Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs

[PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Cedric Xing <hidden> · 2025-02-13
[PATCH 1/4] tsm: Add TVM Measurement Register support · Cedric Xing <hidden> · 2025-02-13
Re: [PATCH 1/4] tsm: Add TVM Measurement Register support · kernel test robot <hidden> · 2025-02-14
Re: [PATCH 1/4] tsm: Add TVM Measurement Register support · Huang, Kai <hidden> · 2025-02-17
Re: [PATCH 1/4] tsm: Add TVM Measurement Register support · Huang, Kai <hidden> · 2025-02-17
Re: [PATCH 1/4] tsm: Add TVM Measurement Register support · Xing, Cedric <hidden> · 2025-02-17
Re: [PATCH 1/4] tsm: Add TVM Measurement Register support · Huang, Kai <hidden> · 2025-02-18
Re: [PATCH 1/4] tsm: Add TVM Measurement Register support · Xing, Cedric <hidden> · 2025-02-18
Re: [PATCH 1/4] tsm: Add TVM Measurement Register support · Sathyanarayanan Kuppuswamy <sathyanarayanan.kuppuswamy@linux.intel.com> · 2025-02-18
Re: [PATCH 1/4] tsm: Add TVM Measurement Register support · Xing, Cedric <hidden> · 2025-02-20
[PATCH 2/4] tsm: Add TSM measurement sample code · Cedric Xing <hidden> · 2025-02-13
[PATCH 3/4] x86/tdx: Add tdx_mcall_rtmr_extend() interface · Cedric Xing <hidden> · 2025-02-13
Re: [PATCH 3/4] x86/tdx: Add tdx_mcall_rtmr_extend() interface · Huang, Kai <hidden> · 2025-02-17
Re: [PATCH 3/4] x86/tdx: Add tdx_mcall_rtmr_extend() interface · Xing, Cedric <hidden> · 2025-02-17
Re: [PATCH 3/4] x86/tdx: Add tdx_mcall_rtmr_extend() interface · Sathyanarayanan Kuppuswamy <sathyanarayanan.kuppuswamy@linux.intel.com> · 2025-02-17
[PATCH 4/4] x86/tdx: Expose TDX MRs through TSM sysfs interface · Cedric Xing <hidden> · 2025-02-13
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Dave Hansen <hidden> · 2025-02-13
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Xing, Cedric <hidden> · 2025-02-13
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Dave Hansen <hidden> · 2025-02-13
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Xing, Cedric <hidden> · 2025-02-13
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Dave Hansen <hidden> · 2025-02-13
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Xing, Cedric <hidden> · 2025-02-14
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Dave Hansen <hidden> · 2025-02-14
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Xing, Cedric <hidden> · 2025-02-14
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Dan Middleton <hidden> · 2025-02-18
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Dave Hansen <hidden> · 2025-02-18
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Dionna Amalie Glaze <hidden> · 2025-02-18
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Dave Hansen <hidden> · 2025-02-19
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Dionna Amalie Glaze <hidden> · 2025-02-19
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-02-19
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Dan Middleton <hidden> · 2025-02-19
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-02-19
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Xing, Cedric <hidden> · 2025-02-19
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Dan Williams <hidden> · 2025-02-19
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Dan Williams <hidden> · 2025-05-02
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Mikko Ylinen <hidden> · 2025-02-18
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Xing, Cedric <hidden> · 2025-02-19
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Huang, Kai <hidden> · 2025-02-19
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Xing, Cedric <hidden> · 2025-02-20
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Mikko Ylinen <hidden> · 2025-02-19
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Xing, Cedric <hidden> · 2025-02-20
Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs · Sathyanarayanan Kuppuswamy <sathyanarayanan.kuppuswamy@linux.intel.com> · 2025-02-18

From: Dionna Amalie Glaze <hidden>
Date: 2025-02-19 03:21:36
Also in: lkml

On Tue, Feb 18, 2025 at 4:41 PM Dave Hansen [off-list ref] wrote:

On 2/18/25 15:57, Dionna Amalie Glaze wrote:

quoted

If there are actual end users who care about this, it would be great to
see their acks on it as well.

We would like to have this for Google Confidential Space and Kubernetes Engine.

Acked-by: Dionna Glaze <redacted>

Great! Thanks for chiming in. Can you talk for a second, though, about
why this is useful and how you plan to use it? Is it for debugging?

Confidential space on SEV depends on the hypervisor-provided vTPM to
provide remotely attestable quotes of its PCRs, and the corresponding
event logs.
https://github.com/google/go-tpm-tools/blob/main/launcher/agent/agent.go#L97

On TDX and ARM CCA (maybe RISC-V CoVE someday), we don't want to have
to depend on the vTPM.
There are runtime measurement registers and the CCEL.
When we have a sysfs interface to extend these registers, it makes the
user space evidence manager's life easier.
When Dan Williams forced the issue about configfs-tsm, we were told
that it is bad for the kernel to have many platform-specific
interfaces for attestation operations.
This patch series is a way to unify behind the tsm.

As for the ability to read the registers through sysfs instead of just
extend-on-write, that's not something Confidential Space depends on
specifically.
Our attestation policies are evaluated in a verification service
rather than on-node.

For on-node policy evaluation, for instance in kubectl, there is a
benefit to being able to generically read measurement registers that
have been extended generically to execute policy that a certain action
if a measurement register isn't an exact expected value.
This is not far-fetched, since it is used for confidential containers,
and is being discussed for kubernetes engine as a way to poison an
instance when an ssh session is terminated for a human operator.

To have that same capability without a generic read interface, we need
to stuff kubectl with quote parsers of every attestation technology.

Hope that helps.
-- 
-Dionna Glaze, PhD, CISSP, CCSP (she/her)

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help