Re: [PATCH v3 0/5] configfs-tsm: Attestation Report ABI

From: Jeremi Piotrowski
Date: Fri Sep 01 2023 - 12:04:11 EST

Next message: Bjorn Andersson: "Re: [PATCH V6 5/6] scsi: ufs: qcom: Refactor ufs_qcom_cfg_timers function."
Previous message: Alain Volmat: "[PATCH v3 5/5] ARM: multi_v7_defconfig: enable STM32 DCMIPP media support"
Next in thread: Dan Williams: "Re: [PATCH v3 0/5] configfs-tsm: Attestation Report ABI"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 8/30/2023 9:33 PM, Dan Williams wrote:
> Note that I am sending this during the merge window due to the high
> level of interest. My current expectation, barring major review
> concerns, is that this intercepts Linux-next soon after v6.6-rc1 for a
> v6.7 merge. Given the switch to configfs I did not carry forward
> Reviewed-by's from v2.
>
> Changes since v2 [1]:
> - Switch from sysfs to configfs to scale the interface for containers
> (Jeremi)
> - Fix locking in outblob_read() to avoid racing freeing and generation
> of ->outblob (Jeremi)
> - Add missing mutex to sev_report_new() (Jeremi)
> - Fix incorrect usage of no_free_ptr(), switch to return_ptr() (Peter)
> - Drop hex input parsing (configfs bin attributes are not seekable which
> eliminates the concern) (Greg)
> - Note why DEFINE_FREE() for kvfree() includes a NULL check (Greg)
> - Document the permissible values of privlevel in the ABI documentation
> (Greg)
> - Bump column limit to 100 for sev-guest changes, since that's existing
> code, for tsm.c use the .clang_format default. (Tom)
> - Drop report buffer size to 4K (Tom)
> - Fix uninitialized variable @rc in register_tsm() (Tom)
> - Fix collision detection confusion, always increment write_generation
> on successful write regardless if old data is being re-written (Tom)
> - Switch to sockptr_t for sharing {get,get_ext}_report() between the
> ioctl and configfs paths (Andy)
>
> [1]: http://lore.kernel.org/r/169199898909.1782217.10899362240465838600.stgit@xxxxxxxxxxxxxxxxxxxxxxxxx
>
> An attestation report is signed evidence of how a Trusted Virtual
> Machine (TVM) was launched and its current state. A verifying party uses
> the report to make judgements of the confidentiality and integrity of
> that execution environment. Upon successful attestation the verifying
> party may, for example, proceed to deploy secrets to the TVM to carry
> out a workload. Multiple confidential computing platforms share this
> similar flow.

Besides the platform (cpu) attestation report, there are also attestation
reports from individual secure PCIe devices that we'd want to fetch. This
uses the SPDM protocol[1]. There is a CHALLENGE command which (too me)
roughly maps to an attestation request, but also separate interfaces to
fetch individual measurements and certificates (like the SNP extended
report interface allows).

If this is to become the one attestation interface then we'll need to
consider that. That will probably require adding a second level
directory: /sys/kernel/config/tsm/<device path>.

[1]: https://www.dmtf.org/sites/default/files/standards/documents/DSP2058_1.0.0_1.pdf

Next message: Bjorn Andersson: "Re: [PATCH V6 5/6] scsi: ufs: qcom: Refactor ufs_qcom_cfg_timers function."
Previous message: Alain Volmat: "[PATCH v3 5/5] ARM: multi_v7_defconfig: enable STM32 DCMIPP media support"
Next in thread: Dan Williams: "Re: [PATCH v3 0/5] configfs-tsm: Attestation Report ABI"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]