Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp774392pxb; Fri, 22 Apr 2022 10:52:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyBf1ZtPiXQZsde8zTlOGBqJExg/s1b3N/CCncxqNS/O6VWtGNM3jVLp4i5yhalUrAyvaxR X-Received: by 2002:aa7:9986:0:b0:50a:c432:7ae3 with SMTP id k6-20020aa79986000000b0050ac4327ae3mr6002130pfh.42.1650649954504; Fri, 22 Apr 2022 10:52:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650649954; cv=none; d=google.com; s=arc-20160816; b=zD0chs2KokXckk6YfYruBS6ZrGa3i7lzbIgvFtmnBlj9KTaqT3Liv5aHZfICQJcfAj aa1YfB6tQxW1pdpedY6iwafMuA/Tw/mCl/PdEIRLpg9at3ooiT67HamaDIU+YOamsmsD tExRHYFf+XnbcjnbD3hPDwGQ3DgtCnf9FfdcMaudDCnzMRU3i+mlfn9zJICTzZ7qFIkl zOwhoyz7dMxbXQV3PcHgcE3bOB1XplbcWZM30eU5tgcp6+ejhwM7TsS4O9acz1vsyKmE ljFFZqbfTRSJecVfyQ5zS5lAN0NoyRYFrBryHpwd87xJee3T7azdU0fnW91hSw9p9bYB XFGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=R3e9d+daTblmiXo7PbOqipfZyD/EOOBJfdlCauxk0Xk=; b=wD3TKTZH3HwQsuzINGUpYjmiv/qjb6Xb950k/aq8d6kHwcTgNcQnYZdhCQyFUOc2TF dgAtbTH738mvOT406k02h6c0O236cjXXHy/E8aEiFYGJIxYMj/diMdWEtdTIYBDMZ5vb ug8z4H6PwxhyPPonyuD0jyK6zfKzgjX5x6E/GcvwmVZ8a+JKV5sB0NcjkLf3CtGliBiy LR3n2iaJwM7H52kH0zmz40l9hhJckqHEwPvYdFnilH1nkH7mkoU10PeG6G3YLxhJzB/o yVH/35LAsrDd2f5qpFTzclbF+5RmvBO1Ti03SmZiII3rl7PX4/EMLDJEyUvzJgjhw4rA jyAA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=fFZNqZfk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id d2-20020a63f242000000b003aac73560ecsi2288250pgk.274.2022.04.22.10.52.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Apr 2022 10:52:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=fFZNqZfk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 10A94D5EAA; Fri, 22 Apr 2022 10:36:13 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1383151AbiDTXVi (ORCPT + 99 others); Wed, 20 Apr 2022 19:21:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58378 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243760AbiDTXVh (ORCPT ); Wed, 20 Apr 2022 19:21:37 -0400 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 94D8818B2D; Wed, 20 Apr 2022 16:18:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1650496729; x=1682032729; h=message-id:subject:from:to:cc:date:in-reply-to: references:mime-version:content-transfer-encoding; bh=wDzQY2+PCspZFvBhtBaNeIPM6Iwdxd0YJ8CLxltVuzA=; b=fFZNqZfk+NsUoRijVa5sl/EeTlplpiaH4AfnkT9+EM55oktdNEdYkeD4 i9HHnpzMRhaHYhncJn5dP0YHw4EZr8n572S3X5EAecnYTnW+jXlujtu6o 1645ZgoLzhtyOV/imoUVF0Lyo8bXOq7nOMawquVN/7OdQlrGrOrCeEOtV BmiZ/hcxhsSn52ok+wg/Orcja7+nqGHkBtAuZ5K2qXRC6ZPX7ey2nJgNA NPpBGF2HKh/S9+fhFu+3ha/0zYJVLdwwd0e1TdgNdElMTlMMt369ha0wm l/w1Zp3PpodxcZGgpjEjsFWLwKNiGHU59Da+8c5O6C/0QN/HHWwmqQcij g==; X-IronPort-AV: E=McAfee;i="6400,9594,10323"; a="327073935" X-IronPort-AV: E=Sophos;i="5.90,277,1643702400"; d="scan'208";a="327073935" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Apr 2022 16:18:49 -0700 X-IronPort-AV: E=Sophos;i="5.90,277,1643702400"; d="scan'208";a="669300098" Received: from ssharm9-mobl.amr.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.254.30.148]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Apr 2022 16:18:46 -0700 Message-ID: Subject: Re: [PATCH v3 4/4] platform/x86: intel_tdx_attest: Add TDX Guest attestation interface driver From: Kai Huang To: Kuppuswamy Sathyanarayanan , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, Hans de Goede , Mark Gross Cc: "H . Peter Anvin" , "Kirill A . Shutemov" , Tony Luck , Andi Kleen , linux-kernel@vger.kernel.org, platform-driver-x86@vger.kernel.org Date: Thu, 21 Apr 2022 11:18:43 +1200 In-Reply-To: <20220415220109.282834-5-sathyanarayanan.kuppuswamy@linux.intel.com> References: <20220415220109.282834-1-sathyanarayanan.kuppuswamy@linux.intel.com> <20220415220109.282834-5-sathyanarayanan.kuppuswamy@linux.intel.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.4 (3.42.4-1.fc35) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2022-04-15 at 15:01 -0700, Kuppuswamy Sathyanarayanan wrote: > TDX guest supports encrypted disk as root or secondary drives. > Decryption keys required to access such drives are usually maintained > by 3rd party key servers. Attestation is required by 3rd party key > servers to get the key for an encrypted disk volume, or possibly other > encrypted services. Attestation is used to prove to the key server that > the TD guest is running in a valid TD and the kernel and virtual BIOS > and other environment are secure. > > During the boot process various components before the kernel accumulate > hashes in the TDX module, which can then combined into a report. This > would typically include a hash of the bios, bios configuration, boot > loader, command line, kernel, initrd. After checking the hashes the > key server will securely release the keys. > > The actual details of the attestation protocol depend on the particular > key server configuration, but some parts are common and need to > communicate with the TDX module. As we discussed "key provisioning from key server to support disk decryption" is only one use case of attestation, so I don't think you need 3 paragraphs to talk about details of this use case here. The attestation flow is documented in GHCI so it's clear. The attestation flow (and what this patch does) does not have any direct relation to the "disk decryption" details above. I think you can discard above entirely or using one or two simple sentences to explain. Also, as you agreed you will remove the 8K shared memory assumption: https://lore.kernel.org/lkml/20220415220109.282834-5-sathyanarayanan.kuppuswamy@linux.intel.com/T/ and if you agree with my approach (again, I recommend) to split the driver to two parts (reorganize your patches essentially): https://lore.kernel.org/lkml/20220415220109.282834-5-sathyanarayanan.kuppuswamy@linux.intel.com/T/#m9e3c5115df0be0b53d41f987e1eda1715255d1d8 I'll review again once you finish updating the driver. Btw some minor comments below. [...] > --- /dev/null > +++ b/drivers/platform/x86/intel/tdx/intel_tdx_attest.c Perhaps attest.c is enough, no matter where the file will reside. > @@ -0,0 +1,302 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* > + * intel_tdx_attest.c - TDX guest attestation interface driver. > + * > + * Implements user interface to trigger attestation process and > + * read the TD Quote result. > + * > + * Copyright (C) 2021-2022 Intel Corporation For upstream I guess just need 2022. [...] > +struct attest_dev { > + /* Mutex to serialize attestation requests */ > + struct mutex lock; I think we need a comment to explain why the driver doesn't support multiple GetQuote requests in parallel. In fact the updated GHCI spec doesn't explicitly say GetQuote cannot be done in parallel. It has a new "GET_QUOTE_IN_FLIGHT" flag introduced, which can be used to determine which Quote is finished I think. I am fine with only supporting GetQuote in serialized way, but perhaps we need to call out the reason somewhere. [...] > + > + /* Allocate DMA buffer to get TDQUOTE data from the VMM */ > + adev->tdquote_buf = dma_alloc_coherent(dev, GET_QUOTE_MAX_SIZE, > + &adev->handle, > + GFP_KERNEL | __GFP_ZERO); > + if (!adev->tdquote_buf) { > + ret = -ENOMEM; > + goto failed; > + } The buffer needs to be shared. Guest must have called MapGPA to convert the buffer to shared. Is this guaranteed by calling dma_alloc_coherent(), since seems I didn't see any MapGPA in the driver? Anyway this deserves a comment I think. -- Thanks, -Kai