From: Tom Lendacky <thomas.lendacky@amd.com>
To: Dan Williams <dan.j.williams@intel.com>, linux-coco@lists.linux.dev
Cc: Brijesh Singh <brijesh.singh@amd.com>,
Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@linux.intel.com>,
Erdem Aktas <erdemaktas@google.com>,
Peter Zijlstra <peterz@infradead.org>,
Peter Gonda <pgonda@google.com>, Borislav Petkov <bp@alien8.de>,
Dionna Amalie Glaze <dionnaglaze@google.com>,
Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>,
Thomas Gleixner <tglx@linutronix.de>,
Samuel Ortiz <sameo@rivosinc.com>,
Pankaj Gupta <pankaj.gupta@amd.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
James Bottomley <James.Bottomley@HansenPartnership.com>,
dave.hansen@linux.intel.com
Subject: Re: [PATCH v6 0/7] configfs-tsm: Attestation Report ABI
Date: Fri, 13 Oct 2023 10:39:39 -0500 [thread overview]
Message-ID: <fedb69c2-3277-4512-a8a2-55898822c81a@amd.com> (raw)
In-Reply-To: <169716323436.984874.9170967990536970455.stgit@dwillia2-xfh.jf.intel.com>
On 10/12/23 21:13, Dan Williams wrote:
> Changes since v5 [1]:
> - Dump the raw cert_table via a new @auxblob attribute rather than
> concatenate the certificate data. (Dionna and Tom)
> - Fix usage of guard(), drop erroneous copy-pasted mutex_unlock().
> (Tom)
>
> [1]: http://lore.kernel.org/r/169700203032.779347.11603484721811916604.stgit@dwillia2-xfh.jf.intel.com
>
For the series:
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
>
> Merge notes: I am looking for Dave or Boris to pick this up, I believe
> all outstanding comments have been resolved and this has now been
> smoke-tested on AMD and Intel platforms (both v5 and v6).
>
> ---
>
> An attestation report is signed evidence of how a Trusted Virtual
> Machine (TVM) was launched and its current state. A verifying party uses
> the report to make judgements of the confidentiality and integrity of
> that execution environment. Upon successful attestation the verifying
> party may, for example, proceed to deploy secrets to the TVM to carry
> out a workload. Multiple confidential computing platforms share this
> similar flow.
>
> The approach of adding adding new char devs and new ioctls, for what
> amounts to the same logical functionality with minor formatting
> differences across vendors [2], is untenable. Common concepts and the
> community benefit from common infrastructure.
>
> Use configfs for this facility for maintainability compared to ioctl(),
> and for its scalability compared to sysfs. Atomicity can be enforced at
> item creation time, and a conflict detection mechanism is included for
> scenarios where multiple threads may share a single configuration
> instance.
>
> [2]: http://lore.kernel.org/r/cover.1684048511.git.sathyanarayanan.kuppuswamy@linux.intel.com
>
>
> ---
>
> Dan Williams (6):
> virt: sevguest: Fix passing a stack buffer as a scatterlist target
> virt: coco: Add a coco/Makefile and coco/Kconfig
> configfs-tsm: Introduce a shared ABI for attestation reports
> virt: sevguest: Prep for kernel internal get_ext_report()
> mm/slab: Add __free() support for kvfree
> virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT
>
> Kuppuswamy Sathyanarayanan (1):
> virt: tdx-guest: Add Quote generation support using TSM_REPORTS
>
>
> Documentation/ABI/testing/configfs-tsm | 82 ++++++
> MAINTAINERS | 8 +
> arch/x86/coco/tdx/tdx.c | 21 ++
> arch/x86/include/asm/shared/tdx.h | 1
> arch/x86/include/asm/tdx.h | 2
> drivers/virt/Kconfig | 6
> drivers/virt/Makefile | 4
> drivers/virt/coco/Kconfig | 14 +
> drivers/virt/coco/Makefile | 8 +
> drivers/virt/coco/sev-guest/Kconfig | 1
> drivers/virt/coco/sev-guest/sev-guest.c | 212 ++++++++++++++--
> drivers/virt/coco/tdx-guest/Kconfig | 1
> drivers/virt/coco/tdx-guest/tdx-guest.c | 229 +++++++++++++++++
> drivers/virt/coco/tsm.c | 423 +++++++++++++++++++++++++++++++
> include/linux/slab.h | 2
> include/linux/tsm.h | 68 +++++
> 16 files changed, 1046 insertions(+), 36 deletions(-)
> create mode 100644 Documentation/ABI/testing/configfs-tsm
> create mode 100644 drivers/virt/coco/Kconfig
> create mode 100644 drivers/virt/coco/Makefile
> create mode 100644 drivers/virt/coco/tsm.c
> create mode 100644 include/linux/tsm.h
>
> base-commit: 6465e260f48790807eef06b583b38ca9789b6072
prev parent reply other threads:[~2023-10-13 15:39 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-13 2:13 [PATCH v6 0/7] configfs-tsm: Attestation Report ABI Dan Williams
2023-10-13 2:14 ` [PATCH v6 1/7] virt: sevguest: Fix passing a stack buffer as a scatterlist target Dan Williams
2023-10-13 2:14 ` [PATCH v6 2/7] virt: coco: Add a coco/Makefile and coco/Kconfig Dan Williams
2023-10-13 2:14 ` [PATCH v6 3/7] configfs-tsm: Introduce a shared ABI for attestation reports Dan Williams
2023-10-13 4:43 ` Dionna Amalie Glaze
2023-10-13 5:15 ` Dan Williams
2023-10-16 6:36 ` Alexey Kardashevskiy
2023-10-17 2:19 ` Dan Williams
2023-10-17 6:20 ` Alexey Kardashevskiy
2023-10-19 1:29 ` Dan Williams
2023-10-19 20:24 ` Dan Williams
2023-10-13 2:14 ` [PATCH v6 4/7] virt: sevguest: Prep for kernel internal get_ext_report() Dan Williams
2023-10-13 2:14 ` [PATCH v6 5/7] mm/slab: Add __free() support for kvfree Dan Williams
2023-10-13 2:14 ` [PATCH v6 6/7] virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT Dan Williams
2023-10-13 15:38 ` Tom Lendacky
2023-10-14 4:46 ` Dan Williams
2023-10-16 11:36 ` Alexey Kardashevskiy
2023-10-16 15:39 ` Dionna Amalie Glaze
2023-10-16 15:42 ` Peter Gonda
2023-10-17 0:42 ` Alexey Kardashevskiy
2023-10-19 4:30 ` Dan Williams
2023-10-17 4:07 ` Dan Williams
2023-10-17 5:35 ` Alexey Kardashevskiy
2023-10-17 6:28 ` Alexey Kardashevskiy
2023-10-19 4:43 ` Dan Williams
2023-10-19 5:12 ` Alexey Kardashevskiy
2023-10-19 3:34 ` Dan Williams
2023-10-13 2:14 ` [PATCH v6 7/7] virt: tdx-guest: Add Quote generation support using TSM_REPORTS Dan Williams
2023-10-19 18:12 ` Peter Gonda
2023-10-13 15:39 ` Tom Lendacky [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fedb69c2-3277-4512-a8a2-55898822c81a@amd.com \
--to=thomas.lendacky@amd.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=akpm@linux-foundation.org \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=dionnaglaze@google.com \
--cc=erdemaktas@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=jpiotrowski@linux.microsoft.com \
--cc=linux-coco@lists.linux.dev \
--cc=pankaj.gupta@amd.com \
--cc=peterz@infradead.org \
--cc=pgonda@google.com \
--cc=sameo@rivosinc.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.