Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp3215207rwl; Mon, 27 Mar 2023 10:46:00 -0700 (PDT) X-Google-Smtp-Source: AKy350a5StH5eE3uQCDNkhG4u/JYqICMPDM6JRmbUSEE9lX53hcInsH9GdsY5hXu1dlNp1l72uPu X-Received: by 2002:a17:90a:18e:b0:23b:2c51:6e7 with SMTP id 14-20020a17090a018e00b0023b2c5106e7mr13468423pjc.21.1679939160601; Mon, 27 Mar 2023 10:46:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679939160; cv=none; d=google.com; s=arc-20160816; b=re8xoCJJl9eHUhleTtU8mzr4Ul6haOUTEepcM8vboLoWBKFPBH4Dy4+zG/Rp063Z07 6X2u1e0D5y9wswd6sWMqwYEpMQsojqqPXPY/M1K04GrR1anA+eEa6d02V51yKS7dL+2d 8kB5Q76zjNeMwZlD/Z3wJqFr9AdGHvybNP1t3GHqZbqdN6guttlXuEfmZkUrJ7CwngM/ axYDN11dEJpjS/bQr2/AsJtV5SEt56vHRPce6dEbjMT6gO0IW/0xWugeZbiFYqrkJqOl t+IQhek0j9RtZaCr6rk9QHTDucrhkPHq8HkKik1bfSV21cbKvabine+2g/C+htS1RJ5M dERw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=iEz3U669eusarpdOhYY7KYApKyeHC+XWqMsT7FRhmXs=; b=LkoyAIxcWG0ZS8AN7MSJzT3WB0O36l9FjWtXzWOzMcr3f2pRIuDfVMHcaYi7mIobob ueGZhytoOR0bri/vQZ23sEywRtTCYGqsf/hnqNvnExQc7TlHjiiYqnsljbtIFkrVHToL TgVcZpFr8Ys3pB0LGqSk1VYbVMUG4gLjw8ZPB1Ypa4ibqAm50bacD3BXXk+nn3MwjYfA JJ2wmjRBCN7XCB48gt9T9aviMZj6o44NcfcPdD+kgeTivdJcmvMPIHn88v6e1j5yZGR5 gQ1dDiOthGJMM3KGoayLbtCngnwrMsbDbFqxOEzBdVvT/DWJDIGWT5PZfiAMvaGTQ+IW vXxw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="X/+I64yS"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 27-20020a630d5b000000b0050bc150235dsi26982612pgn.104.2023.03.27.10.45.48; Mon, 27 Mar 2023 10:46:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="X/+I64yS"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232220AbjC0Rgd (ORCPT + 99 others); Mon, 27 Mar 2023 13:36:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38350 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231891AbjC0Rgb (ORCPT ); Mon, 27 Mar 2023 13:36:31 -0400 Received: from mail-ua1-x935.google.com (mail-ua1-x935.google.com [IPv6:2607:f8b0:4864:20::935]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1395D194 for ; Mon, 27 Mar 2023 10:36:30 -0700 (PDT) Received: by mail-ua1-x935.google.com with SMTP id m5so6916671uae.11 for ; Mon, 27 Mar 2023 10:36:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; t=1679938589; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=iEz3U669eusarpdOhYY7KYApKyeHC+XWqMsT7FRhmXs=; b=X/+I64ySwrBmfuGZEe53ScuVQe0B8Ih9lH+keHrzFe3gwrkz0E83XPgyzDjUMjjiDD g+bTo3+UwEwRHu81T6msOPGw/9FqE1f42194QiqP9/OqZiR1R34PhndLQMcrAMwVLC6N LPfNvhr1c113OCgxM2WojAz+Q+Kez3ZKZPWa/8h/5uSFmVfw0K9GniowrUMt2OAfWXp1 bVALLmglOD1zHZPnG/jU7IhCa09JAxCudhOxX/pIpQ8Tq5BfTWK6uQXHczqCIVdXG2yc ebR608LLiKgkkwaarNjccCwreBwrPeSPEdEZIjxeA90eqtFG/BF07eNL1/nEg7n3AuHl ajhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679938589; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iEz3U669eusarpdOhYY7KYApKyeHC+XWqMsT7FRhmXs=; b=LXfKHUEaR68LrX+h7En1QAh+YYKMIlyVfv2wkJ5WOxEeK44bKBQbXUbD1QdgyuvY33 SdkB50T1kwl31J40A5T8VXEEpOyTaQ9bp6ehT6uXT3czYWCki64S8EFWrjEnry6QatfY Qdo/5BXgropjfKnuJHjhfbsvq8kxAGFSCRsRcRE0PYsUct73bAfLGdWZXoaDEbS2zb4Q 6Epnhu8ZyBzXq91USADsHM4GV3h48HkoWSUeg8mULrVEi7+cRZm4AYXs/KmGGECZ+bTf +54/8E2zhwOL/dA5l9UM0eoNt+56CzibviZxoT+gTpl72lznUpCgOjhU+Yj8lMiMS4XC VtkQ== X-Gm-Message-State: AAQBX9cjBjy3tpKobImCGi1cKIRz5msHYlP6/ptH1HePwJs0ov8HzTF1 Kw3VOaNBx6OxSgrnhScXspmILYLN8nWQzHGxR86hyw== X-Received: by 2002:a1f:2dce:0:b0:436:4a89:bb11 with SMTP id t197-20020a1f2dce000000b004364a89bb11mr7016521vkt.0.1679938588828; Mon, 27 Mar 2023 10:36:28 -0700 (PDT) MIME-Version: 1.0 References: <20230326062039.341479-1-sathyanarayanan.kuppuswamy@linux.intel.com> In-Reply-To: <20230326062039.341479-1-sathyanarayanan.kuppuswamy@linux.intel.com> From: Erdem Aktas Date: Mon, 27 Mar 2023 10:36:17 -0700 Message-ID: Subject: Re: [PATCH v1 0/3] TDX Guest Quote generation support To: Kuppuswamy Sathyanarayanan Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, Shuah Khan , Jonathan Corbet , "H . Peter Anvin" , "Kirill A . Shutemov" , Tony Luck , Wander Lairson Costa , Guorui Yu , Du Fan , linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-15.7 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,ENV_AND_HDR_SPF_MATCH, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL, USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Mar 25, 2023 at 11:20=E2=80=AFPM Kuppuswamy Sathyanarayanan wrote: > > Hi All, > > In TDX guest, the attestation process is used to verify the TDX guest > trustworthiness to other entities before provisioning secrets to the > guest. > > The TDX guest attestation process consists of two steps: > > 1. TDREPORT generation > 2. Quote generation. > > The First step (TDREPORT generation) involves getting the TDX guest > measurement data in the format of TDREPORT which is further used to > validate the authenticity of the TDX guest. The second step involves > sending the TDREPORT to a Quoting Enclave (QE) server to generate a > remotely verifiable Quote. TDREPORT by design can only be verified on > the local platform. To support remote verification of the TDREPORT, > TDX leverages Intel SGX Quoting Enclave to verify the TDREPORT > locally and convert it to a remotely verifiable Quote. Although > attestation software can use communication methods like TCP/IP or > vsock to send the TDREPORT to QE, not all platforms support these > communication models. So TDX GHCI specification [1] defines a method > for Quote generation via hypercalls. Please check the discussion from > Google [2] and Alibaba [3] which clarifies the need for hypercall based Thanks Sathyanarayanan for submitting patches again. I just wanted to reiterate what I said before that having a clean TDVMCALL based interface to get TDX Quote without any virtio/vsock dependency is critical for us to support many use cases.