Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp4960860rwl; Tue, 28 Mar 2023 13:59:03 -0700 (PDT) X-Google-Smtp-Source: AKy350Yp6Ixdgsqap0L8yDNWgbIUxyF1Vz3Q3+wLfYwUHVC+7kRO/vilAwK7Pru0Bb2R1E2EcGyn X-Received: by 2002:a17:907:b9d9:b0:93b:1cc5:4a1 with SMTP id xa25-20020a170907b9d900b0093b1cc504a1mr17639218ejc.40.1680037143324; Tue, 28 Mar 2023 13:59:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680037143; cv=none; d=google.com; s=arc-20160816; b=sZvef9cwpbtFpMumawHgN8rwbp/ZPjSTvEgxvIQuEuFsJBuBocTyOJ3s0ME4Wnm6IL YSGvcCTgcTQ+Twy+WEfSAaR59qr6aSqGQ6j22ZQ+zERA9v0dsNJNpeO89LYUNy2Debb2 dJ1vcUe/zFl3O0h4+mKhnlaqgETYlGs4e0kMAobF7aLMG6nefGYa3ZN6erLc8gAdg5TL eftIP0p0/l5rKOLcwp3uDzoXFhOHApz7noBm2laJ/s01qaevPPZvOvo8GEVgTBiGb0cY vbmSh2vdpaH4kmM1+13aB8GV1hT+HldYr6E7p741WNCWRYBCYbf6xqjtVVlxiVz0QNHa /nnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=Wa0LfFSjVxiVuRv97x/zQwaxJI/K9lza1arifqvGksw=; b=HYr8/4kpQ+vBF59GL0gJLUPoEqGZA0JKwGt9Ct3pdpV167ucCDJpPipYJsAw0FXhEM CbEYrXsdydDkkjbb48LFuUoD8EI/abTrganIUj4+1m9snMNADS82DcDX4qMWUVEnwJY/ iLQja9Ic22ltnSi05OqWTWw3VN0tz3KXALMK3ifBaJER5N7bPQwkvdFx4pSHEDfVyuRk jyktW4okDifn7E544pGpZSRsJdsudiZQF2WSKS9cxt+6fQnvLtyukqRT8+76o909kR5t hyn/MjR6UwBrmEWTOyBxSxe3HtC7QsIKah2N13fIlxYTzkG6/qSz89g2fFG/Mz+oyogt CmhA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="O/2GpUlj"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id wb9-20020a170907d50900b00939393bd26asi23631561ejc.835.2023.03.28.13.58.38; Tue, 28 Mar 2023 13:59:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="O/2GpUlj"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229507AbjC1Unx (ORCPT + 99 others); Tue, 28 Mar 2023 16:43:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55150 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229491AbjC1Unv (ORCPT ); Tue, 28 Mar 2023 16:43:51 -0400 Received: from mail-yw1-x112f.google.com (mail-yw1-x112f.google.com [IPv6:2607:f8b0:4864:20::112f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 94A2D10F3 for ; Tue, 28 Mar 2023 13:43:50 -0700 (PDT) Received: by mail-yw1-x112f.google.com with SMTP id 00721157ae682-53d277c1834so253635237b3.10 for ; Tue, 28 Mar 2023 13:43:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; t=1680036230; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Wa0LfFSjVxiVuRv97x/zQwaxJI/K9lza1arifqvGksw=; b=O/2GpUlj5wwbEi1Kekelt0BSM8jT3q6K9BPbeFRL/HOLPyzBwut4I7tfHO4vMde8Vp fxLILFCiGZolEDUb9SNUHf6mT3LOusPAB/rbryqkJ5fdK03sVWQB5e09K6W2Tg2dW6eU 0NW6+NJhFwGEt+hboYzSw4xMrCFtiaIm+0AtP0tt0qRm9JbCnFS7rLBUMiRXzy+mB3W7 MbBy+RgQz8rzixGuilnbiPl3tMM8xV+U0e4B2ZQ/XwrrDE1HrkOIqg/FCvUlmPHT7X+4 BWgCpCsUVEsIToMaIkXjoaYSVJtS1UFITQdsn25qWYujXhnY4K5cuRTtETOJ7YVJLG/E msbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680036230; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Wa0LfFSjVxiVuRv97x/zQwaxJI/K9lza1arifqvGksw=; b=F0ItYU4bzcb5v/4anbn3zNYKX8Pwy04cgPBeMfhYutNJYxYXV503efdow7+kqINLsi VGJC0nB5Q8JSW7wX8FG7zcnqKfasVOmcCZDaeCB3VPUfK1M0jxRnUpLkNF+gHjQE0CjW S6MTRXWXK7Zk7+chUIQpLjYFEyMSyxpzTqy+aMuBlC1Q17Yz05fMMfVvt+66xyA+ZdXA SyA1k+GUDVfyvwLrcsvsSei1HpnlVXKyDinPQhD+je49/1JSRT+yBYtLlnR0TR9OMj50 3dmNCJ/CUlnPJqOtETKLmzQcH9wOjFSDgyWttINxXS3giY+WEHQ7VIWzIanjz6/a4uKf yfdw== X-Gm-Message-State: