From patchwork Mon Aug 14 07:43:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Williams X-Patchwork-Id: 135202 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b824:0:b0:3f2:4152:657d with SMTP id z4csp2592779vqi; Mon, 14 Aug 2023 01:11:26 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG6z5z5whorq++LMxYEdu1RetRZ41nZaP10MbnhBrVKaCR7d1lE0ijboC8lFmpk1wABiNIR X-Received: by 2002:a05:6e02:1c2f:b0:349:36e1:10fb with SMTP id m15-20020a056e021c2f00b0034936e110fbmr13387897ilh.18.1692000685941; Mon, 14 Aug 2023 01:11:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692000685; cv=none; d=google.com; s=arc-20160816; b=nrRwDffSQsysG05D+JC0mDPRKkfAWsXWkqvvOIUBKDqwnrITY0SAvt3GVbU6FvUCua 9jV+aLSr2bofqWjnIWT3W7CNCP3TSv5hEo/o46Lxbw57nX/CmMTMpc9GMpxvXsdP+eTN z1s1rinGCOrsWjUzKWjRNX0K+IuCzFaREb+vCfE51OQkNUhHJHsFH/MGrBQarF2NS5bx 6ZeDGndPC/2tzjm4e6Az2vq7tiF1mSNPYISN60WzaqXq1dqShuwnHozJkaN7MxaTdLxn ZC08aUKvlsNlfaNqU6bV1kgnXEuOmyGeKDx2qCw5wlz6YowQHohmQS7hPzEqHcR9GQS5 jVjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:cc:to:from :subject:dkim-signature; bh=3l08JUBTWlmcim7FU7HddRExeN24dbKJM7pVIxivluE=; fh=g59hbjujPVAD10Xm2jVSdhu3Aeg/RAci4F4shOEY1pU=; b=OsTnTd5kAEwEFPZd9CgwewYmIR/zb8uZkpkRIUNrh+hQCH57iKFl5lWj6w+CctDTJT Y2GEeCJ0pn0VKbCEBpRrlTpNBpHTA2FmmeFMtppTEfctZ7t3yHjheKLOpVKH9ADSIUe6 M3VKBUKJRbp6+pCjppDorph4iG+LsDQISKy++Vmlih5L6YeOoieSIruO+1aY2azxqh70 emVOUxkHRqEgERgl2kFTMsS8t51ycHihTxcdoD3zVGK5Adv5QfsvuBQ9oxWKhok8IfzP dBqpzLEHofVmtuv6sgo4uWyY7n0vZbZa6SJ7IQoQCqtR4sUbqb6upFNOTViH1HN4EVgT DM1Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=UNwpLu4T; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h23-20020a656397000000b00553836cb761si7332598pgv.717.2023.08.14.01.11.08; Mon, 14 Aug 2023 01:11:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=UNwpLu4T; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234267AbjHNHnr (ORCPT + 99 others); Mon, 14 Aug 2023 03:43:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38274 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234251AbjHNHnR (ORCPT ); Mon, 14 Aug 2023 03:43:17 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.120]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6ECFA94 for ; Mon, 14 Aug 2023 00:43:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1691998996; x=1723534996; h=subject:from:to:cc:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=1QNSa8PfJ6fHxxDbOfg/mWMGFnDXUsLlbGCHGWdkA9Q=; b=UNwpLu4Tu/3zGPB7WrtkMbq0YdGNa/33OC8BM8IfUQWTH2sF/Ba/5g1g u6HF7cJn1grSSbvXJLCpBJZXNDTyMIA9ajKsfc4+PQG7wykfwRQR4wCSh fgEwUojwSR7kIvxY/O1qxBp6CwP3v1b2JuPtf/BajxqNALo3OB0aRWy+m JDF31Ve9ZbSXYXUOlI/KjJHKGyBsBmZagYxizmqwJzSx9zpJ9yUnkvjJ3 a6XT/xTMx1cZHIbXZqGYAOLJFnLnqmHueMpveEDvPY7zQVVLynW1xTJEf Yg2Av984t2Sdi1InsKYTo+MwBkGivp6pZWDGEjQp8fh9LBVNE+pa3L0p2 A==; X-IronPort-AV: E=McAfee;i="6600,9927,10801"; a="370882738" X-IronPort-AV: E=Sophos;i="6.01,172,1684825200"; d="scan'208";a="370882738" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Aug 2023 00:43:16 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10801"; a="736445243" X-IronPort-AV: E=Sophos;i="6.01,172,1684825200"; d="scan'208";a="736445243" Received: from navanban-mobl.amr.corp.intel.com (HELO dwillia2-xfh.jf.intel.com) ([10.209.127.25]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Aug 2023 00:43:15 -0700 Subject: [PATCH v2 1/5] virt: coco: Add a coco/Makefile and coco/Kconfig From: Dan Williams To: linux-coco@lists.linux.dev Cc: peterz@infradead.org, x86@kernel.org, linux-kernel@vger.kernel.org Date: Mon, 14 Aug 2023 00:43:15 -0700 Message-ID: <169199899543.1782217.492316368774728659.stgit@dwillia2-xfh.jf.intel.com> In-Reply-To: <169199898909.1782217.10899362240465838600.stgit@dwillia2-xfh.jf.intel.com> References: <169199898909.1782217.10899362240465838600.stgit@dwillia2-xfh.jf.intel.com> User-Agent: StGit/0.18-3-g996c MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774191310891875970 X-GMAIL-MSGID: 1774191310891875970 In preparation for adding another coco build target, relieve drivers/virt/Makefile of the responsibility to track new compilation unit additions to drivers/virt/coco/, and do the same for drivers/virt/Kconfig. Signed-off-by: Dan Williams --- drivers/virt/Kconfig | 6 +----- drivers/virt/Makefile | 4 +--- drivers/virt/coco/Kconfig | 9 +++++++++ drivers/virt/coco/Makefile | 7 +++++++ 4 files changed, 18 insertions(+), 8 deletions(-) create mode 100644 drivers/virt/coco/Kconfig create mode 100644 drivers/virt/coco/Makefile diff --git a/drivers/virt/Kconfig b/drivers/virt/Kconfig index f79ab13a5c28..40129b6f0eca 100644 --- a/drivers/virt/Kconfig +++ b/drivers/virt/Kconfig @@ -48,10 +48,6 @@ source "drivers/virt/nitro_enclaves/Kconfig" source "drivers/virt/acrn/Kconfig" -source "drivers/virt/coco/efi_secret/Kconfig" - -source "drivers/virt/coco/sev-guest/Kconfig" - -source "drivers/virt/coco/tdx-guest/Kconfig" +source "drivers/virt/coco/Kconfig" endif diff --git a/drivers/virt/Makefile b/drivers/virt/Makefile index e9aa6fc96fab..f29901bd7820 100644 --- a/drivers/virt/Makefile +++ b/drivers/virt/Makefile @@ -9,6 +9,4 @@ obj-y += vboxguest/ obj-$(CONFIG_NITRO_ENCLAVES) += nitro_enclaves/ obj-$(CONFIG_ACRN_HSM) += acrn/ -obj-$(CONFIG_EFI_SECRET) += coco/efi_secret/ -obj-$(CONFIG_SEV_GUEST) += coco/sev-guest/ -obj-$(CONFIG_INTEL_TDX_GUEST) += coco/tdx-guest/ +obj-y += coco/ diff --git a/drivers/virt/coco/Kconfig b/drivers/virt/coco/Kconfig new file mode 100644 index 000000000000..fc5c64f04c4a --- /dev/null +++ b/drivers/virt/coco/Kconfig @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: GPL-2.0-only +# +# Confidential computing related collateral +# +source "drivers/virt/coco/efi_secret/Kconfig" + +source "drivers/virt/coco/sev-guest/Kconfig" + +source "drivers/virt/coco/tdx-guest/Kconfig" diff --git a/drivers/virt/coco/Makefile b/drivers/virt/coco/Makefile new file mode 100644 index 000000000000..55302ef719ad --- /dev/null +++ b/drivers/virt/coco/Makefile @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only +# +# Confidential computing related collateral +# +obj-$(CONFIG_EFI_SECRET) += efi_secret/ +obj-$(CONFIG_SEV_GUEST) += sev-guest/ +obj-$(CONFIG_INTEL_TDX_GUEST) += tdx-guest/ From patchwork Mon Aug 14 07:43:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Williams X-Patchwork-Id: 135206 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b824:0:b0:3f2:4152:657d with SMTP id z4csp2594697vqi; Mon, 14 Aug 2023 01:16:11 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEAPgZBERHhHL8N6rZlc8LNYGZs8fSeyYYl/QnvAY3RzpkWUB/J/aVddXZ69dSAulPFqvkY X-Received: by 2002:a05:6358:885:b0:132:d333:4a5c with SMTP id m5-20020a056358088500b00132d3334a5cmr7023608rwj.10.1692000971183; Mon, 14 Aug 2023 01:16:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692000971; cv=none; d=google.com; s=arc-20160816; b=wJ9XQEULq85bhjcdGGE5jCYi+HAHgMtst7UDTEfBYMg1iklXhBfMq5hTQYxoNa8cBr eOB8xk42F2peGvul3BqubF5mPcgjX4BI8tMidiCpzqp6bue35blVmuK3Ei3XdADbyqFc 6/kNncJX5yQBWoGywdOLD7fP3BYIOOzmG1YPar0LPAQYl9gjZDKWiGMQp6lmDCTDCKeJ fAK5TqvmXNpHTIxXc5lBFSByGX6B/5V7PyeO0IRAQat7C5zC6HEgOnFTjFHvoZlhvnw+ OJWF03dOlcf+fWL08No5/qXQVGMWNXH+tYGbK+aUb69A/KA7FkcDx1IzUNM4mxeHu4w/ kXow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:cc:to:from :subject:dkim-signature; bh=O3qg5k0fmC6+vPV3IX3nuaAokFPUOulbbAAEr0XSt7o=; fh=L9rCA4Y75CbprmWV+Rnig6DMVfX3RX6mi0RDwi1YNa0=; b=JDp1il4rfEh7USczeqavxgsgkShJiaD+5Ge1QPwYWFTj3q59QuOXEUxWbb2K7j3Tqa AyWIUIvUrlxvP1U0Xu+2E10Rfhon4+bA5B59lO9JVqcM7kUTMvMd3/Y447hUhZh3vVnv iwXqEcUINMcwyqKndYjM1cOHna15TDce/my9Z0+ayeGLIYe3BpJF6YzgVBNE7mKWaUYL xDxLfA9LwxNnQ/rEKnZJ8RNR5Uxo5K6CbqgvWc5/e5fmHy81N0K7rk5BkH3QI4fyPc5P f0dR+ZjL1IpIxMerUX4WMheegSOWOpoI12YZIyAgDSLagW4WAwcEWggge2OzDceJ68pB G/WQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=SnflGIwT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a72-20020a63904b000000b00565bf035b25si1134785pge.382.2023.08.14.01.15.58; Mon, 14 Aug 2023 01:16:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=SnflGIwT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234281AbjHNHnu (ORCPT + 99 others); Mon, 14 Aug 2023 03:43:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55454 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234064AbjHNHnY (ORCPT ); Mon, 14 Aug 2023 03:43:24 -0400 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 794D494 for ; Mon, 14 Aug 2023 00:43:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1691999002; x=1723535002; h=subject:from:to:cc:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=zY66xLrmMWMjDhtbcf1ZxgbaaYJikE/LWLqE99EjbEk=; b=SnflGIwT/oBiKJSH/GyFeJHeDxqg0+8Fhvrikn7Hu01CLC2VCKF/hCnv B7eFN38V/syqjdm1oL3vl8eRqeXFdbFTqP7VLAHXRsObBpGHxJc5BLloo GVjbxyHnaxbUXVT8GoEnVxt35wNGf5blQuLo0TM3gN0OkxK/AIJDzn7CQ vwBOa1OyRUUK/y3WavQz8hzCZoA/wLeoNjGW4ByGvZmAaUTG8ysegWBVn IRjrGDyZqH4GU/dglB6FTx6BvBdZkMhYVuSMObcMMji7Za+paCWWx8QbR atXuLghJTdt0iv3E+iYO3XVcmPXkZcKoo592a+TzIfMJaDCebAN0MSkD9 g==; X-IronPort-AV: E=McAfee;i="6600,9927,10801"; a="438314715" X-IronPort-AV: E=Sophos;i="6.01,172,1684825200"; d="scan'208";a="438314715" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Aug 2023 00:43:21 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10801"; a="907142086" X-IronPort-AV: E=Sophos;i="6.01,172,1684825200"; d="scan'208";a="907142086" Received: from navanban-mobl.amr.corp.intel.com (HELO dwillia2-xfh.jf.intel.com) ([10.209.127.25]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Aug 2023 00:43:21 -0700 Subject: [PATCH v2 2/5] tsm: Introduce a shared ABI for attestation reports From: Dan Williams To: linux-coco@lists.linux.dev Cc: Kuppuswamy Sathyanarayanan , Dionna Amalie Glaze , James Bottomley , Peter Gonda , Greg Kroah-Hartman , Samuel Ortiz , peterz@infradead.org, x86@kernel.org, linux-kernel@vger.kernel.org Date: Mon, 14 Aug 2023 00:43:21 -0700 Message-ID: <169199900110.1782217.12112722316618515086.stgit@dwillia2-xfh.jf.intel.com> In-Reply-To: <169199898909.1782217.10899362240465838600.stgit@dwillia2-xfh.jf.intel.com> References: <169199898909.1782217.10899362240465838600.stgit@dwillia2-xfh.jf.intel.com> User-Agent: StGit/0.18-3-g996c MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774191610108158244 X-GMAIL-MSGID: 1774191610108158244 One of the common operations of a TSM (Trusted Security Module) is to provide a way for a TVM (confidential computing guest execution environment) to take a measurement of its launch state, sign it and submit it to a verifying party. Upon successful attestation that verifies the integrity of the TVM additional secrets may be deployed. The concept is common across TSMs, but the implementations are unfortunately vendor specific. While the industry grapples with a common definition of this attestation format [1], Linux need not make this problem worse by defining a new ABI per TSM that wants to perform a similar operation. The current momentum has been to invent new ioctl-ABI per TSM per function which at best is an abdication of the kernel's responsibility to make common infrastructure concepts share common ABI. The proposal, targeted to conceptually work with TDX, SEV, COVE if not more, is to define a sysfs interface to retrieve the TSM-specific blob. echo $hex_encoded_userdata_plus_nonce > /sys/class/tsm/tsm0/inhex hexdump /sys/class/tsm/tsm0/outblob This approach later allows for the standardization of the attestation blob format without needing to change the Linux ABI. Until then, the format of 'outblob' is determined by the parent device for 'tsm0'. The expectation is that this is a boot time exchange that need not be regenerated, making it amenable to a sysfs interface. In case userspace does try to generate multiple attestation reports it includes conflict detection so userspace can be sure no other thread changed the parameters from its last configuration step to the blob retrieval. TSM specific options are encoded as 'extra' attributes on the TSM device with the expectation that vendors reuse the same options for similar concepts. The current options are defined by SEV-SNP's need for a 'privilege level' concept (VMPL), and the option to retrieve a certificate chain in addition to the attestation report ("extended" format). Link: http://lore.kernel.org/r/64961c3baf8ce_142af829436@dwillia2-xfh.jf.intel.com.notmuch [1] Cc: Kuppuswamy Sathyanarayanan Cc: Dionna Amalie Glaze Cc: James Bottomley Cc: Peter Gonda Cc: Greg Kroah-Hartman Cc: Samuel Ortiz Signed-off-by: Dan Williams --- Documentation/ABI/testing/sysfs-class-tsm | 47 +++++ MAINTAINERS | 8 + drivers/virt/coco/Kconfig | 4 drivers/virt/coco/Makefile | 1 drivers/virt/coco/tdx-guest/Kconfig | 1 drivers/virt/coco/tsm.c | 290 +++++++++++++++++++++++++++++ include/linux/tsm.h | 45 +++++ 7 files changed, 396 insertions(+) create mode 100644 Documentation/ABI/testing/sysfs-class-tsm create mode 100644 drivers/virt/coco/tsm.c create mode 100644 include/linux/tsm.h diff --git a/Documentation/ABI/testing/sysfs-class-tsm b/Documentation/ABI/testing/sysfs-class-tsm new file mode 100644 index 000000000000..37017bde626d --- /dev/null +++ b/Documentation/ABI/testing/sysfs-class-tsm @@ -0,0 +1,47 @@ +What: /sys/class/tsm/tsm0/inhex +Date: August, 2023 +KernelVersion: v6.6 +Contact: linux-cxl@vger.kernel.org +Description: + (RW) Hex encoded userdata to be included in the attestation + report. For replay protection this should include a nonce, but + the kernel does not place any restrictions on the content. + +What: /sys/class/tsm/tsm0/outblob +Date: August, 2023 +KernelVersion: v6.6 +Contact: linux-cxl@vger.kernel.org +Description: + (RO) Binary attestation report generated from @inhex translated + to binary and any options. The format of the report is vendor + specific and determined by the parent device of 'tsm0'. + +What: /sys/class/tsm/tsm0/generation +Date: August, 2023 +KernelVersion: v6.6 +Contact: linux-cxl@vger.kernel.org +Description: + (RO) The value in this attribute increments each time @inhex or + any option is written. Userspace can detect conflicts by + checking generation before writing to any attribute and making + sure the number of writes matches expectations after reading + @outblob. + +What: /sys/class/tsm/tsm0/privlevel +Date: August, 2023 +KernelVersion: v6.6 +Contact: linux-cxl@vger.kernel.org +Description: + (RW) If a TSM implementation supports the concept of attestation + reports for TVMs running at different privilege levels, like + SEV-SNP "VMPL", specify the privilege level via this attribute. + +What: /sys/class/tsm/tsm0/format +Date: August, 2023 +KernelVersion: v6.6 +Contact: linux-cxl@vger.kernel.org +Description: + (RW) If a TSM implementation supports the concept of attestation + reports with "extended" contents, like SEV-SNP extended reports + with certificate chains, specify "extended" vs "default" via + this attribute. diff --git a/MAINTAINERS b/MAINTAINERS index 3be1bdfe8ecc..97f74d344c8a 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -21625,6 +21625,14 @@ W: https://github.com/srcres258/linux-doc T: git git://github.com/srcres258/linux-doc.git doc-zh-tw F: Documentation/translations/zh_TW/ +TRUSTED SECURITY MODULE (TSM) ATTESTATION REPORTS +M: Dan Williams +L: linux-coco@lists.linux.dev +S: Maintained +F: Documentation/ABI/testing/sysfs-class-tsm +F: drivers/virt/coco/tsm.c +F: include/linux/tsm.h + TTY LAYER M: Greg Kroah-Hartman M: Jiri Slaby diff --git a/drivers/virt/coco/Kconfig b/drivers/virt/coco/Kconfig index fc5c64f04c4a..d92f07019f38 100644 --- a/drivers/virt/coco/Kconfig +++ b/drivers/virt/coco/Kconfig @@ -2,6 +2,10 @@ # # Confidential computing related collateral # + +config TSM_REPORTS + tristate + source "drivers/virt/coco/efi_secret/Kconfig" source "drivers/virt/coco/sev-guest/Kconfig" diff --git a/drivers/virt/coco/Makefile b/drivers/virt/coco/Makefile index 55302ef719ad..18c1aba5edb7 100644 --- a/drivers/virt/coco/Makefile +++ b/drivers/virt/coco/Makefile @@ -2,6 +2,7 @@ # # Confidential computing related collateral # +obj-$(CONFIG_TSM_REPORTS) += tsm.o obj-$(CONFIG_EFI_SECRET) += efi_secret/ obj-$(CONFIG_SEV_GUEST) += sev-guest/ obj-$(CONFIG_INTEL_TDX_GUEST) += tdx-guest/ diff --git a/drivers/virt/coco/tdx-guest/Kconfig b/drivers/virt/coco/tdx-guest/Kconfig index 14246fc2fb02..22dd59e19431 100644 --- a/drivers/virt/coco/tdx-guest/Kconfig +++ b/drivers/virt/coco/tdx-guest/Kconfig @@ -1,6 +1,7 @@ config TDX_GUEST_DRIVER tristate "TDX Guest driver" depends on INTEL_TDX_GUEST + select TSM_REPORTS help The driver provides userspace interface to communicate with the TDX module to request the TDX guest details like attestation diff --git a/drivers/virt/coco/tsm.c b/drivers/virt/coco/tsm.c new file mode 100644 index 000000000000..1bf2ee82eb94 --- /dev/null +++ b/drivers/virt/coco/tsm.c @@ -0,0 +1,290 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* Copyright(c) 2023 Intel Corporation. All rights reserved. */ + +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + +#include +#include +#include +#include +#include +#include +#include +#include + +struct class *tsm_class; +static struct tsm_provider { + const struct tsm_ops *ops; + struct device *dev; +} provider; +static DECLARE_RWSEM(tsm_rwsem); + +/** + * DOC: Trusted Security Module (TSM) Attestation Report Interface + * + * The TSM report interface is a common provider of blobs that facilitate + * attestation of a TVM (confidential computing guest) by an attestation + * service. A TSM report combines a user-defined blob (likely a public-key with + * a nonce for a key-exchange protocol) with a signed attestation report. That + * combined blob is then used to obtain secrets provided by an agent that can + * validate the attestation report. The expectation is that this interface is + * invoked infrequently, likely only once at TVM boot time. + * + * The attestation report format is TSM provider specific, when / if a standard + * materializes that can be published instead of the vendor layout. + */ + +/** + * struct tsm_report - track state of report generation relative to options + * @desc: report generation options / cached report state + * @outblob: generated evidence to provider to the attestation agent + * @outblob_len: sizeof(outblob) + * @write_generation: conflict detection, and report regeneration tracking + * @read_generation: cached report invalidation tracking + */ +struct tsm_report { + struct tsm_desc desc; + size_t outblob_len; + u8 *outblob; + unsigned long write_generation; + unsigned long read_generation; +} tsm_report; + +static ssize_t privlevel_store(struct device *dev, + struct device_attribute *attr, const char *buf, + size_t len) +{ + unsigned int val; + int rc; + + rc = kstrtouint(buf, 0, &val); + if (rc) + return rc; + + guard(rwsem_write)(&tsm_rwsem); + if (tsm_report.desc.privlevel == val) + return len; + tsm_report.desc.privlevel = val; + tsm_report.write_generation++; + + return len; +} + +static ssize_t privlevel_show(struct device *dev, struct device_attribute *attr, + char *buf) +{ + return sysfs_emit(buf, "%u\n", tsm_report.desc.privlevel); +} + +static DEVICE_ATTR_RW(privlevel); + +static ssize_t format_store(struct device *dev, struct device_attribute *attr, + const char *buf, size_t len) +{ + enum tsm_format format; + + if (sysfs_streq(buf, "default")) + format = TSM_FORMAT_DEFAULT; + else if (sysfs_streq(buf, "extended")) + format = TSM_FORMAT_EXTENDED; + else + return -EINVAL; + + guard(rwsem_write)(&tsm_rwsem); + if (tsm_report.desc.outblob_format == format) + return len; + tsm_report.desc.outblob_format = format; + tsm_report.write_generation++; + + return len; +} + +static ssize_t format_show(struct device *dev, struct device_attribute *attr, + char *buf) +{ + if (tsm_report.desc.outblob_format == TSM_FORMAT_DEFAULT) + return sysfs_emit(buf, "default\n"); + return sysfs_emit(buf, "extended\n"); +} + +static DEVICE_ATTR_RW(format); + +static struct attribute *tsm_extra_attributes[] = { + &dev_attr_format.attr, + &dev_attr_privlevel.attr, + NULL, +}; + +struct attribute_group tsm_extra_attribute_group = { + .attrs = tsm_extra_attributes, +}; +EXPORT_SYMBOL_GPL(tsm_extra_attribute_group); + +/* + * Input is a small hex blob, rather than a writable binary attribute, so that + * it is conveyed atomically. + */ +static ssize_t inhex_store(struct device *dev, struct device_attribute *attr, + const char *buf, size_t len) +{ + u8 inblob[TSM_INBLOB_MAX]; + size_t inblob_len; + int rc; + + inblob_len = len; + if (buf[len - 1] == '\n') + inblob_len--; + if (inblob_len & 1) + return -EINVAL; + inblob_len /= 2; + if (inblob_len > TSM_INBLOB_MAX) + return -EINVAL; + + rc = hex2bin(inblob, buf, inblob_len); + if (rc < 0) + return rc; + + guard(rwsem_write)(&tsm_rwsem); + if (memcmp(tsm_report.desc.inblob, inblob, inblob_len) == 0) + return len; + memcpy(tsm_report.desc.inblob, inblob, inblob_len); + tsm_report.desc.inblob_len = inblob_len; + tsm_report.write_generation++; + + return len; +} + +static ssize_t inhex_show(struct device *dev, struct device_attribute *attr, + char *buf) +{ + char *end; + + guard(rwsem_read)(&tsm_rwsem); + if (!tsm_report.desc.inblob_len) + return 0; + end = bin2hex(buf, tsm_report.desc.inblob, tsm_report.desc.inblob_len); + *end++ = '\n'; + return end - buf; +} +static DEVICE_ATTR_RW(inhex); + +static ssize_t generation_show(struct device *dev, + struct device_attribute *attr, char *buf) +{ + guard(rwsem_read)(&tsm_rwsem); + return sysfs_emit(buf, "%lu\n", tsm_report.write_generation); +} +static DEVICE_ATTR_RO(generation); + +static struct attribute *tsm_attributes[] = { + &dev_attr_inhex.attr, + &dev_attr_generation.attr, + NULL, +}; + +static ssize_t outblob_read(struct file *f, struct kobject *kobj, + struct bin_attribute *bin_attr, char *buf, + loff_t offset, size_t count) +{ + guard(rwsem_read)(&tsm_rwsem); + if (!tsm_report.desc.inblob_len) + return -EINVAL; + + if (!tsm_report.outblob || + tsm_report.read_generation != tsm_report.write_generation) { + const struct tsm_ops *ops = provider.ops; + size_t outblob_len; + u8 *outblob; + + kvfree(tsm_report.outblob); + outblob = ops->report_new(provider.dev->parent, + &tsm_report.desc, &outblob_len); + if (IS_ERR(outblob)) + return PTR_ERR(outblob); + tsm_report.outblob_len = outblob_len; + tsm_report.outblob = outblob; + tsm_report.read_generation = tsm_report.write_generation; + } + + return memory_read_from_buffer(buf, count, &offset, + tsm_report.outblob, + tsm_report.outblob_len); +} +static BIN_ATTR_RO(outblob, 0); + +static struct bin_attribute *tsm_bin_attributes[] = { + &bin_attr_outblob, + NULL, +}; + +struct attribute_group tsm_default_attribute_group = { + .bin_attrs = tsm_bin_attributes, + .attrs = tsm_attributes, +}; +EXPORT_SYMBOL_GPL(tsm_default_attribute_group); + +static const struct attribute_group *tsm_default_attribute_groups[] = { + &tsm_default_attribute_group, + NULL, +}; + +int register_tsm(const struct tsm_ops *ops, struct device *parent, + const struct attribute_group **groups) +{ + const struct tsm_ops *conflict; + struct device *dev; + int rc; + + if (!parent) + return -EINVAL; + + if (!groups) + groups = tsm_default_attribute_groups; + + guard(rwsem_write)(&tsm_rwsem); + conflict = provider.ops; + if (conflict) { + pr_err("\"%s\" ops already registered\n", conflict->name); + return rc; + } + + dev = device_create_with_groups(tsm_class, parent, 0, NULL, groups, + "tsm0"); + if (IS_ERR(dev)) + return PTR_ERR(dev); + + provider.ops = ops; + provider.dev = dev; + return 0; +} +EXPORT_SYMBOL_GPL(register_tsm); + +int unregister_tsm(const struct tsm_ops *ops) +{ + guard(rwsem_write)(&tsm_rwsem); + if (ops != provider.ops) + return -EBUSY; + provider.ops = NULL; + device_unregister(provider.dev); + provider.dev = NULL; + kvfree(tsm_report.outblob); + tsm_report.outblob = NULL; + return 0; +} +EXPORT_SYMBOL_GPL(unregister_tsm); + +static int __init tsm_init(void) +{ + tsm_class = class_create("tsm"); + return PTR_ERR_OR_ZERO(tsm_class); +} +module_init(tsm_init); + +static void __exit tsm_exit(void) +{ + class_destroy(tsm_class); +} +module_exit(tsm_exit); + +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("Provide Trusted Security Module attestation reports via sysfs"); diff --git a/include/linux/tsm.h b/include/linux/tsm.h new file mode 100644 index 000000000000..6dc2f07543b8 --- /dev/null +++ b/include/linux/tsm.h @@ -0,0 +1,45 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __TSM_H +#define __TSM_H + +#include +#include + +#define TSM_INBLOB_MAX 64 + +enum tsm_format { + TSM_FORMAT_DEFAULT, + TSM_FORMAT_EXTENDED, +}; + +/** + * struct tsm_desc - option descriptor for generating tsm report blobs + * @privlevel: optional privilege level to associate with @outblob + * @inblob_len: sizeof @inblob + * @inblob: arbitrary input data + * @outblob_format: for TSMs with an "extended" format + */ +struct tsm_desc { + unsigned int privlevel; + size_t inblob_len; + u8 inblob[TSM_INBLOB_MAX]; + enum tsm_format outblob_format; +}; + +/* + * arch specific ops, only one is expected to be registered at a time + * i.e. only one of SEV, TDX, COVE, etc. + */ +struct tsm_ops { + const char *name; + u8 *(*report_new)(struct device *dev, const struct tsm_desc *desc, + size_t *outblob_len); +}; + +extern struct attribute_group tsm_default_attribute_group; +extern struct attribute_group tsm_extra_attribute_group; + +int register_tsm(const struct tsm_ops *ops, struct device *parent, + const struct attribute_group **groups); +int unregister_tsm(const struct tsm_ops *ops); +#endif /* __TSM_H */ From patchwork Mon Aug 14 07:43:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Williams X-Patchwork-Id: 135218 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b824:0:b0:3f2:4152:657d with SMTP id z4csp2602016vqi; Mon, 14 Aug 2023 01:34:42 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHdW4SlEoFW6yDwRakBrlSzDAEs2vgrVoEYdsgyC8vkm+Ou86Z0QTy4ZqNsJ13kmjLkdtzF X-Received: by 2002:a17:906:4790:b0:99c:c8eb:51b2 with SMTP id cw16-20020a170906479000b0099cc8eb51b2mr14555552ejc.2.1692002082412; Mon, 14 Aug 2023 01:34:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692002082; cv=none; d=google.com; s=arc-20160816; b=tg56qLEkrkHwfMguUEhvHG/I6xsyYYNi2vJChZ4SlvyR8k695T3LfR7u+5eZuMXHmX zwEdc4e1pgBI2jHqbwkdxW4mRN+Cyf+vcJaahQ+3U3rQlY4Ozg0qo/EickoM8PXgvLcB CTuizeQv/XQjhgEzf6gYVrmk6YSUVChSIEKC96i9M5gpoNHokBPcYQOylbW89hYItGxh fzw95WAct1MzbfyByQf4nVTH6JO4ZSlVqdo9ChJGMjKNvpj4fmGpmlP7l5kdwtusNjGQ PfWID0RpvN8Y54GOO7juBvRLLZQ3PirSeZmoT2D1AtYNA0RARvhmjPck8+3CXoyLvP7n BD8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:cc:to:from :subject:dkim-signature; bh=GonjnQrBGfeUJbVhGUntAkPPQOcrGXmdQOxxZZbNP5o=; fh=TGOpEk3n1ZRjL8J4SsrZP2d/iuzmZ/P+Blunjuf30to=; b=1FJ1I/knIUZodRwsUTvSaLXG9Dt1AE/qKdyE61SaVWuFAB8IA/3z6Ik28fetupe5QZ 7B2ebIWzXSue2h6gge5vIjvPoP/rkEHLCtPjtGozj3MJdKyOnMWS9dLbHoVl147TV3ed t7tJTZ+9+RqYRVFqxm4M0OTv4QsTgVtSqmjX2tSMS+8ijmLo8HsDCHW6BK6fQ+ENAdpr XyJh69E8Y/3lg0kdJ0dYWDnIDig0+ZKhhIPJgJwJA7VuIjmg3lKU4N0Y9HE+U164+KuO xE9X88S0GjJQHxmUn4upW9GONL/nJKGVVPB/1fDu3J3g+ZZ/oLYiB0LXgrGU43or9T+9 4i4A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=VWEVNru1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x10-20020a170906134a00b0099bd73c9bcesi7280387ejb.730.2023.08.14.01.34.17; Mon, 14 Aug 2023 01:34:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=VWEVNru1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234289AbjHNHnv (ORCPT + 99 others); Mon, 14 Aug 2023 03:43:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42130 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234257AbjHNHna (ORCPT ); Mon, 14 Aug 2023 03:43:30 -0400 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 93EA8115 for ; Mon, 14 Aug 2023 00:43:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1691999007; x=1723535007; h=subject:from:to:cc:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ZKEMKTZcxb+bR5sevS5HirhkX4iYwm8FNvR5plo9bz8=; b=VWEVNru1WosXoIKBAKM58S325WdDeF7SUP2fNWcoO1+fV7uNAWSDM1Z1 Ql/6nLLzQpVrCAVAq7ERS0bDt0rcA7Bcjsoa3IAPSJeejHcrqYri7oGH5 vz15PBBIg7AuvfMz1LLDqqagoLt01tSQ11UiLe59YEv8mJ+YBn2Us2az1 1ezX/hzU8c7HbF0xCT/9+8E6+AX+KofTXZ2c7rS7jhN1wWovydkezHZGp Oi6QlQ0l/4LkYfRZVbaKDa/ujR+CN5FUvqy/A5yHczNyBwX7hURBhS3sB IA9V4DGEHKvPnu36mTxEK2Hz4ZDKAtWNg08BoP9SZwYPSlCuGE7wzupVY w==; X-IronPort-AV: E=McAfee;i="6600,9927,10801"; a="438314730" X-IronPort-AV: E=Sophos;i="6.01,172,1684825200"; d="scan'208";a="438314730" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Aug 2023 00:43:27 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10801"; a="907142138" X-IronPort-AV: E=Sophos;i="6.01,172,1684825200"; d="scan'208";a="907142138" Received: from navanban-mobl.amr.corp.intel.com (HELO dwillia2-xfh.jf.intel.com) ([10.209.127.25]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Aug 2023 00:43:27 -0700 Subject: [PATCH v2 3/5] virt: sevguest: Prep for kernel internal {get, get_ext}_report() From: Dan Williams To: linux-coco@lists.linux.dev Cc: Borislav Petkov , Tom Lendacky , Dionna Glaze , Brijesh Singh , peterz@infradead.org, x86@kernel.org, linux-kernel@vger.kernel.org Date: Mon, 14 Aug 2023 00:43:26 -0700 Message-ID: <169199900677.1782217.12516417657696965559.stgit@dwillia2-xfh.jf.intel.com> In-Reply-To: <169199898909.1782217.10899362240465838600.stgit@dwillia2-xfh.jf.intel.com> References: <169199898909.1782217.10899362240465838600.stgit@dwillia2-xfh.jf.intel.com> User-Agent: StGit/0.18-3-g996c MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774192775540609404 