From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
To: Dan Williams <dan.j.williams@intel.com>, linux-coco@lists.linux.dev
Cc: Brijesh Singh <brijesh.singh@amd.com>,
Erdem Aktas <erdemaktas@google.com>,
Peter Zijlstra <peterz@infradead.org>,
Tom Lendacky <thomas.lendacky@amd.com>,
Peter Gonda <pgonda@google.com>, Borislav Petkov <bp@alien8.de>,
Dionna Amalie Glaze <dionnaglaze@google.com>,
Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>,
Thomas Gleixner <tglx@linutronix.de>,
Samuel Ortiz <sameo@rivosinc.com>,
Pankaj Gupta <pankaj.gupta@amd.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
James Bottomley <James.Bottomley@HansenPartnership.com>,
dave.hansen@linux.intel.com
Subject: Re: [PATCH v5 0/7] configfs-tsm: Attestation Report ABI
Date: Tue, 10 Oct 2023 23:44:05 -0700 [thread overview]
Message-ID: <757483cf-443b-46d3-929d-ac56133cd9a5@linux.intel.com> (raw)
In-Reply-To: <169700203032.779347.11603484721811916604.stgit@dwillia2-xfh.jf.intel.com>
On 10/10/2023 10:27 PM, Dan Williams wrote:
> Changes since v4 [1]:
> - Fix a stack buffer vs scatterlist bug in sev-guest (Peter)
> - Test on AMD hardware, thanks Peter for the help!
> - Fix size of @len in __read_report() (Sathya)
> - Clarify the NULL @buf case in __read_report() (Sathya)
> - Fix kdoc for 'struct tsm_report' (Sathya)
> - Add kdoc for 'struct tsm_ops' (Sathya)
> - Initialize @certs_size to zero in sev_report_new() (Dan, smatch)
> - Add links to documentation for the attestation report formats
> - Drop conversion of sev-guest get_report(), just use get_ext_report()
> exclusively
> - Add is_vmpck_empty() and exitinfo2 init in set_report_new() similar to
> the ioctl() path
>
> [1]: http://lore.kernel.org/r/169570181657.596431.6178773442587231200.stgit@dwillia2-xfh.jf.intel.com
>
> ---
>
> Merge notes: I am looking for Dave or Boris to pick this up, I believe
> all outstanding comments have been resolved and this has now been
> smoke-tested on AMD and Intel platforms.
>
> ---
>
> An attestation report is signed evidence of how a Trusted Virtual
> Machine (TVM) was launched and its current state. A verifying party uses
> the report to make judgements of the confidentiality and integrity of
> that execution environment. Upon successful attestation the verifying
> party may, for example, proceed to deploy secrets to the TVM to carry
> out a workload. Multiple confidential computing platforms share this
> similar flow.
>
> The approach of adding adding new char devs and new ioctls, for what
> amounts to the same logical functionality with minor formatting
> differences across vendors [2], is untenable. Common concepts and the
> community benefit from common infrastructure.
>
> Use configfs for this facility for maintainability compared to ioctl(),
> and for its scalability compared to sysfs. Atomicity can be enforced at
> item creation time, and a conflict detection mechanism is included for
> scenarios where multiple threads may share a single configuration
> instance.
>
> [2]: http://lore.kernel.org/r/cover.1684048511.git.sathyanarayanan.kuppuswamy@linux.intel.com
>
> ---
Works fine in TDX environment.
Tested-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
>
> Dan Williams (6):
> virt: sevguest: Fix passing a stack buffer as a scatterlist target
> virt: coco: Add a coco/Makefile and coco/Kconfig
> configfs-tsm: Introduce a shared ABI for attestation reports
> virt: sevguest: Prep for kernel internal get_ext_report()
> mm/slab: Add __free() support for kvfree
> virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT
>
> Kuppuswamy Sathyanarayanan (1):
> virt: tdx-guest: Add Quote generation support using TSM_REPORTS
>
>
> Documentation/ABI/testing/configfs-tsm | 76 ++++++
> MAINTAINERS | 8 +
> arch/x86/coco/tdx/tdx.c | 21 ++
> arch/x86/include/asm/shared/tdx.h | 1
> arch/x86/include/asm/tdx.h | 2
> drivers/virt/Kconfig | 6
> drivers/virt/Makefile | 4
> drivers/virt/coco/Kconfig | 14 +
> drivers/virt/coco/Makefile | 8 +
> drivers/virt/coco/sev-guest/Kconfig | 1
> drivers/virt/coco/sev-guest/sev-guest.c | 218 ++++++++++++++--
> drivers/virt/coco/tdx-guest/Kconfig | 1
> drivers/virt/coco/tdx-guest/tdx-guest.c | 229 +++++++++++++++++
> drivers/virt/coco/tsm.c | 416 +++++++++++++++++++++++++++++++
> include/linux/slab.h | 2
> include/linux/tsm.h | 68 +++++
> 16 files changed, 1039 insertions(+), 36 deletions(-)
> create mode 100644 Documentation/ABI/testing/configfs-tsm
> create mode 100644 drivers/virt/coco/Kconfig
> create mode 100644 drivers/virt/coco/Makefile
> create mode 100644 drivers/virt/coco/tsm.c
> create mode 100644 include/linux/tsm.h
>
> base-commit: 6465e260f48790807eef06b583b38ca9789b6072
--
Sathyanarayanan Kuppuswamy
Linux Kernel Developer
prev parent reply other threads:[~2023-10-11 6:44 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-11 5:27 [PATCH v5 0/7] configfs-tsm: Attestation Report ABI Dan Williams
2023-10-11 5:27 ` [PATCH v5 1/7] virt: sevguest: Fix passing a stack buffer as a scatterlist target Dan Williams
2023-10-11 5:27 ` [PATCH v5 2/7] virt: coco: Add a coco/Makefile and coco/Kconfig Dan Williams
2023-10-11 5:27 ` [PATCH v5 3/7] configfs-tsm: Introduce a shared ABI for attestation reports Dan Williams
2023-10-11 6:29 ` Kuppuswamy Sathyanarayanan
2023-10-11 5:27 ` [PATCH v5 4/7] virt: sevguest: Prep for kernel internal get_ext_report() Dan Williams
2023-10-11 5:27 ` [PATCH v5 5/7] mm/slab: Add __free() support for kvfree Dan Williams
2023-10-11 6:31 ` Kuppuswamy Sathyanarayanan
2023-10-11 5:27 ` [PATCH v5 6/7] virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT Dan Williams
2023-10-11 16:13 ` Dionna Amalie Glaze
2023-10-11 20:41 ` Dan Williams
2023-10-11 21:06 ` Dionna Amalie Glaze
2023-10-11 19:24 ` Tom Lendacky
2023-10-11 21:30 ` Dan Williams
2023-10-11 22:21 ` Dionna Amalie Glaze
2023-10-11 22:24 ` Tom Lendacky
2023-10-12 0:38 ` Dan Williams
2023-10-11 5:27 ` [PATCH v5 7/7] virt: tdx-guest: Add Quote generation support using TSM_REPORTS Dan Williams
2023-10-11 6:44 ` Kuppuswamy Sathyanarayanan [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=757483cf-443b-46d3-929d-ac56133cd9a5@linux.intel.com \
--to=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=akpm@linux-foundation.org \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=dionnaglaze@google.com \
--cc=erdemaktas@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=jpiotrowski@linux.microsoft.com \
--cc=linux-coco@lists.linux.dev \
--cc=pankaj.gupta@amd.com \
--cc=peterz@infradead.org \
--cc=pgonda@google.com \
--cc=sameo@rivosinc.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.