AAQBX9eUFAbciX923C6D91rIa20OG6QXdwq1ZMVoLXshWwmervnc3D6y FxZOTi5jp8rVoMuJ5+mWWJVfPY8EUELA1RLVy/amew== X-Received: by 2002:a81:ad5d:0:b0:540:e744:13ae with SMTP id l29-20020a81ad5d000000b00540e74413aemr7016748ywk.3.1680036229542; Tue, 28 Mar 2023 13:43:49 -0700 (PDT) MIME-Version: 1.0 References: <20230326062039.341479-1-sathyanarayanan.kuppuswamy@linux.intel.com> In-Reply-To: From: Chong Cai Date: Tue, 28 Mar 2023 13:43:37 -0700 Message-ID: Subject: Re: [PATCH v1 0/3] TDX Guest Quote generation support To: Dionna Amalie Glaze Cc: Erdem Aktas , Kuppuswamy Sathyanarayanan , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, Shuah Khan , Jonathan Corbet , "H . Peter Anvin" , "Kirill A . Shutemov" , Tony Luck , Wander Lairson Costa , Guorui Yu , Du Fan , linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-15.7 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,ENV_AND_HDR_SPF_MATCH, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL, USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 28, 2023 at 12:59=E2=80=AFPM Dionna Amalie Glaze wrote: > > +Chong Cai > > Adding a colleague per his request since he's not subscribed to the list = yet. > > On Mon, Mar 27, 2023 at 10:36=E2=80=AFAM Erdem Aktas wrote: > > > > On Sat, Mar 25, 2023 at 11:20=E2=80=AFPM Kuppuswamy Sathyanarayanan > > wrote: > > > > > > Hi All, > > > > > > In TDX guest, the attestation process is used to verify the TDX guest > > > trustworthiness to other entities before provisioning secrets to the > > > guest. > > > > > > The TDX guest attestation process consists of two steps: > > > > > > 1. TDREPORT generation > > > 2. Quote generation. > > > > > > The First step (TDREPORT generation) involves getting the TDX guest > > > measurement data in the format of TDREPORT which is further used to > > > validate the authenticity of the TDX guest. The second step involves > > > sending the TDREPORT to a Quoting Enclave (QE) server to generate a > > > remotely verifiable Quote. TDREPORT by design can only be verified on > > > the local platform. To support remote verification of the TDREPORT, > > > TDX leverages Intel SGX Quoting Enclave to verify the TDREPORT > > > locally and convert it to a remotely verifiable Quote. Although > > > attestation software can use communication methods like TCP/IP or > > > vsock to send the TDREPORT to QE, not all platforms support these > > > communication models. So TDX GHCI specification [1] defines a method > > > for Quote generation via hypercalls. Please check the discussion from > > > Google [2] and Alibaba [3] which clarifies the need for hypercall bas= ed > > Thanks Sathyanarayanan for submitting patches again. > > > > I just wanted to reiterate what I said before that having a clean > > TDVMCALL based interface to get TDX Quote without any virtio/vsock > > dependency is critical for us to support many use cases. > > +1 to Erdem's point. A simple TDVMCALL interface could make it much > easier for user cases that can not depend on virtio and vsock. > Without the TDVMCALL, it will largely limit those user cases to adopt TDX= . > Thanks Sathyanarayanan for submitting this patch. > -- > -Dionna Glaze, PhD (she/her)