rivos...) completes integration
with their low level TSM driver. I am actively working on that with Hao
Wu and Yilun Xu, but if another vendor adopts this before us, great.
Changes since v1: [1]
* Major simplifications:
* Drop the 'struct pci_tsm_req' concept (Yilun), but keep a common
@exec entry point from the PCI core to the low level driver.
* Drop Link IDE and related sysfs attributes (Alexey). This
sophistication may come back later, but no need to tackle that
complexity now.
* Move policy choice of requiring native CMA before TSM connection
to userspace policy. This removes the need to build on top of the
moving CMA baseline, and these series can now be considered on
indpendent timelines.
* Create a guest/ vs host/ split in drivers/virt/coco/ (Sathya)
* Require a parent device for the common TSM class device (Jonathan)
* Create a 'tdx' virtual bus and 'tdx_tsm' device to parent the TSM
class device
* Create a 'tdx_tsm' for the low-level TDX calls
* Rebase on v6.9-rc1 that includes a DEFINE_SYSFS_GROUP_VISIBLE()
* Cleanup usage of __free() to match the proposed style guide [2]
(Jonathan)
* Cleanup, clarifications, and fixes (Kevin)
* Improve the cover letter prose below (Bjorn, Kevin)
[1]: http://lore.kernel.org/r/170660662589.224441.11503798303914595072.stgit@dwillia2-xfh.jf.intel.com
[2]: http://lore.kernel.org/r/171140738438.1574931.15717256954707430472.stgit@dwillia2-xfh.jf.intel.com
Confidential Computing (CC) introduces the concept of hardware protected
(integrity and confidentiality) guest private memory. The next phase of
that journey is private memory access for guest assigned devices. To
date, assigned devices for CC guests are constrained to accessing shared
memory, unprotected clear-text memory. That mode incurs a bounce buffer
performance penalty as every DMA (direct-memory-access) performed by the
device must be later copied from shared-to-private memory for
device-write and private-to-shared copies for device-reads.
The PCIe TEE Device Interface Security Protocol (TDISP) arranges for
devices to be permitted to DMA to private memory directly, but it
requires significant infrastructure to authenticate, validate, and
provision a virtual-device interface to be used in CC guest.
TDISP specifies a TEE Security Manager (TSM) as a platform agent that
can manage the IOMMU, PCI host, and endpoint Device Security Manager
capabilities to convert an guest assigned device (physical function or
sriov-virtual function) into private mode operation.
What follows is common shared infrastructure for the PCI core to
interface with the platform TSM and a TDX as an example low level
consumer of these core capabilities.
Enable the PCI core to export a "connect" verb via sysfs for a given
device which, when the low level platform implementation is added,
arranges for the device to be authenticated and its link protected by
encryption and integrity checks.
---
Dan Williams (6):
configfs-tsm: Namespace TSM report symbols
coco/guest: Move shared guest CC infrastructure to drivers/virt/coco/guest/
x86/tdx: Introduce a "tdx" subsystem and "tsm" device
coco/tsm: Introduce a class device for TEE Security Managers
PCI/TSM: Authenticate devices via platform TSM
tdx_tsm: TEE Security Manager driver for TDX
Documentation/ABI/testing/sysfs-bus-pci | 46 +++++
MAINTAINERS | 7 +
arch/x86/include/asm/shared/tdx.h | 3
arch/x86/virt/vmx/tdx/tdx.c | 70 ++++++++
drivers/pci/Kconfig | 13 +
drivers/pci/Makefile | 2
drivers/pci/pci-sysfs.c | 4
drivers/pci/pci.h | 10 +
drivers/pci/probe.c | 1
drivers/pci/remove.c | 1
drivers/pci/tsm.c | 270 +++++++++++++++++++++++++++++++
drivers/virt/coco/Kconfig | 8 -
drivers/virt/coco/Makefile | 3
drivers/virt/coco/guest/Kconfig | 7 +
drivers/virt/coco/guest/Makefile | 2
drivers/virt/coco/guest/tsm_report.c | 32 ++--
drivers/virt/coco/host/Kconfig | 12 +
drivers/virt/coco/host/Makefile | 8 +
drivers/virt/coco/host/tdx_tsm.c | 68 ++++++++
drivers/virt/coco/host/tsm-core.c | 131 +++++++++++++++
drivers/virt/coco/sev-guest/sev-guest.c | 8 -
drivers/virt/coco/tdx-guest/tdx-guest.c | 8 -
include/linux/pci-tsm.h | 80 +++++++++
include/linux/pci.h | 11 +
include/linux/tsm.h | 31 ++--
include/uapi/linux/pci_regs.h | 4
26 files changed, 795 insertions(+), 45 deletions(-)
create mode 100644 drivers/pci/tsm.c
create mode 100644 drivers/virt/coco/guest/Kconfig
create mode 100644 drivers/virt/coco/guest/Makefile
rename drivers/virt/coco/{tsm.c => guest/tsm_report.c} (92%)
create mode 100644 drivers/virt/coco/host/Kconfig
create mode 100644 drivers/virt/coco/host/Makefile
create mode 100644 drivers/virt/coco/host/tdx_tsm.c
create mode 100644 drivers/virt/coco/host/tsm-core.c
create mode 100644 include/linux/pci-tsm.h
base-commit: 4cece764965020c22cff7665b18a012006359095
next reply other threads:[~2024-04-12 8:51 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-12 8:51 Dan Williams [this message]
2024-04-12 8:51 ` [RFC PATCH v2 1/6] configfs-tsm: Namespace TSM report symbols Dan Williams
2024-04-12 8:51 ` [RFC PATCH v2 2/6] coco/guest: Move shared guest CC infrastructure to drivers/virt/coco/guest/ Dan Williams
2024-04-12 8:52 ` [RFC PATCH v2 3/6] x86/tdx: Introduce a "tdx" subsystem and "tsm" device Dan Williams
2024-04-12 8:52 ` [RFC PATCH v2 4/6] coco/tsm: Introduce a class device for TEE Security Managers Dan Williams
2024-04-12 8:52 ` [RFC PATCH v2 5/6] PCI/TSM: Authenticate devices via platform TSM Dan Williams
2024-04-13 3:14 ` kernel test robot
2024-04-13 7:34 ` kernel test robot
2024-04-13 11:11 ` kernel test robot
2024-04-19 22:07 ` Bjorn Helgaas
2024-04-27 1:27 ` Dan Williams
2024-04-22 2:21 ` Alexey Kardashevskiy
2024-04-27 2:58 ` Dan Williams
2024-05-06 15:14 ` Xu Yilun
2024-05-07 18:21 ` Dan Williams
2024-05-08 2:21 ` Xu Yilun
2024-05-07 8:46 ` Xu Yilun
2024-05-07 18:28 ` Dan Williams
2024-04-12 8:52 ` [RFC PATCH v2 6/6] tdx_tsm: TEE Security Manager driver for TDX Dan Williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=171291190324.3532867.13480405752065082171.stgit@dwillia2-xfh.jf.intel.com \
--to=dan.j.williams@intel.com \
--cc=aik@amd.com \
--cc=bhelgaas@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=hao.wu@intel.com \
--cc=isaku.yamahata@intel.com \
--cc=john.allen@amd.com \
--cc=kevin.tian@intel.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-pci@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=sameo@rivosinc.com \
--cc=thomas.lendacky@amd.com \
--cc=xiaoyao.li@intel.com \
--cc=yilun.xu@intel.com \
--cc=yilun.xu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.