Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp4585572pxb; Tue, 22 Feb 2022 01:54:07 -0800 (PST) X-Google-Smtp-Source: ABdhPJz9FnrWR+sN/b2/O0rOQD/+dj7P4Z8okzxSwAlb5xw3oSkEKPAe/vqOPYy50MN2RbKFa2Cw X-Received: by 2002:a17:902:ccc6:b0:14f:88e6:8040 with SMTP id z6-20020a170902ccc600b0014f88e68040mr14632644ple.13.1645523646972; Tue, 22 Feb 2022 01:54:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645523646; cv=none; d=google.com; s=arc-20160816; b=YmxW49qI6ZiQSuOtbxpgpc4u1kAsoRwfOWqI/o2ZdOYpceTYJDB9dkohjSap5KQPGt iZseoLMs6pwIHjkJBPV/mBK6aXP2ZXIUqq6EikHg4fe3wq0OMK9klENNFYTDtZiWevrE XIoBETXcmJtmqTZqPBqRo7lL/21bXVPEv8QXHoUapDfchwiJIQ9njzN7vn/dHGb6/A/d nJwCls6vRNAForLw79oWRCQaDp7+tAFHgcvshHDO3KVryl+8Zr4rpYCFvcSJ3sYiLykC NhxCfOPM9gmxc4+8GE+HqgArfdisr1iWXD3uZ/IFfl2hJW9mEoZzlTYNJfkvV3TjiCJp to1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=L1BfhqR1efgNh+N8hS/7asTHOh4Qz86TRPQirpqXBKo=; b=Cmwk206qmOMBVFgCLFc0yj6YmL5Vo9DYDfiHB3tGUrcV2CRkBV1NDrkZ/3FZu6d8R2 n+2XJkuCqhWQTP3R52zBqiZ2UU8NonsP0W3CYGe84tS+ZCmN7MmPDlC8InPQSRF4A8WH TikZkRwrrC9+G3SPVSJ6ZE3g45+eCrmEe8sa4bN+OAlqO2IXFGvoQMEGX+4FUYDN/D8D borKBSskG+h2BBKxfnBl41pRnHYBAPQws4JYl89+00IEfB0dRjfjJ8Llk6G755+v5cfb TLQrU8X2Imn5PWWmjnxITkj0qFZzzT/+rhmnUiDxEU7Wfq8GXg7j1UbTLfg1NvH/wDZA mexQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s2si1388234plp.316.2022.02.22.01.53.53; Tue, 22 Feb 2022 01:54:06 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230155AbiBVJbb (ORCPT + 99 others); Tue, 22 Feb 2022 04:31:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46774 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229509AbiBVJba (ORCPT ); Tue, 22 Feb 2022 04:31:30 -0500 Received: from jabberwock.ucw.cz (jabberwock.ucw.cz [46.255.230.98]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3721C15721C; Tue, 22 Feb 2022 01:31:04 -0800 (PST) Received: by jabberwock.ucw.cz (Postfix, from userid 1017) id 58E191C0B8D; Tue, 22 Feb 2022 10:31:02 +0100 (CET) Date: Tue, 22 Feb 2022 10:31:01 +0100 From: Pavel Machek To: Jonathan McDowell Cc: "greg@kroah.com" , Dmitrii Okunev , "qiaowei.ren@intel.com" , "mjg59@srcf.ucam.org" , "xiaoyan.zhang@intel.com" , "linux-kernel@vger.kernel.org" , "gang.wei@intel.com" , "platform-driver-x86@vger.kernel.org" Subject: Re: [discuss] Improve and merge a driver proposed in 2013: sysfs interfaces to access TXT config space Message-ID: <20220222093101.GA23654@amd> References: <1368465884-14779-1-git-send-email-qiaowei.ren@intel.com> <1368465884-14779-3-git-send-email-qiaowei.ren@intel.com> <20130516160311.GA12299@amd.pavel.ucw.cz> <4febd50da7e5007a2797e0f4c969fa5edd0bf725.camel@fb.com> <20220217123753.GA21849@duo.ucw.cz> <0cf678e0b01bf421f3db6693a15ac4060501a80a.camel@fb.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="k1lZvvs/B4yU6o8G" Content-Disposition: inline In-Reply-To: <0cf678e0b01bf421f3db6693a15ac4060501a80a.camel@fb.com> User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_NEUTRAL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --k1lZvvs/B4yU6o8G Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri 2022-02-18 18:05:47, Jonathan McDowell wrote: > On Thu, 2022-02-17 at 13:37 +0100, Pavel Machek wrote: > > On Thu 2022-02-17 13:34:40, greg@kroah.com=A0wrote: > > > On Thu, Feb 17, 2022 at 11:47:21AM +0000, Dmitrii Okunev wrote: > > > > Hello! > > > >=20 > > > > As far as I see the patch wasn't merged. And I see that this is > > > > the only unsolved thread in the discussion: > > > >=20 > > > > On Thu, 2013-05-16 at 18:03 +0200, Pavel Machek wrote: > > > > > On Tue 2013-05-14 01:24:43, Qiaowei Ren wrote: > > > > > > These interfaces are located in > > > > > > /sys/devices/platform/intel_txt/config, > > > > > > and including totally 37 files, providing access to Intel TXT > > > > > > configuration registers. > > > > >=20 > > > > > This looks like very wrong interface... equivalent of /dev/mem. > > > >=20 > > > > As an active user of these registers I hope it will be merged, so > > > > I would like to improve this patch (or rewrite it from scratch) > > > > to make that happen. Otherwise one have to do hackery around > > > > `/dev/mem`, which also creates problems with proper access > > > > control. > > > >=20 > > > > To be able to improve the patch, could somebody clarify why > > > > exactly this is a "very wrong interface"? > > > >=20 > > > > > > +What:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0/sys/devices/platform/intel= _txt/config/STS_ra > > > > > > w > > > > > > +Date:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0May 2013 > > > > > > +KernelVersion:=A03.9 > > > > > > +Contact:=A0=A0=A0=A0=A0=A0=A0"Qiaowei Ren" > > > > > > +Description:=A0=A0=A0TXT.STS is the general status register. T= his > > > > > > read- > > > > > > only register > > > > > > +=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0is used by AC mod= ules and the MLE to get the > > > > > > status > > > > > > of various > > > > > > +=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0Intel TXT feature= s. > > > > >=20 > > > > > This is not enough to allow people to understand what this > > > > > does/should do, nor does it allow (for example) ARM people to > > > > > implement something compatible. > > > > >=20 > > > > > Is there specific reason why "better" interface is impossible? > > > >=20 > > > > I would love to reuse Intel's public documentation [1] to provide > > > > a proper description (with bit layout of the value). > > > >=20 > > > > [1] https://cdrdv2.intel.com/v1/dl/getContent/315168 > > > >=20 > > > > > [...], nor does it allow (for example) ARM people to > > > > > implement something compatible. > > > >=20 > > > > Do I understand correctly that a proper documentation of the > > > > registers solves the problem? > > > >=20 > > > > > Is there specific reason why "better" interface is impossible? > > > >=20 > > > > What are specific problems with the current interface? > > >=20 > > > What do you mean by "current" here?=A0 You are referring to an email > > > from 2013, 9 years ago. > > >=20 > > > If you want to propose the change again, correctly update the patch > > > and submit it that way. > >=20 > > I don't believe taking hardware registers and exposing them 1-to-1 in > > sysfs is the way to go. > >=20 > > We would like same /sys interface on different hardware, and simply > > exposing Intel's registers in /sys will not do the job. >=20 > So, for our particular use case what we want to be able to see is the > status of the TXT device, so when attestation fails it's possible to > diagnose where that might have happened. At a minimum=A0details from the > status register are folded into the first measurement, and the error > register can provide valuable insight as to what the TXT device thinks > failed. >=20 > At present these details are retrieved from /dev/mem, but this is less > than ideal and prevents the use of, say, kernel lockdown. As a result > we'd like to export the appropriate details via sysfs. These are likely > to be extremely security block implementation specific, so I'm not > clear that a generic agnostic interface is appropriate to retrieve > these details. > Do you have the same objection to a read only set of information > (rather than the full control offered by the initial submission)? Might be a job for debugfs? Pavel --=20 DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany --k1lZvvs/B4yU6o8G Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAmIUrVUACgkQMOfwapXb+vKgrQCghttXJ7nTqOcDXJPclG6dbVcv hJsAoJGS6x8u/CYDqk2yNOu2JrH38ell =zuhO -----END PGP SIGNATURE----- --k1lZvvs/B4yU6o8G--