From: Tom Lendacky <thomas.lendacky@amd.com>
To: "Kuppuswamy,
Sathyanarayanan" <sathyanarayanan.kuppuswamy@intel.com>,
linux-kernel@vger.kernel.org, x86@kernel.org
Cc: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Dan Williams <dan.j.williams@intel.com>,
Michael Roth <michael.roth@amd.com>,
Ashish Kalra <ashish.kalra@amd.com>
Subject: Re: [PATCH v2 11/14] x86/sev: Extend the config-fs attestation support for an SVSM
Date: Mon, 11 Mar 2024 11:16:08 -0500 [thread overview]
Message-ID: <805b863c-1631-477d-9faf-f7569a8d80e4@amd.com> (raw)
In-Reply-To: <93f36ae1-35b3-4852-8b36-3277f250408e@intel.com>
On 3/10/24 00:06, Kuppuswamy, Sathyanarayanan wrote:
>
> On 3/8/24 10:35 AM, Tom Lendacky wrote:
>> When an SVSM is present, the guest can also request attestation reports
>> from the SVSM. These SVSM attestation reports can be used to attest the
>> SVSM and any services running within the SVSM.
>>
>> Extend the config-fs attestation support to allow for an SVSM attestation
>> report. This involves creating four (4) new config-fs attributes:
>>
>> - 'svsm' (input)
>> This attribute is used to determine whether the attestation request
>> should be sent to the SVSM or to the SEV firmware.
>>
>> - 'service_guid' (input)
>> Used for requesting the attestation of a single service within the
>> SVSM. A null GUID implies that the SVSM_ATTEST_SERVICES call should
>> be used to request the attestation report. A non-null GUID implies
>> that the SVSM_ATTEST_SINGLE_SERVICE call should be used.
>>
>> - 'service_manifest_version' (input)
>> Used with the SVSM_ATTEST_SINGLE_SERVICE call, the service version
>> represents a specific service manifest version be used for the
>> attestation report.
>>
>> - 'manifestblob' (output)
>> Used to return the service manifest associated with the attestation
>> report.
>>
>> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
>> ---
>> Documentation/ABI/testing/configfs-tsm | 59 ++++++++++
>> arch/x86/include/asm/sev.h | 31 ++++-
>> arch/x86/kernel/sev.c | 50 ++++++++
>> drivers/virt/coco/sev-guest/sev-guest.c | 147 ++++++++++++++++++++++++
>> drivers/virt/coco/tsm.c | 95 ++++++++++++++-
>> include/linux/tsm.h | 11 ++
>> 6 files changed, 390 insertions(+), 3 deletions(-)
>>
>> diff --git a/Documentation/ABI/testing/configfs-tsm b/Documentation/ABI/testing/configfs-tsm
>> index dd24202b5ba5..a4663610bf7c 100644
>> --- a/Documentation/ABI/testing/configfs-tsm
>> +++ b/Documentation/ABI/testing/configfs-tsm
>> +
>> +What: /sys/kernel/config/tsm/report/$name/svsm
>> +Date: January, 2024
>> +KernelVersion: v6.9
>> +Contact: linux-coco@lists.linux.dev
>> +Description:
>> + (WO) Attribute is visible if a TSM implementation provider
>> + supports the concept of attestation reports for TVMs running
>> + under an SVSM, like SEV-SNP. Specifying a 1 (or other boolean
>
> Since service_guid can be used for non SVSM services as well, can we use
> a generic term "service" here? And let user specify the service type
> (like service=svsm)
I suppose that's possible. I think we would need a better term than just
service, though, since service_guid is specific to a service within the
service provider... so maybe service_provider.
>
>> + equivalent, e.g. "Y") implies that the attestation report
>> + should come from the SVSM.
>> + Secure VM Service Module for SEV-SNP Guests v1.00 Section 7.
>> + https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58019.pdf
>> +
>> +What: /sys/kernel/config/tsm/report/$name/service_guid
>> +Date: January, 2024
>> +KernelVersion: v6.9
>> +Contact: linux-coco@lists.linux.dev
>> +Description:
>> + (WO) Attribute is visible if a TSM implementation provider
>> + supports the concept of attestation reports for TVMs running
>> + under an SVSM, like SEV-SNP. Specifying a empty or null GUID
>> + (00000000-0000-0000-0000-000000) requests all active services
>> + within the SVSM be part of the attestation report. Specifying
>> + a non-null GUID requests an attestation report of just the
>> + specified service using the manifest form specified by the
>> + service_manifest_version attribute.
>> + Secure VM Service Module for SEV-SNP Guests v1.00 Section 7.
