Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp878735rwe; Wed, 24 Aug 2022 10:28:12 -0700 (PDT) X-Google-Smtp-Source: AA6agR4WDYEQ1Lgj+E8gTlSiO27xTz/jJprOy+STpnXCyu4PZ7sPKqaSKDdfhqszR8pf2N3AFFc7 X-Received: by 2002:a17:902:d2c5:b0:172:8d5f:bf01 with SMTP id n5-20020a170902d2c500b001728d5fbf01mr29740174plc.119.1661362092344; Wed, 24 Aug 2022 10:28:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661362092; cv=none; d=google.com; s=arc-20160816; b=SFQ5KOeOyt6nPzcUd/5tT51Vm5lOYH45l4uKkKpb7HYmbdGH7IF+ALn0zCz4XhQ7p+ sfF9qSv9mfha1yZuVTfAltSZwnuJrfA+wOXCmIP2WnBlJnugXFzjdu9E0nu4bh1fdb9q t0Jxsx6F696M5Jm17piyZRx9X44/v5GfmgLcXEM1IppvU9aKa4pNIxhEkvoqPRwg/2nu z+Qr/YKGztg614qQgSV5x7jyZ2feBAzxPdGhjh8pZSQRLFxmbj4Q9Fl4Sfzy4xRdN9WA lnKoeHwiLOvrbLVihuI4k7RlY17S8qx9CC2jJrEE2E+2EPvwa5X0N5pLB1mIM76e3fjF 5kAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=uGkGQRvpWdC5b+qAsVTNWX4lG8tnFLromneBNpYOMJ4=; b=j4md/TBYMjYLdaEW/ea6YP0aTOxQZIlEcFBsCmrBOTYuVavBRrAIAjXdPro0PqPLqv JiVDBp19lk+s/3xguGssRH24iM34oAnZH58ItyTcCuOhq1mMI1NZrtr2xgMa09yWfOHp rSH4WabDi+G7jj9iYGHedDOdiVTdd72zuBfXmHUCrb9anHCS4HLG2Ppj8rz6ZTZBqrmm yZlEKU+wgsIHWFuKWdIip3twD0TyKQLvzubuY/ORI3Xt8ExqwbFfz0vBlRwzd1thHfcS DM8MfcDiVAx/HwjTKpu06uND1Saw/1PviGYF+8YJ3gQrwfqNoyTQehgeyQr989vwVySG PDnA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=qWNv6vnK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o3-20020a63fb03000000b0041d7e887487si4297235pgh.695.2022.08.24.10.28.01; Wed, 24 Aug 2022 10:28:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=qWNv6vnK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238311AbiHXRKf (ORCPT + 99 others); Wed, 24 Aug 2022 13:10:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41734 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238177AbiHXRKV (ORCPT ); Wed, 24 Aug 2022 13:10:21 -0400 Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 399A76EF02 for ; Wed, 24 Aug 2022 10:10:19 -0700 (PDT) Received: from zn.tnic (p200300ea971b9859329c23fffea6a903.dip0.t-ipconnect.de [IPv6:2003:ea:971b:9859:329c:23ff:fea6:a903]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 713C21EC0589; Wed, 24 Aug 2022 19:10:14 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1661361014; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=uGkGQRvpWdC5b+qAsVTNWX4lG8tnFLromneBNpYOMJ4=; b=qWNv6vnKZ0BLkAcUWnMCnUvorYsKGcpsuMn8NZwvulUrKCBM06PbQgYUlPxBjEEBtQeJxT XjizTj8L+ZRsZTvQPOlIPtexL/UUjNk7ZBZxBBQalr8waU9QsrQ0syyDbDTXl16GkVo8gK 63m8nsy6haLaYKKeT+sfpOL2O1fk5Qs= Date: Wed, 24 Aug 2022 19:10:10 +0200 From: Borislav Petkov To: Kuppuswamy Sathyanarayanan Cc: Thomas Gleixner , Ingo Molnar , Dave Hansen , x86@kernel.org, "H . Peter Anvin" , "Kirill A . Shutemov" , Tony Luck , Andi Kleen , Kai Huang , Wander Lairson Costa , Isaku Yamahata , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH v10 1/2] x86/tdx: Add TDX Guest attestation interface driver Message-ID: References: <20220804003323.1441376-1-sathyanarayanan.kuppuswamy@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20220804003323.1441376-1-sathyanarayanan.kuppuswamy@linux.intel.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 03, 2022 at 05:33:22PM -0700, Kuppuswamy Sathyanarayanan wrote: > In TDX guest, attestation is used to verify the trustworthiness of a TD > to other entities before provisioning secrets to the TD. Such attestation > process is required by 3rd party servers before sending sensitive > information to TD guests. One usage example is to get encryption keys > from the key server for mounting the encrypted rootfs or secondary drive. Just a reminder to fix this up wrt TDX and TD. I know Intel documentation wants to talk about trust domains and the guest being one but then if you wanna formulate it that way, you need to define the nomenclature you're using and then stick with it. Otherwise, confusion. Example: "In TDX guest, ... Such attestation... before sending information to TD guests." And here I go: What, there's a TDX guest and TD guest? Just simplify it. I'll review our v11 properly after you've addressed comments from v9 too. Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette