Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp4960860rwl;
        Tue, 28 Mar 2023 13:59:03 -0700 (PDT)
X-Google-Smtp-Source: AKy350Yp6Ixdgsqap0L8yDNWgbIUxyF1Vz3Q3+wLfYwUHVC+7kRO/vilAwK7Pru0Bb2R1E2EcGyn
X-Received: by 2002:a17:907:b9d9:b0:93b:1cc5:4a1 with SMTP id xa25-20020a170907b9d900b0093b1cc504a1mr17639218ejc.40.1680037143324;
        Tue, 28 Mar 2023 13:59:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1680037143; cv=none;
        d=google.com; s=arc-20160816;
        b=sZvef9cwpbtFpMumawHgN8rwbp/ZPjSTvEgxvIQuEuFsJBuBocTyOJ3s0ME4Wnm6IL
         YSGvcCTgcTQ+Twy+WEfSAaR59qr6aSqGQ6j22ZQ+zERA9v0dsNJNpeO89LYUNy2Debb2
         dJ1vcUe/zFl3O0h4+mKhnlaqgETYlGs4e0kMAobF7aLMG6nefGYa3ZN6erLc8gAdg5TL
         eftIP0p0/l5rKOLcwp3uDzoXFhOHApz7noBm2laJ/s01qaevPPZvOvo8GEVgTBiGb0cY
         vbmSh2vdpaH4kmM1+13aB8GV1hT+HldYr6E7p741WNCWRYBCYbf6xqjtVVlxiVz0QNHa
         /nnQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:cc:to:subject
         :message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature;
        bh=Wa0LfFSjVxiVuRv97x/zQwaxJI/K9lza1arifqvGksw=;
        b=HYr8/4kpQ+vBF59GL0gJLUPoEqGZA0JKwGt9Ct3pdpV167ucCDJpPipYJsAw0FXhEM
         CbEYrXsdydDkkjbb48LFuUoD8EI/abTrganIUj4+1m9snMNADS82DcDX4qMWUVEnwJY/
         iLQja9Ic22ltnSi05OqWTWw3VN0tz3KXALMK3ifBaJER5N7bPQwkvdFx4pSHEDfVyuRk
         jyktW4okDifn7E544pGpZSRsJdsudiZQF2WSKS9cxt+6fQnvLtyukqRT8+76o909kR5t
         hyn/MjR6UwBrmEWTOyBxSxe3HtC7QsIKah2N13fIlxYTzkG6/qSz89g2fFG/Mz+oyogt
         CmhA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b="O/2GpUlj";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id wb9-20020a170907d50900b00939393bd26asi23631561ejc.835.2023.03.28.13.58.38;
        Tue, 28 Mar 2023 13:59:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b="O/2GpUlj";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229507AbjC1Unx (ORCPT <rfc822;andrey.bzh.r@gmail.com>
        + 99 others); Tue, 28 Mar 2023 16:43:53 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55150 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229491AbjC1Unv (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 28 Mar 2023 16:43:51 -0400
Received: from mail-yw1-x112f.google.com (mail-yw1-x112f.google.com [IPv6:2607:f8b0:4864:20::112f])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 94A2D10F3
        for <linux-kernel@vger.kernel.org>; Tue, 28 Mar 2023 13:43:50 -0700 (PDT)
Received: by mail-yw1-x112f.google.com with SMTP id 00721157ae682-53d277c1834so253635237b3.10
        for <linux-kernel@vger.kernel.org>; Tue, 28 Mar 2023 13:43:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112; t=1680036230;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=Wa0LfFSjVxiVuRv97x/zQwaxJI/K9lza1arifqvGksw=;
        b=O/2GpUlj5wwbEi1Kekelt0BSM8jT3q6K9BPbeFRL/HOLPyzBwut4I7tfHO4vMde8Vp
         fxLILFCiGZolEDUb9SNUHf6mT3LOusPAB/rbryqkJ5fdK03sVWQB5e09K6W2Tg2dW6eU
         0NW6+NJhFwGEt+hboYzSw4xMrCFtiaIm+0AtP0tt0qRm9JbCnFS7rLBUMiRXzy+mB3W7
         MbBy+RgQz8rzixGuilnbiPl3tMM8xV+U0e4B2ZQ/XwrrDE1HrkOIqg/FCvUlmPHT7X+4
         BWgCpCsUVEsIToMaIkXjoaYSVJtS1UFITQdsn25qWYujXhnY4K5cuRTtETOJ7YVJLG/E
         msbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112; t=1680036230;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Wa0LfFSjVxiVuRv97x/zQwaxJI/K9lza1arifqvGksw=;
        b=F0ItYU4bzcb5v/4anbn3zNYKX8Pwy04cgPBeMfhYutNJYxYXV503efdow7+kqINLsi
         VGJC0nB5Q8JSW7wX8FG7zcnqKfasVOmcCZDaeCB3VPUfK1M0jxRnUpLkNF+gHjQE0CjW
         S6MTRXWXK7Zk7+chUIQpLjYFEyMSyxpzTqy+aMuBlC1Q17Yz05fMMfVvt+66xyA+ZdXA
         SyA1k+GUDVfyvwLrcsvsSei1HpnlVXKyDinPQhD+je49/1JSRT+yBYtLlnR0TR9OMj50
         3dmNCJ/CUlnPJqOtETKLmzQcH9wOjFSDgyWttINxXS3giY+WEHQ7VIWzIanjz6/a4uKf
         yfdw==
X-Gm-Message-State: AAQBX9eUFAbciX923C6D91rIa20OG6QXdwq1ZMVoLXshWwmervnc3D6y
        FxZOTi5jp8rVoMuJ5+mWWJVfPY8EUELA1RLVy/amew==
