Received: by 2002:ac0:e34a:0:0:0:0:0 with SMTP id g10csp250386imn; Mon, 25 Jul 2022 15:29:17 -0700 (PDT) X-Google-Smtp-Source: AGRyM1vlhLh11hcJNli/v+YUwx0Km5Xm0mZYK71yCII+cnoXXtn3qnWbPwc3Hp4rU0bitCdctdVk X-Received: by 2002:aa7:9ae3:0:b0:528:d881:9ff with SMTP id y3-20020aa79ae3000000b00528d88109ffmr14947588pfp.66.1658788156856; Mon, 25 Jul 2022 15:29:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658788156; cv=none; d=google.com; s=arc-20160816; b=nBbYFHjAmAbR7ugsUO7FKAR18on9nwONac48MyRNlREXBt0forRaozDJ+EjdUM73kB gEk+BMFmMNQ9psqHhEmhZQlTQR9+rN63es/Nq1hFPOTyyTEY/ChVW5cWo36iWk4NoQ/a SMXbdUNkUpk8vh6x0j8cBRbMZNywiaSO+4zcI2Dq/nBJd3DnlBxDHBGSAgs8wv5EL5Gd xrCn1iCCX8Bnh1bqlmhhVZwlWaOVLz8L8Qhh1w6iFamk7h5+1h7jg8djB8Wmwib13L+T RzyCiMfq9CRL75/3DenuluANMaScm4TuwF3ESEZlzazw7mVMcjzB1KEEzASeocJ/hudZ WndA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=+OnCLq0wo5vI1Nhd07MphE9v0eiRkhIZYA9MFJiZ5A8=; b=KRvVX5tpTWZmwQp2KcKbYetR8LA3KhUYloDmsI0yQaSxaMVNbcL8WPaJ4SXWL0HruK vkh9rurPMtZqrFs/W4DUDH9a8JSGKY/2iaD7Yx8vFgEEMGrblzwc0n09HsFmS6gxEPb5 WzZnK+gcbQ3K4eB34PzDKxkT+woBAnczwhnLiCaKaIrv1ICaJDwiQQ9MuBfTqIKI4p+C lfBKpJdsl+sHZEk57QAY1dXUu4ogHvPpvxoiM8n0roW+l1D3GbDhrFMeITq42MVmVGGn YIbJ8/IrE4R3mmHt4LHlfNg0mDsHoLtBBWM4R4hoj6c3V9MLT282m4yEZS5lk+iSY9eg rpyw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=GOHiAlfE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f4-20020a170902ce8400b0016d7993bb90si4826709plg.519.2022.07.25.15.29.01; Mon, 25 Jul 2022 15:29:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=GOHiAlfE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235876AbiGYWGk (ORCPT + 99 others); Mon, 25 Jul 2022 18:06:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49630 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236113AbiGYWGh (ORCPT ); Mon, 25 Jul 2022 18:06:37 -0400 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 275A1BC9F for ; Mon, 25 Jul 2022 15:06:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1658786797; x=1690322797; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=mtQex+tF3nqMKIaJPEdmeV6cujGPvYgLpkJZmv0xAV4=; b=GOHiAlfEwhDyJumtJbdMVvr2FRXnNOiH/8jK3K9WJLCmvmitAMXjtOyz nUFvATI1FL9MicBntAVnyiDz6sD5nWbKyC+TaBSzBqIhlTVRbZlmNLHlX qxRSqS0mBStgu7Mgoy/875Jq970VgcqnNG9W2lS4y3XFgwXZyGbep0o8O 6gIxH6QUI/H5GIfIjk8caQOZl6Aam5NzEbZgkruQxNEYNHI4pmysefYOJ 1Hz0sI9gEbtBhSHMctp9Du7nm3ecClCscypIWBh0PhqiOOrKv8aQyBwp0 HIicK+MbXfBCOGcMO7v2bjNtGCJVIs34uX10RsPdRSaTZ9OTJymh3Tdfl A==; X-IronPort-AV: E=McAfee;i="6400,9594,10419"; a="274671141" X-IronPort-AV: E=Sophos;i="5.93,193,1654585200"; d="scan'208";a="274671141" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jul 2022 15:06:35 -0700 X-IronPort-AV: E=Sophos;i="5.93,193,1654585200"; d="scan'208";a="575231955" Received: from mgarner-mobl.amr.corp.intel.com (HELO [10.209.39.177]) ([10.209.39.177]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jul 2022 15:06:35 -0700 Message-ID: <56e1c722-1378-c59c-73f9-de79b7afce60@linux.intel.com> Date: Mon, 25 Jul 2022 15:06:34 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Thunderbird/91.11.0 Subject: Re: [PATCH v8 5/5] x86/tdx: Add Quote generation support Content-Language: en-US To: "Nakajima, Jun" , "Hansen, Dave" Cc: Isaku Yamahata , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "x86@kernel.org" , "H . Peter Anvin" , "Kirill A . Shutemov" , "Luck, Tony" , Andi Kleen , "Huang, Kai" , Wander Lairson Costa , "marcelo.cerri@canonical.com" , "tim.gardner@canonical.com" , "khalid.elmously@canonical.com" , "Cox, Philip" , "linux-kernel@vger.kernel.org" References: <20220609025220.2615197-1-sathyanarayanan.kuppuswamy@linux.intel.com> <20220609025220.2615197-6-sathyanarayanan.kuppuswamy@linux.intel.com> <403cfccb-7fff-ab0b-8ebd-e5b04e631571@intel.com> <20220722190524.GA3299911@ls.amr.corp.intel.com> <18578c5a-7a35-ab20-467c-80141b0410a8@intel.com> <4B48A192-8305-4E94-AA0C-10FCE23F424D@intel.com> <7c09d15b-40bc-c6a0-3282-a94e9d9c36be@intel.com> <1A54F61B-DAD8-45E1-BBB4-42338D9B0917@intel.com> From: Sathyanarayanan Kuppuswamy In-Reply-To: <1A54F61B-DAD8-45E1-BBB4-42338D9B0917@intel.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Jun, On 7/25/22 2:56 PM, Nakajima, Jun wrote: > >> On Jul 25, 2022, at 1:23 PM, Hansen, Dave wrote: >> >> On 7/25/22 13:19, Nakajima, Jun wrote: >>> 3. Need to be available in minimal/early runtime environments, >>> including pre-boot, e.g. guest BIOS, no user-space yet. >> >> Jun, are we talking about the same thing here? This patch is for a >> guest userspace -> guest kernel ABI. This facility is *FOR* userspace. >> It can't possibly be used before userspace is running. >> >> I'm horribly confused. > > I responded to one of Sathya’s questions, especially why we have the GetQuote in GHCI. > And the hypervisor needs to implement that anyway because it doesn’t matter (or doesn’t know) whether the TD guest is running in BIOS, the kernel, or userspace. Of course, the facility in this patch is for userspace, but we don’t want to suggest to implement two different GetQuote code paths for guests, depending on the guest state, e.g. in the OS (kernel or userspace) or guest BIOS. Ok. Since both host and QE need to support GetQuote hypercall to handle attestation request from the BIOS, QE/host may want to use the same communication model for requests from the guest user space as well. > > --- > Jun > > > > -- Sathyanarayanan Kuppuswamy Linux Kernel Developer