Re: [PATCH v3 0/5] configfs-tsm: Attestation Report ABI

[PATCH v3 0/5] configfs-tsm: Attestation Report ABI · Dan Williams <hidden> · 2023-08-30
[PATCH v3 1/5] virt: coco: Add a coco/Makefile and coco/Kconfig · Dan Williams <hidden> · 2023-08-30
Re: [PATCH v3 1/5] virt: coco: Add a coco/Makefile and coco/Kconfig · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2023-08-30
[PATCH v3 4/5] mm/slab: Add __free() support for kvfree · Dan Williams <hidden> · 2023-08-30
Re: [PATCH v3 4/5] mm/slab: Add __free() support for kvfree · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2023-08-30
Re: [PATCH v3 4/5] mm/slab: Add __free() support for kvfree · Gupta, Pankaj <hidden> · 2023-09-07
[PATCH v3 5/5] virt: sevguest: Add TSM_REPORTS support for SNP_{GET, GET_EXT}_REPORT · Dan Williams <hidden> · 2023-08-30
Re: [PATCH v3 5/5] virt: sevguest: Add TSM_REPORTS support for SNP_{GET, GET_EXT}_REPORT · Jeremi Piotrowski <hidden> · 2023-09-01
Re: [PATCH v3 5/5] virt: sevguest: Add TSM_REPORTS support for SNP_{GET, GET_EXT}_REPORT · Dan Williams <hidden> · 2023-09-01
Re: [PATCH v3 5/5] virt: sevguest: Add TSM_REPORTS support for SNP_{GET, GET_EXT}_REPORT · Huang, Kai <hidden> · 2023-09-04
Re: [PATCH v3 5/5] virt: sevguest: Add TSM_REPORTS support for SNP_{GET, GET_EXT}_REPORT · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2023-09-04
Re: [PATCH v3 5/5] virt: sevguest: Add TSM_REPORTS support for SNP_{GET, GET_EXT}_REPORT · Huang, Kai <hidden> · 2023-09-05
[PATCH v3 2/5] configfs-tsm: Introduce a shared ABI for attestation reports · Dan Williams <hidden> · 2023-08-30
Re: [PATCH v3 2/5] configfs-tsm: Introduce a shared ABI for attestation reports · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2023-08-30
Re: [PATCH v3 2/5] configfs-tsm: Introduce a shared ABI for attestation reports · Dan Williams <hidden> · 2023-08-30
Re: [PATCH v3 2/5] configfs-tsm: Introduce a shared ABI for attestation reports · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2023-08-30
Re: [PATCH v3 2/5] configfs-tsm: Introduce a shared ABI for attestation reports · Dan Williams <hidden> · 2023-08-31
Re: [PATCH v3 2/5] configfs-tsm: Introduce a shared ABI for attestation reports · Dionna Amalie Glaze <hidden> · 2023-08-31
Re: [PATCH v3 2/5] configfs-tsm: Introduce a shared ABI for attestation reports · Dan Williams <hidden> · 2023-08-31
Re: [PATCH v3 2/5] configfs-tsm: Introduce a shared ABI for attestation reports · Thomas Gleixner <hidden> · 2023-09-01
Re: [PATCH v3 2/5] configfs-tsm: Introduce a shared ABI for attestation reports · Dan Williams <hidden> · 2023-09-01
Re: [PATCH v3 2/5] configfs-tsm: Introduce a shared ABI for attestation reports · Thomas Gleixner <hidden> · 2023-09-01
[PATCH v3 3/5] virt: sevguest: Prep for kernel internal {get, get_ext}_report() · Dan Williams <hidden> · 2023-08-30
Re: [PATCH v3 0/5] configfs-tsm: Attestation Report ABI · Jeremi Piotrowski <hidden> · 2023-09-01
Re: [PATCH v3 0/5] configfs-tsm: Attestation Report ABI · Dan Williams <hidden> · 2023-09-01
Re: [PATCH v3 0/5] configfs-tsm: Attestation Report ABI · Samuel Ortiz <hidden> · 2023-09-07
Re: [PATCH v3 0/5] configfs-tsm: Attestation Report ABI · Dan Williams <hidden> · 2023-09-25

From: Jeremi Piotrowski <hidden>
Date: 2023-09-01 16:04:10
Also in: lkml

On 8/30/2023 9:33 PM, Dan Williams wrote:

Note that I am sending this during the merge window due to the high
level of interest. My current expectation, barring major review
concerns, is that this intercepts Linux-next soon after v6.6-rc1 for a
v6.7 merge. Given the switch to configfs I did not carry forward
Reviewed-by's from v2.

Changes since v2 [1]:
- Switch from sysfs to configfs to scale the interface for containers
  (Jeremi)
- Fix locking in outblob_read() to avoid racing freeing and generation
  of ->outblob (Jeremi)
- Add missing mutex to sev_report_new() (Jeremi)
- Fix incorrect usage of no_free_ptr(), switch to return_ptr() (Peter)
- Drop hex input parsing (configfs bin attributes are not seekable which
  eliminates the concern) (Greg)
- Note why DEFINE_FREE() for kvfree() includes a NULL check (Greg)
- Document the permissible values of privlevel in the ABI documentation
  (Greg)
- Bump column limit to 100 for sev-guest changes, since that's existing
  code, for tsm.c use the .clang_format default. (Tom)
- Drop report buffer size to 4K (Tom)
- Fix uninitialized variable @rc in register_tsm() (Tom)
- Fix collision detection confusion, always increment write_generation
  on successful write regardless if old data is being re-written (Tom)
- Switch to sockptr_t for sharing {get,get_ext}_report() between the
  ioctl and configfs paths (Andy)

[1]: http://lore.kernel.org/r/169199898909.1782217.10899362240465838600.stgit@dwillia2-xfh.jf.intel.com (local)

An attestation report is signed evidence of how a Trusted Virtual
Machine (TVM) was launched and its current state. A verifying party uses
the report to make judgements of the confidentiality and integrity of
that execution environment. Upon successful attestation the verifying
party may, for example, proceed to deploy secrets to the TVM to carry
out a workload. Multiple confidential computing platforms share this
similar flow.

Besides the platform (cpu) attestation report, there are also attestation
reports from individual secure PCIe devices that we'd want to fetch. This
uses the SPDM protocol[1]. There is a CHALLENGE command which (too me)
roughly maps to an attestation request, but also separate interfaces to
fetch individual measurements and certificates (like the SNP extended
report interface allows).

If this is to become the one attestation interface then we'll need to
consider that. That will probably require adding a second level
directory: /sys/kernel/config/tsm/<device path>.

[1]: https://www.dmtf.org/sites/default/files/standards/documents/DSP2058_1.0.0_1.pdf

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help