>> + https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58019.pdf
>> +
>
> I think it will be useful to the user if there is a attribute to list the service GUIDs
> supported. It can help prevent user using incorrect or unsupported GUIDs.
A list of supported GUIDs can be obtained from the manifest of a
all-services attestation request.
> >> + if (guid_is_null(&desc->service_guid)) {
>> + call_id = SVSM_ATTEST_CALL(SVSM_ATTEST_SERVICES);
>> + } else {
>> + export_guid(attest_call.service_guid, &desc->service_guid);
>> + attest_call.service_manifest_version = desc->service_manifest_version;
>> +
>> + call_id = SVSM_ATTEST_CALL(SVSM_ATTEST_SINGLE_SERVICE);
>> + }
>
> Above initialization will not change during retry, right? Why not move it above
> retry?
True, will move it outside of the loop.
>
>> +
>> + /* Obtain the GUID string length */
>> + guid_len = (len && buf[len - 1] == '\n') ? len - 1 : len;
>> + if (guid_len && guid_len != UUID_STRING_LEN)
>> + return -EINVAL;
>> +
>
> I don't think you need above checks. I think guid_parse will fail, if it is not
> a valid GUID.
Yes and no. The guid_parse() function will succeed if the string is longer
than UUID_STRING_LEN as long as it is a valid UUID up to UUID_STRING_LEN.
In other words, guid_parse() of:
aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
and
aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee-gg
both succeed.
I'm ok with eliminating the length calculation and check if everyone is in
favor of doing that given the above behavior.
>
>> + if (guid_len == UUID_STRING_LEN) {
>> + rc = guid_parse(buf, &report->desc.service_guid);
>> + if (rc)
>> + return rc;
>> + } else {
>> + report->desc.service_guid = guid_null;
>
> I think the default value will be guid_null right, why reset it to NULL for every failed attempt?
Default, yes. But what if it is written once, then a second time with an
invalid GUID. Should the previously written GUID still be used?
Thanks,
Tom
>
next prev parent reply other threads:[~2024-03-11 16:16 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-08 18:35 [PATCH v2 00/14] Provide SEV-SNP support for running under an SVSM Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 01/14] x86/sev: Rename snp_init() in the boot/compressed/sev.c file Tom Lendacky
2024-03-10 21:25 ` Borislav Petkov
2024-03-11 16:16 ` Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 02/14] x86/sev: Make the VMPL0 checking function more generic Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 03/14] x86/sev: Check for the presence of an SVSM in the SNP Secrets page Tom Lendacky
2024-03-09 0:33 ` Dionna Amalie Glaze
2024-03-11 14:50 ` Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 04/14] x86/sev: Use kernel provided SVSM Calling Areas Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 05/14] x86/sev: Perform PVALIDATE using the SVSM when not at VMPL0 Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 06/14] x86/sev: Use the SVSM to create a vCPU when not in VMPL0 Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 07/14] x86/sev: Provide SVSM discovery support Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 08/14] x86/sev: Provide guest VMPL level to userspace Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 09/14] virt: sev-guest: Choose the VMPCK key based on executing VMPL Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 10/14] configfs-tsm: Allow the privlevel_floor attribute to be updated Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 11/14] x86/sev: Extend the config-fs attestation support for an SVSM Tom Lendacky
2024-03-10 6:06 ` Kuppuswamy, Sathyanarayanan
2024-03-11 16:16 ` Tom Lendacky [this message]
2024-03-12 5:57 ` Kuppuswamy Sathyanarayanan
2024-03-12 13:29 ` Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 12/14] fs/configfs: Add a callback to determine attribute visibility Tom Lendacky
2024-03-11 19:58 ` Tom Lendacky
2024-03-13 21:37 ` Joel Becker
2024-03-14 14:23 ` Tom Lendacky
2024-03-21 2:40 ` Dan Williams
2024-03-08 18:35 ` [PATCH v2 13/14] x86/sev: Hide SVSM attestation entries if not running under an SVSM Tom Lendacky
2024-03-23 17:24 ` Kuppuswamy, Sathyanarayanan
2024-03-25 14:05 ` Tom Lendacky
2024-03-26 1:10 ` Kuppuswamy Sathyanarayanan
2024-03-08 18:35 ` [PATCH v2 14/14] x86/sev: Allow non-VMPL0 execution when an SVSM is present Tom Lendacky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=805b863c-1631-477d-9faf-f7569a8d80e4@amd.com \
--to=thomas.lendacky@amd.com \
--cc=ashish.kalra@amd.com \
--cc=bp@alien8.de \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=sathyanarayanan.kuppuswamy@intel.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.