X-Received: by 2002:a81:ad5d:0:b0:540:e744:13ae with SMTP id
 l29-20020a81ad5d000000b00540e74413aemr7016748ywk.3.1680036229542; Tue, 28 Mar
 2023 13:43:49 -0700 (PDT)
MIME-Version: 1.0
References: <20230326062039.341479-1-sathyanarayanan.kuppuswamy@linux.intel.com>
 <CAAYXXYxC++kRW_Kg0jieaxuwzTC2hu-9SxRjsHH_kqZW_DTE7Q@mail.gmail.com> <CAAH4kHZWW6QsMcLCLYwRo25i6d6Uhg+=rTeoVV7yrGHqUWwFUQ@mail.gmail.com>
In-Reply-To: <CAAH4kHZWW6QsMcLCLYwRo25i6d6Uhg+=rTeoVV7yrGHqUWwFUQ@mail.gmail.com>
From:   Chong Cai <chongc@google.com>
Date:   Tue, 28 Mar 2023 13:43:37 -0700
Message-ID: <CALRH0ChZ7dtJ9ST-mbjVz7Q2jY9QQm6mor5137YyFtSX4td-bw@mail.gmail.com>
Subject: Re: [PATCH v1 0/3] TDX Guest Quote generation support
To:     Dionna Amalie Glaze <dionnaglaze@google.com>
Cc:     Erdem Aktas <erdemaktas@google.com>,
        Kuppuswamy Sathyanarayanan 
        <sathyanarayanan.kuppuswamy@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>, x86@kernel.org,
        Shuah Khan <shuah@kernel.org>,
        Jonathan Corbet <corbet@lwn.net>,
        "H . Peter Anvin" <hpa@zytor.com>,
        "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
        Tony Luck <tony.luck@intel.com>,
        Wander Lairson Costa <wander@redhat.com>,
        Guorui Yu <GuoRui.Yu@linux.alibaba.com>,
        Du Fan <fan.du@intel.com>, linux-kernel@vger.kernel.org,
        linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-15.7 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,ENV_AND_HDR_SPF_MATCH,
        RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL,
        USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Mar 28, 2023 at 12:59=E2=80=AFPM Dionna Amalie Glaze
<dionnaglaze@google.com> wrote:
>
> +Chong Cai
>
> Adding a colleague per his request since he's not subscribed to the list =
yet.
>
> On Mon, Mar 27, 2023 at 10:36=E2=80=AFAM Erdem Aktas <erdemaktas@google.c=
om> wrote:
> >
> > On Sat, Mar 25, 2023 at 11:20=E2=80=AFPM Kuppuswamy Sathyanarayanan
> > <sathyanarayanan.kuppuswamy@linux.intel.com> wrote:
> > >
> > > Hi All,
> > >
> > > In TDX guest, the attestation process is used to verify the TDX guest
> > > trustworthiness to other entities before provisioning secrets to the
> > > guest.
> > >
> > > The TDX guest attestation process consists of two steps:
> > >
> > > 1. TDREPORT generation
> > > 2. Quote generation.
> > >
> > > The First step (TDREPORT generation) involves getting the TDX guest
> > > measurement data in the format of TDREPORT which is further used to
> > > validate the authenticity of the TDX guest. The second step involves
> > > sending the TDREPORT to a Quoting Enclave (QE) server to generate a
> > > remotely verifiable Quote. TDREPORT by design can only be verified on
> > > the local platform. To support remote verification of the TDREPORT,
> > > TDX leverages Intel SGX Quoting Enclave to verify the TDREPORT
> > > locally and convert it to a remotely verifiable Quote. Although
> > > attestation software can use communication methods like TCP/IP or
> > > vsock to send the TDREPORT to QE, not all platforms support these
> > > communication models. So TDX GHCI specification [1] defines a method
> > > for Quote generation via hypercalls. Please check the discussion from
> > > Google [2] and Alibaba [3] which clarifies the need for hypercall bas=
ed
> > Thanks Sathyanarayanan for submitting patches again.
> >
> > I just wanted to reiterate what I said before that having a clean
> > TDVMCALL based interface to get TDX Quote without any virtio/vsock
> > dependency  is critical for us to support many use cases.
>
> +1 to Erdem's point. A simple TDVMCALL interface could make it much
> easier for user cases that can not depend on virtio and vsock.
> Without the TDVMCALL, it will largely limit those user cases to adopt TDX=
.
> Thanks Sathyanarayanan for submitting this patch.
> --
> -Dionna Glaze, PhD (she/her)