Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp1321760rwl; Sat, 25 Mar 2023 23:38:41 -0700 (PDT) X-Google-Smtp-Source: AKy350bUZYTh+utzfX2PGvHRNRT68KFbMWOXiKAk5xwWIO6wdXjkhp5nc7krRTmWjzRFEA5vjmlf X-Received: by 2002:aa7:9e92:0:b0:62a:443b:eb3 with SMTP id p18-20020aa79e92000000b0062a443b0eb3mr6818265pfq.27.1679812721521; Sat, 25 Mar 2023 23:38:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679812721; cv=none; d=google.com; s=arc-20160816; b=BzNI/9CoPA8nA+9K5DSFoX0vlJof48dNdXyV0IOOdKxILg1G0gWjBPLuXiUlKmp2VP dS5I9NrQu0kLiJ6zOixACkI0apJ1ooWFYGSMfor+i03uTLlvGwFuQc4pLGHI6M+3jJ0R hkJIjb/LPQKrqhJtHhs5NnpxtEph3gsRF5q4GWOa3SI04fxz3OINbyGt1dJsHmeLE6xe 5uon1L0bUEW68MprY6G0RdvFo5mjexvXJw6qGNbqTeIaMT+5q/P8qJR7d+xG3LVDS1h3 Wz+QevV64hDVUXGoS5H6du3BBDfyKOr5JwhDild14f1S4fMxz6o9e4T65FV2orM+NijG hYIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=eqnE7ZqXUu3i5THTEzjDqvy4bH/2xo0TSy08W8qNUNg=; b=AFG2eYP3Qm3lXJbQotpWYEk1i9WWWowBQsCK/Xd+mEqOCudJVeNR51iyAK67n9Sm0y GFWBTlTry8ElMwQuySyvPRnM0gWnDM+0s1ZiR6DNWSRB7I0SomkQigBGzGgubA5Ir1MY Dc5BYWlnBlE9ZIyoRx7ofYCTYD4hes4rheHxGFOjlv6mhEkqofPr43L+NFDn30g9R4S8 5fSbTpc6A7sMeI59wl3iwRYKosR9GOhG80C1o5hoogOj8/g0YZrpKMu0b078SVHz6ldr 8hV7u/8i8jv5la6AsBMQOy3tSuHdRdCL9KTgD8bOkDU+qN5wTRveRadB3GniAhazHjkP njYg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=ClIrJmaP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k2-20020aa788c2000000b00627f0afab65si19487260pff.150.2023.03.25.23.38.30; Sat, 25 Mar 2023 23:38:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=ClIrJmaP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230399AbjCZGUy (ORCPT + 99 others); Sun, 26 Mar 2023 02:20:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36366 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229523AbjCZGUw (ORCPT ); Sun, 26 Mar 2023 02:20:52 -0400 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9F2A340FD; Sat, 25 Mar 2023 23:20:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1679811650; x=1711347650; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=SyfK9Omb+5LaXVWXFJR8Lfqtv+Cz1gSgt2M7uXUhVTU=; b=ClIrJmaPqnX12vp81flHsSHXe3wNCvLm1I2ahsv9NkUID7H7LK2BLKPj gldNMmEvT59wSHRA7CVSrW9vD3RmOfJOINX3Gfu7IPmnhJrH6KNruWKRa 6v8YFrnBeVd4Hz8spp/XyPyJnjplS4wnXCcQw9Wi1W0ppGWSjAZHF1/Cv 1OiEmebFomAm7xK/zSraxFMWCdCVziMJlaa32iRD/bDEnBxx+cOibJbuN 6qBGcU/2o0JLVLZahnCgTIi9iswKhwWxzAskG3oZHxWnr81Nr+7st46MB TrXqnpfGJ4b828pASsbCgE+tOWEnmx2raodeV1M7/6gG5nQKGudWrc7fU g==; X-IronPort-AV: E=McAfee;i="6600,9927,10660"; a="341628530" X-IronPort-AV: E=Sophos;i="5.98,292,1673942400"; d="scan'208";a="341628530" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Mar 2023 23:20:50 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10660"; a="660510701" X-IronPort-AV: E=Sophos;i="5.98,292,1673942400"; d="scan'208";a="660510701" Received: from srivats1-mobl.amr.corp.intel.com (HELO skuppusw-desk1.amr.corp.intel.com) ([10.209.108.178]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Mar 2023 23:20:49 -0700 From: Kuppuswamy Sathyanarayanan To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, Shuah Khan , Jonathan Corbet Cc: "H . Peter Anvin" , Kuppuswamy Sathyanarayanan , "Kirill A . Shutemov" , Tony Luck , Wander Lairson Costa , Erdem Aktas , Guorui Yu , Du Fan , linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org Subject: [PATCH v1 0/3] TDX Guest Quote generation support Date: Sat, 25 Mar 2023 23:20:36 -0700 Message-Id: <20230326062039.341479-1-sathyanarayanan.kuppuswamy@linux.intel.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.4 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi All, In TDX guest, the attestation process is used to verify the TDX guest trustworthiness to other entities before provisioning secrets to the guest. The TDX guest attestation process consists of two steps: 1. TDREPORT generation 2. Quote generation. The First step (TDREPORT generation) involves getting the TDX guest measurement data in the format of TDREPORT which is further used to validate the authenticity of the TDX guest. The second step involves sending the TDREPORT to a Quoting Enclave (QE) server to generate a remotely verifiable Quote. TDREPORT by design can only be verified on the local platform. To support remote verification of the TDREPORT, TDX leverages Intel SGX Quoting Enclave to verify the TDREPORT locally and convert it to a remotely verifiable Quote. Although attestation software can use communication methods like TCP/IP or vsock to send the TDREPORT to QE, not all platforms support these communication models. So TDX GHCI specification [1] defines a method for Quote generation via hypercalls. Please check the discussion from Google [2] and Alibaba [3] which clarifies the need for hypercall based Quote generation support. This patch set adds this support. Support for TDREPORT generation already exists in the TDX guest driver. This patchset extends the same driver to add the Quote generation support. Following are the details of the patch set: Patch 1/3 -> Adds event notification IRQ support. Patch 2/3 -> Adds Quote generation support. Patch 3/3 -> Adds selftest support for Quote generation feature. [1] https://cdrdv2.intel.com/v1/dl/getContent/726790, section titled "TDG.VP.VMCALL". [2] https://lore.kernel.org/lkml/CAAYXXYxxs2zy_978GJDwKfX5Hud503gPc8=1kQ-+JwG_kA79mg@mail.gmail.com/ [3] https://lore.kernel.org/lkml/a69faebb-11e8-b386-d591-dbd08330b008@linux.alibaba.com/ Kuppuswamy Sathyanarayanan (3): x86/tdx: Add TDX Guest event notify interrupt support virt: tdx-guest: Add Quote generation support selftests/tdx: Test GetQuote TDX attestation feature Documentation/virt/coco/tdx-guest.rst | 11 + arch/x86/coco/tdx/tdx.c | 203 +++++++++++++++ arch/x86/include/asm/tdx.h | 8 + drivers/virt/coco/tdx-guest/tdx-guest.c | 249 ++++++++++++++++++- include/uapi/linux/tdx-guest.h | 44 ++++ tools/testing/selftests/tdx/tdx_guest_test.c | 68 ++++- 6 files changed, 575 insertions(+), 8 deletions(-) -- 2.34.1