X-GMAIL-MSGID: 1774192775540609404 In preparation for using the TSM key facility to convey attestation blobs to userspace, add an argument to flag whether @arg is a user buffer or a kernel buffer. While TSM keys is meant to replace existing confidenital computing ioctl() implementations for attestation report retrieval the old ioctl() path needs to stick around for a deprecation period. No behavior change intended, just introduce the copy wrappers and @type argument. Note that these wrappers are similar to copy_{to,from}_sockptr(). If this approach moves forward that concept is something that can be generalized into a helper with a generic name. Cc: Borislav Petkov Cc: Tom Lendacky Cc: Dionna Glaze Cc: Brijesh Singh Signed-off-by: Dan Williams Reviewed-by: Dionna Glaze --- drivers/virt/coco/sev-guest/sev-guest.c | 48 ++++++++++++++++++++++++------- 1 file changed, 37 insertions(+), 11 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 97dbe715e96a..f48c4764a7a2 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -470,7 +470,32 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, return 0; } -static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) +enum snp_arg_type { + SNP_UARG, + SNP_KARG, +}; + +static unsigned long copy_from(void *to, unsigned long from, unsigned long n, + enum snp_arg_type type) +{ + if (type == SNP_UARG) + return copy_from_user(to, (void __user *)from, n); + memcpy(to, (void *)from, n); + return 0; +} + +static unsigned long copy_to(unsigned long to, const void *from, + unsigned long n, enum snp_arg_type type) +{ + if (type == SNP_UARG) + return copy_to_user((void __user *)to, from, n); + memcpy((void *)to, from, n); + return 0; +} + +static int get_report(struct snp_guest_dev *snp_dev, + struct snp_guest_request_ioctl *arg, + enum snp_arg_type type) { struct snp_guest_crypto *crypto = snp_dev->crypto; struct snp_report_resp *resp; @@ -482,7 +507,7 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io if (!arg->req_data || !arg->resp_data) return -EINVAL; - if (copy_from_user(&req, (void __user *)arg->req_data, sizeof(req))) + if (copy_from(&req, arg->req_data, sizeof(req), type)) return -EFAULT; /* @@ -501,7 +526,7 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io if (rc) goto e_free; - if (copy_to_user((void __user *)arg->resp_data, resp, sizeof(*resp))) + if (copy_to(arg->resp_data, resp, sizeof(*resp), type)) rc = -EFAULT; e_free: @@ -550,7 +575,9 @@ static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_reque return rc; } -static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) +static int get_ext_report(struct snp_guest_dev *snp_dev, + struct snp_guest_request_ioctl *arg, + enum snp_arg_type type) { struct snp_guest_crypto *crypto = snp_dev->crypto; struct snp_ext_report_req req; @@ -562,7 +589,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques if (!arg->req_data || !arg->resp_data) return -EINVAL; - if (copy_from_user(&req, (void __user *)arg->req_data, sizeof(req))) + if (copy_from(&req, arg->req_data, sizeof(req), type)) return -EFAULT; /* userspace does not want certificate data */ @@ -611,14 +638,13 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques if (ret) goto e_free; - if (npages && - copy_to_user((void __user *)req.certs_address, snp_dev->certs_data, - req.certs_len)) { + if (npages && copy_to(req.certs_address, snp_dev->certs_data, + req.certs_len, type)) { ret = -EFAULT; goto e_free; } - if (copy_to_user((void __user *)arg->resp_data, resp, sizeof(*resp))) + if (copy_to(arg->resp_data, resp, sizeof(*resp), type)) ret = -EFAULT; e_free: @@ -653,13 +679,13 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long switch (ioctl) { case SNP_GET_REPORT: - ret = get_report(snp_dev, &input); + ret = get_report(snp_dev, &input, SNP_UARG); break; case SNP_GET_DERIVED_KEY: ret = get_derived_key(snp_dev, &input); break; case SNP_GET_EXT_REPORT: - ret = get_ext_report(snp_dev, &input); + ret = get_ext_report(snp_dev, &input, SNP_UARG); break; default: break; From patchwork Mon Aug 14 07:43:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Williams X-Patchwork-Id: 135235 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b824:0:b0:3f2:4152:657d with SMTP id z4csp2607050vqi; Mon, 14 Aug 2023 01:49:00 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF+j70lb5Ydy8JL8/aZCJe3haoE6ZOFRtQCqEQtYWL/jOr5fd+HziEgE2367XT/dhgButZk X-Received: by 2002:a05:6808:20a5:b0:3a7:5309:f24 with SMTP id s37-20020a05680820a500b003a753090f24mr11430464oiw.49.1692002939814; Mon, 14 Aug 2023 01:48:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692002939; cv=none; d=google.com; s=arc-20160816; b=f7KOJQ2YO7Q450egamNCdhXTWljcXozW7ePAaHwE/1aFSK1CuDlrIzSuoSjTsAhPcE M9hPMaOBr0dUukX6sV+7XXST7AGYNUzaXdpEjD1TNtQjEfkS4mOieO6y2LFlo/I9rgja 7fS4GZUF9yaAzUllr/5R6yPdTazSVyLk+30PQ1wSwN1SqpKXpDYbde93USCetkcDml32 i1r39+KRZJmDjyDsd0LKBCHM5bJpDsuvk1GQ9LNetbCJF9Ng1odJ6yR20gCWfCO8T7N8 TvJiLqK1cBJbTPd7lioa7vOERNA+McaKYbMQKiB0zd47RUuW3ekY1FWhZgjqj7tyOxUq s+qA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:cc:to:from :subject:dkim-signature; bh=EMMaKjcmf0w6Qeck97k95pB3VR1xSDdwNYw3ZCcMyNg=; fh=PAI56yEu0AiuX8TT+Q3eaKO8S7fFZxUvPBCA6bNffeU=; b=gqkQRNRjdqtMFn7aSGDc5ZyuZRtwDOY/cIOAu3XaQ3lWQJHc1smlqv+yQUec0GokZ0 TUJJ6qy73bb1R9BU9iS2UwikVjDwSxqf7ovHiblIbfqfSumijqCSB/HFb7BYzCsyN5or RSPS2fqR5I7X/+r+Wc0464nhhvhHsXPrwdUdnahouvmhC6Gb3Z+Z/MgPMXzNDVkEK4Yv dOwQj4lV1J15G1xyak+c5M3C7MK+tY8F2QLNhdXemRlD+ruJV51at9btymFF45nXY4MG 75WxaUHt03mFzANPMGijgNdjEyJl2NWmeHU5bFQM1cSGxyPO3SYun21JxbZvg4bYJdQy qACA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Y2um6b59; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c6-20020a6566c6000000b00530b3b98fc5si7971040pgw.417.2023.08.14.01.48.47; Mon, 14 Aug 2023 01:48:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Y2um6b59; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234324AbjHNHnx (ORCPT + 99 others); Mon, 14 Aug 2023 03:43:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42150 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234260AbjHNHne (ORCPT ); Mon, 14 Aug 2023 03:43:34 -0400 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A6A8294 for ; Mon, 14 Aug 2023 00:43:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1691999013; x=1723535013; h=subject:from:to:cc:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=RReoo07Z8COfyQe4vCo2LnNBVJrUhMSozbnkyWWcdFM=; b=Y2um6b59bFJq2QJ28RbMGjgW5fghkFwKnxV4/IGQ93qnHukybI3wKcJ9 pNtfAfMDH26fb2byq/CsMn0nj8mhp8fMkvBZ9EVX0/Ty8zw7jmycQGa2L U5HdBj1HyshJiw2SEcwF6TY61yW+TZqJxi2HyNFebdpawMNkhbS5G+YlH Vx1n5PLDqAB8uVnZt/SutaZV/2hzuuOp5sl3DHJV5UzM0j3Y9TTLIvXUJ 7MTtP3/WEy0Q3rg8SwblLnE46YYCQ85spJv6rQsivlzrjW1FfE2tKBuMb BH6a0VSvw/vUAabdryqxCDmfbAzmkNmY4OQEAVss5KRIsF7Wi1OKSmIr8 Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10801"; a="438314744" X-IronPort-AV: E=Sophos;i="6.01,172,1684825200"; d="scan'208";a="438314744" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Aug 2023 00:43:33 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10801"; a="803372565" X-IronPort-AV: E=Sophos;i="6.01,172,1684825200"; d="scan'208";a="803372565" Received: from navanban-mobl.amr.corp.intel.com (HELO dwillia2-xfh.jf.intel.com) ([10.209.127.25]) by fmsmga004-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Aug 2023 00:43:32 -0700 Subject: [PATCH v2 4/5] mm/slab: Add __free() support for kvfree From: Dan Williams To: linux-coco@lists.linux.dev Cc: Andrew Morton , Peter Zijlstra , Greg Kroah-Hartman , x86@kernel.org, linux-kernel@vger.kernel.org Date: Mon, 14 Aug 2023 00:43:32 -0700 Message-ID: <169199901230.1782217.9803098171993981037.stgit@dwillia2-xfh.jf.intel.com> In-Reply-To: <169199898909.1782217.10899362240465838600.stgit@dwillia2-xfh.jf.intel.com> References: <169199898909.1782217.10899362240465838600.stgit@dwillia2-xfh.jf.intel.com> User-Agent: StGit/0.18-3-g996c MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774193674284446808 X-GMAIL-MSGID: 1774193674284446808 Allow for the declaration of variables that trigger kvfree() when they go out of scope. Cc: Andrew Morton Cc: Peter Zijlstra Cc: Greg Kroah-Hartman Signed-off-by: Dan Williams --- include/linux/slab.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/linux/slab.h b/include/linux/slab.h index 848c7c82ad5a..241025367943 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -746,6 +746,8 @@ static inline __alloc_size(1, 2) void *kvcalloc(size_t n, size_t size, gfp_t fla extern void *kvrealloc(const void *p, size_t oldsize, size_t newsize, gfp_t flags) __realloc_size(3); extern void kvfree(const void *addr); +DEFINE_FREE(kvfree, void *, if (_T) kvfree(_T)) + extern void kvfree_sensitive(const void *addr, size_t len); unsigned int kmem_cache_size(struct kmem_cache *s); From patchwork Mon Aug 14 07:43:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Williams X-Patchwork-Id: 135220 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b824:0:b0:3f2:4152:657d with SMTP id z4csp2602597vqi; Mon, 14 Aug 2023 01:36:12 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFbxmJxF4Ayy2xAO15wKYY3ibbqoWGHXGy0+tYwrCBK5/IRwNFFqcjkXNxIktSy+841qg9o X-Received: by 2002:aa7:c509:0:b0:525:469a:fc47 with SMTP id o9-20020aa7c509000000b00525469afc47mr4042518edq.22.1692002172179; Mon, 14 Aug 2023 01:36:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692002172; cv=none; d=google.com; s=arc-20160816; b=iyifdz9PfS9ajeXSTsFRZ/GitrblNmN7wlla0Fz1mNxHLbIW17dHLRu2NSzD6ArU7i tCsvFEb4se+7MU/jx4WyInHIQ30qnKLaocAlfiEVQkghxmKWu7NNdvUBrlb0taixdtjo PTU6P9+y581aCG0NsX4kyTUPesITB8dpQSdHhyMP2Dug5kHeADOkdHwtbX8mdJoe05/V DPMtP/0E98VAXcFKPr3D9Ardick9n4jLZrDZdZUzArSg8bCT+zh65FQ3Mddb9K4ueVfA +yIF3ysuwYN4iYutpFSSxP3/vGc3Khom3RN1mYUPk0UVbESgpR8e+kd0EEStp1a3Hfzp MBkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:cc:to:from :subject:dkim-signature; bh=Oet4S+jR8UGzpUUlW6lwAYGU9ZzrQpTUI3XCiAkDAsE=; fh=TGOpEk3n1ZRjL8J4SsrZP2d/iuzmZ/P+Blunjuf30to=; b=l2KAjl/CrNY29Tn8iT5vc6IbUuMb3s4vfkuQ2Hjnprrnn/fAb6CyMsvufIVFgQQec3 PPhOoJ0px5wOi18ZO5DoM9aYrocEOXfm6cow6mGJvxhI0GumWmSRyvAwiVPyAmlY8iS1 BmvlKYsTSqOYaGB05b48wExvNT5z0NJXcUtiMnx20hPhOB8K8L2VIIcH2SBJpwF9H77p DBeXuAYxLMRjbrg7N3Tg6ZeVfgqYjK7QJNdMASAKyo39JISPNU1Bj4Z8XCUcjQVKGhdq yw5+5srWEzdel0heuxuXmRmmLjB6Ih/bYScLpFpLlE0C76rxht8pPIxYBHtRDyIDp5wk 1P3w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=RfizRayP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l5-20020a056402344500b00525683f9b34si1019390edc.48.2023.08.14.01.35.49; Mon, 14 Aug 2023 01:36:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=RfizRayP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234355AbjHNHnz (ORCPT + 99 others); Mon, 14 Aug 2023 03:43:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34186 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234262AbjHNHnk (ORCPT ); Mon, 14 Aug 2023 03:43:40 -0400 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E43F7E4 for ; Mon, 14 Aug 2023 00:43:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1691999019; x=1723535019; h=subject:from:to:cc:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=15/ym61eprNFu/c45N9s1qgj9aCJOKnDqXwNGWTOn7k=; b=RfizRayPkp6kyL+ko4tnHpcmDC9r/u5HgyG+8L8Iu6b4mYymve247GGb 5uzX2utQRGhcfwLh/l2BWUuLZXF2JCUtoUFyEW62zAKV3OmfgxKFJhc5Y CeXMOsqi/8C+rAOa6XsIBBhPJ1KS80OYAMnSH9JadBGO1mUG96n0Lb4+G cLsYu6JY7ea7hy5JFCe6PDnU/E77h9yuOWFU7uB6gqt2dGKxWriYqTWst X495wW9pOUm6LE0LqO3owQj+Q2B7rGaqDBmCQ8+iFdbMWNVAOJyxkiagS Ivo/UeEkRihg3+R+5YUmrvOMVGVRIFMNsAIZ5lf75slE2fIfOw1/fe4VP w==; X-IronPort-AV: E=McAfee;i="6600,9927,10801"; a="438314768" X-IronPort-AV: E=Sophos;i="6.01,172,1684825200"; d="scan'208";a="438314768" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Aug 2023 00:43:39 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10801"; a="803372573" X-IronPort-AV: E=Sophos;i="6.01,172,1684825200"; d="scan'208";a="803372573" Received: from navanban-mobl.amr.corp.intel.com (HELO dwillia2-xfh.jf.intel.com) ([10.209.127.25]) by fmsmga004-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Aug 2023 00:43:38 -0700 Subject: [PATCH v2 5/5] virt: sevguest: Add TSM_REPORTS support for SNP_{GET, GET_EXT}_REPORT From: Dan Williams To: linux-coco@lists.linux.dev Cc: Borislav Petkov , Tom Lendacky , Dionna Glaze , Brijesh Singh , peterz@infradead.org, x86@kernel.org, linux-kernel@vger.kernel.org Date: Mon, 14 Aug 2023 00:43:38 -0700 Message-ID: <169199901829.1782217.16990408177897780160.stgit@dwillia2-xfh.jf.intel.com> In-Reply-To: <169199898909.1782217.10899362240465838600.stgit@dwillia2-xfh.jf.intel.com> References: <169199898909.1782217.10899362240465838600.stgit@dwillia2-xfh.jf.intel.com> User-Agent: StGit/0.18-3-g996c MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774192869456150675 X-GMAIL-MSGID: 1774192869456150675 The sevguest driver was a first mover in the confidential computing space. As a first mover that afforded some leeway to build the driver without concern for common infrastructure. Now that sevguest is no longer a singleton [1] the common operation of building and transmitting attestation report blobs can / should be made common. In this model the so called "TSM-provider" implementations can share a common envelope ABI even if the contents of that envelope remain vendor-specific. When / if the industry agrees on an attestation record format, that definition can also fit in the same ABI. In the meantime the kernel's maintenance burden is reduced and collaboration on the commons is increased. Convert sevguest to use CONFIG_TSM_REPORTS to retrieve the blobs that the SNP_{GET,GET_EXT}_REPORT ioctls produce. An example flow for retrieving the SNP_GET_REPORT blob via the TSM interface utility, assuming no nonce and VMPL==2: echo 2 > /sys/class/tsm/tsm0/privlevel dd if=/dev/urandom bs=64 count=1 | xxd -p -c 0 > /sys/class/tsm/tsm0/inhex hexdump -C /sys/class/tsm/tsm0/outblob ...while the SNP_GET_EXT_REPORT flow needs to additionally set the format to "extended": echo 2 > /sys/class/tsm/tsm0/privlevel echo extended > /sys/class/tsm/tsm0/format dd if=/dev/urandom bs=64 count=1 | xxd -p -c 0 > /sys/class/tsm/tsm0/inhex hexdump -C /sys/class/tsm/tsm0/outblob The old ioctls can be lazily deprecated, the main motivation of this effort is to stop the proliferation of new ioctls, and to increase cross-vendor colloboration. Note, only compile-tested. Link: http://lore.kernel.org/r/64961c3baf8ce_142af829436@dwillia2-xfh.jf.intel.com.notmuch [1] Cc: Borislav Petkov Cc: Tom Lendacky Cc: Dionna Glaze Cc: Brijesh Singh Signed-off-by: Dan Williams --- drivers/virt/coco/sev-guest/Kconfig | 1 drivers/virt/coco/sev-guest/sev-guest.c | 81 +++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+) diff --git a/drivers/virt/coco/sev-guest/Kconfig b/drivers/virt/coco/sev-guest/Kconfig index da2d7ca531f0..1cffc72c41cb 100644 --- a/drivers/virt/coco/sev-guest/Kconfig +++ b/drivers/virt/coco/sev-guest/Kconfig @@ -5,6 +5,7 @@ config SEV_GUEST select CRYPTO select CRYPTO_AEAD2 select CRYPTO_GCM + select TSM_REPORTS help SEV-SNP firmware provides the guest a mechanism to communicate with the PSP without risk from a malicious hypervisor who wishes to read, diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index f48c4764a7a2..5941081502e8 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -769,6 +770,78 @@ static u8 *get_vmpck(int id, struct snp_secrets_page_layout *layout, u32 **seqno return key; } +static u8 *sev_report_new(struct device *dev, const struct tsm_desc *desc, + size_t *outblob_len) +{ + struct snp_guest_dev *snp_dev = dev_get_drvdata(dev); + const int report_size = SZ_16K; + const int ext_size = SZ_16K; + int ret, size; + + if (desc->inblob_len != 64) + return ERR_PTR(-EINVAL); + + if (desc->outblob_format == TSM_FORMAT_EXTENDED) + size = report_size + ext_size; + else + size = report_size; + + u8 *buf __free(kvfree) = kvzalloc(size, GFP_KERNEL); + + if (desc->outblob_format == TSM_FORMAT_EXTENDED) { + struct snp_ext_report_req ext_req = { + .data = { .vmpl = desc->privlevel }, + .certs_address = (__u64)buf + report_size, + .certs_len = ext_size, + }; + memcpy(&ext_req.data.user_data, desc->inblob, desc->inblob_len); + + struct snp_guest_request_ioctl input = { + .msg_version = 1, + .req_data = (__u64)&ext_req, + .resp_data = (__u64)buf, + }; + + ret = get_ext_report(snp_dev, &input, SNP_KARG); + } else { + struct snp_report_req req = { + .vmpl = desc->privlevel, + }; + memcpy(&req.user_data, desc->inblob, desc->inblob_len); + + struct snp_guest_request_ioctl input = { + .msg_version = 1, + .req_data = (__u64) &req, + .resp_data = (__u64) buf, + }; + + ret = get_report(snp_dev, &input, SNP_KARG); + } + + if (ret) + return ERR_PTR(ret); + + *outblob_len = size; + no_free_ptr(buf); + return buf; +} + +static const struct tsm_ops sev_tsm_ops = { + .name = KBUILD_MODNAME, + .report_new = sev_report_new, +}; + +static const struct attribute_group *sev_tsm_attribute_groups[] = { + &tsm_default_attribute_group, + &tsm_extra_attribute_group, + NULL, +}; + +static void unregister_sev_tsm(void *data) +{ + unregister_tsm(&sev_tsm_ops); +} + static int __init sev_guest_probe(struct platform_device *pdev) { struct snp_secrets_page_layout *layout; @@ -842,6 +915,14 @@ static int __init sev_guest_probe(struct platform_device *pdev) snp_dev->input.resp_gpa = __pa(snp_dev->response); snp_dev->input.data_gpa = __pa(snp_dev->certs_data); + ret = register_tsm(&sev_tsm_ops, &pdev->dev, sev_tsm_attribute_groups); + if (ret) + goto e_free_cert_data; + + ret = devm_add_action_or_reset(&pdev->dev, unregister_sev_tsm, NULL); + if (ret) + goto e_free_cert_data; + ret = misc_register(misc); if (ret) goto e_free_cert_data;