Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp392395pxp; Wed, 9 Mar 2022 05:13:46 -0800 (PST) X-Google-Smtp-Source: ABdhPJzR5C8sVilemhkYfQavU1ByMhjLuj3dSe49Tn4lu611Zqj8zBjdRGUzAb6aoL0YrczI+oDf X-Received: by 2002:a63:1113:0:b0:378:deae:5840 with SMTP id g19-20020a631113000000b00378deae5840mr18342050pgl.87.1646831626117; Wed, 09 Mar 2022 05:13:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646831626; cv=none; d=google.com; s=arc-20160816; b=NXoukRnYPIkHX4dA+D6FK0Tce+AJKhx/f/KFFPv/ol8yuOVnYJLMYzuAKdrDYViLAQ uLKbl39v8FIzwFDaucW68HHYL5Dg35g9E8X1NFt0GzgFqEEkWTm12C0fMCgNkw1qVu1e DnkuY0ZuAH5i3OnYoMsKRYnMwnWVrLRTkczXRCkk/54ih/4XHUHNouDHbvKFO9l+jzMC IYNlp7qzpLJB+1bNT+pO/n9U73pOHK8wTsedvFoSrvN8qRK4V7M/k9hm8YGmLEezxayK O9FjAgDefjYjbWSQNF192K4UU1Bw89yoKF6lls/DkBtAKqf8KoTjhwwz812stXntcd4P kORA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=Ddaj2+AFdW4b1ks9mMphyqDfIJEuxut4bAoSG3IAbEI=; b=lONYGuYJ1B0VOTo3Fr9EPCaVUIk3irWHGCogu+V6gRk53DvBRawyIahfHUCKZ3WN67 frqkaO14JHwGqAuyMAU+uv3oYrTK3OOWUvkAfS6N9Ss/AIvoHZu9smZb9HLwymCYsesv uhAhNPYnM9l5YQm7Qr3HVRxmQ8HhOmrr0dhF3fCDA0LMFh2x4ghDU6lehX8Km9RTlIBB z0TpzYhk5UL/XWAV4kEy1/JeMA5+cbIFz6x6yx+ZUM0QUzshVZFTRit8Q7+r4m0yj2b1 cbxGLrYwkCFPQMK5/og5GbQrBnbR4uboibw/EEWHdUw6Lv0aGxw40GAiwKl0hO/WQ4gR txog== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="NUvYH/HY"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ck20-20020a17090afe1400b001bd14e01fb8si2019901pjb.166.2022.03.09.05.13.21; Wed, 09 Mar 2022 05:13:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="NUvYH/HY"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232123AbiCILac (ORCPT + 99 others); Wed, 9 Mar 2022 06:30:32 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35652 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229781AbiCILab (ORCPT ); Wed, 9 Mar 2022 06:30:31 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EE19014F9A4; Wed, 9 Mar 2022 03:29:32 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 85A056184D; Wed, 9 Mar 2022 11:29:32 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7ABE0C340E8; Wed, 9 Mar 2022 11:29:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1646825371; bh=SWRdyuVCX6hHG1fEUCipTuHQCziNyV1s3WMn+Evywsw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=NUvYH/HYg1pQfTa9teY3vZCnT5G4HJBKD6HR/tJamCUkuUHPIDojeTUnbaw/vxFwa cn9762HspFQ15RgVBt+qHo2PtLQrXOWyCF7LqI8cXJZ6mO9iIvXDTEPaTsp2IeALTQ xQxLmJBJFEgMAPV7orOHJzotym+LXdRhL/xKLLr8= Date: Wed, 9 Mar 2022 12:29:27 +0100 From: Greg KH To: Jonathan McDowell Cc: Dmitrii Okunev , Hans de Goede , Mark Gross , Qiaowei Ren , Matthew Garrett , Xiaoyan Zhang , Pavel Machek , "x86@kernel.org" , "linux-kernel@vger.kernel.org" , "platform-driver-x86@vger.kernel.org" Subject: Re: [RFC PATCH] platform/x86: Add sysfs interface for Intel TXT status Message-ID: References: <1368465884-14779-3-git-send-email-qiaowei.ren@intel.com> <20130516160311.GA12299@amd.pavel.ucw.cz> <4febd50da7e5007a2797e0f4c969fa5edd0bf725.camel@fb.com> <20220217123753.GA21849@duo.ucw.cz> <0cf678e0b01bf421f3db6693a15ac4060501a80a.camel@fb.com> <20220222093101.GA23654@amd> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Mar 09, 2022 at 10:58:17AM +0000, Jonathan McDowell wrote: > On Wed, Mar 09, 2022 at 11:48:23AM +0100, Greg KH wrote: > > On Wed, Mar 09, 2022 at 10:40:03AM +0000, Jonathan McDowell wrote: > > > (This is an RFC to see if the approach is generally acceptable; unlike > > > the previous driver this exposes the information purely as read-only > > > status information, so userspace can make an informed decision about the > > > system state without having to poke about in /dev/mem. There are still a > > > few extra registers I'm trying to dig up information for before a proper > > > submission.) > > > > > > This module provides read-only access to the Intel TXT (Trusted > > > Execution Technology) status registers, allowing userspace to determine > > > the status of measured boot and whether the dynamic root of trust for > > > measurement (DRTM) has been fully enabled. > > > > > > Tools such as txt-stat from tboot > > > can make use of this driver to > > > display state rather than relying on access to /dev/mem. > > > > > > See Documentation/x86/intel_txt.rst for more information about Intel > > > TXT. > > > > > > Signed-off-by: Jonathan McDowell > > > --- > > > arch/x86/include/asm/txt.h | 34 +++++ > > > drivers/platform/x86/intel/Kconfig | 14 ++ > > > drivers/platform/x86/intel/Makefile | 2 + > > > drivers/platform/x86/intel/txt_sysfs.c | 185 +++++++++++++++++++++++++ > > > > No Documentation/ABI/ entry for your new sysfs entry? How can we > > evaluate if this is a good api then? > > As a read-only export of configuration registers is a full set of info > in Documentation/ABI/ required? I didn't get a feel for how required > that was from the existing files there. For all sysfs entries, yes, it is required. Run the scripts/get_abi.pl tool as proof :) > > Wait, I don't see any sysfs code in here, are you sure you sent a viable > > patch? > > The export to sysfs is via securityfs, as that seemed to be the > appropriate route (it fits into a similar area as > /sys/kernel/security/integrity/ima/ or /sys/kernel/security/tpm0/, > providing userspace with some visibility of what the kernel thinks the > state is). Then this is securityfs, NOT sysfs. securityfs just happens to be mounted at that location. You could mount it anywhere else as well. Please fix up the terminology here, it is very confusing and has nothing to do with sysfs at all. thanks, greg k-h