Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp1857957rwl; Wed, 12 Apr 2023 20:46:32 -0700 (PDT) X-Google-Smtp-Source: AKy350aUBvEolNxmL0gUqa83plykM9vZ+wkt5XRMLmqdPqX/URS+2lveOleBCWjZnpAxXliRSjvh X-Received: by 2002:a05:6402:5210:b0:506:72f8:eb10 with SMTP id s16-20020a056402521000b0050672f8eb10mr506736edd.0.1681357592725; Wed, 12 Apr 2023 20:46:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681357592; cv=none; d=google.com; s=arc-20160816; b=i1dLWjq4slrMlkS4BADBy7TKpgg/f6M5QEldLQL2sFJ78+8s3GdbRSEA4HJO+8trb7 QiNSm7F31cJ3tXzSpEavDEuj538ceV+K8tzdnFCXrtbbOyLThm/nzJ3KGPSmeGuQ5iso OFP++RmHfYsKP0wGkfi+PcdjPnZe9jlfOhSlMj9/pnCKBJCcaEsoP4MllQ8IYV+K4Nk7 z5ugvy1OXTd6Ey4QIGT4RBcFZp21O3MCGenrX1yai4weBP5xH8WNHrBrqpQ2SqtEvmhE KXkHTGdfx/e2vGm0FQtNLQLYo538nbww/WjqdVNdp1vZYhG8yrieJIItLz1usRaytb0Q U+nw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=MPXh9wmu2TnQosCkN2EfF5xAt0VneHUGHh5R8O1SliE=; b=ZD7/5k5WlaRryCDJr/CWFs6wZeUm6ug/PzQbNl7uY/BeTiWEltD3tMn/4tGJ9cIExw wRXXWoog6pe4l6ExpX2zyHparH2lCOIeh47ltruuakpcRHYWb4MTZbVTCpdJFl/LKL2K kv9nTw7eHWWlwidQIwAPJ5dM1hSI0+vvBFTlYova1O3XrfAyOEj51ONmtURIlL0rUTWk PwLFkpdNBRd+N6bhfUVDq1e0hDASXthu4mUoheCzk919zRugeBvvf1fZgV7ivl8eKSos F6rjrTgIY3ED9Cxa0zNVTHsKC7uwyXIMYU2COZRtMFbYGqErzh5adxSnYDh1GPPKwI/S oV9w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="E+0lEtf/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m23-20020a50ef17000000b0050480da034asi724064eds.27.2023.04.12.20.46.08; Wed, 12 Apr 2023 20:46:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="E+0lEtf/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229724AbjDMDmD (ORCPT + 99 others); Wed, 12 Apr 2023 23:42:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52712 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229535AbjDMDmB (ORCPT ); Wed, 12 Apr 2023 23:42:01 -0400 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2E32B26B3; Wed, 12 Apr 2023 20:42:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1681357320; x=1712893320; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=v/a9FAkLxI4hYYSzhU8V3YxbRn7xvE3VC+PavoH5gao=; b=E+0lEtf/R5cH+sJZznIR0r30Kz/LXApelmBEg+y/LKBkkJ9M7wTBdkYU NQCoZNLiwnCT724bJwCYNqHnVAozeQZkwZxjfHo7rIJWEeGNFGdyLLdpi 8PkvtoW0UUoAdSLd5GnC0EbGqJRUjsZmWCcJz+A5IrnlZ6FyUhghAUd9+ xc66NEPCyVIh5vkm6dAZM3ePhJ79HP040hitVOxIVxIs53t5CPcFX3I+h FYnttntD82Yk4i1oUU1B6BOiPpJiNlhpsgzZSnPuQ5SIJf/q7fDLRnPLa zsNRegEDGqyLGX/USYdugKP56piZZRO7Nv1Wv9k9ExaPRZ0u04tybfHRC g==; X-IronPort-AV: E=McAfee;i="6600,9927,10678"; a="323699351" X-IronPort-AV: E=Sophos;i="5.98,339,1673942400"; d="scan'208";a="323699351" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Apr 2023 20:41:59 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10678"; a="813222552" X-IronPort-AV: E=Sophos;i="5.98,339,1673942400"; d="scan'208";a="813222552" Received: from dayerton-mobl.amr.corp.intel.com (HELO skuppusw-desk1.amr.corp.intel.com) ([10.209.52.214]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Apr 2023 20:41:59 -0700 From: Kuppuswamy Sathyanarayanan To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, Shuah Khan , Jonathan Corbet Cc: "H . Peter Anvin" , Kuppuswamy Sathyanarayanan , "Kirill A . Shutemov" , Tony Luck , Wander Lairson Costa , Erdem Aktas , Dionna Amalie Glaze , Chong Cai , Qinkun Bao , Guorui Yu , Du Fan , linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org Subject: [PATCH v2 0/3] TDX Guest Quote generation support Date: Wed, 12 Apr 2023 20:41:05 -0700 Message-Id: <20230413034108.1902712-1-sathyanarayanan.kuppuswamy@linux.intel.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_PASS, SPF_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi All, In TDX guest, the attestation process is used to verify the TDX guest trustworthiness to other entities before provisioning secrets to the guest. The TDX guest attestation process consists of two steps: 1. TDREPORT generation 2. Quote generation. The First step (TDREPORT generation) involves getting the TDX guest measurement data in the format of TDREPORT which is further used to validate the authenticity of the TDX guest. The second step involves sending the TDREPORT to a Quoting Enclave (QE) server to generate a remotely verifiable Quote. TDREPORT by design can only be verified on the local platform. To support remote verification of the TDREPORT, TDX leverages Intel SGX Quoting Enclave to verify the TDREPORT locally and convert it to a remotely verifiable Quote. Although attestation software can use communication methods like TCP/IP or vsock to send the TDREPORT to QE, not all platforms support these communication models. So TDX GHCI specification [1] defines a method for Quote generation via hypercalls. Please check the discussion from Google [2] and Alibaba [3] which clarifies the need for hypercall based Quote generation support. This patch set adds this support. Support for TDREPORT generation already exists in the TDX guest driver. This patchset extends the same driver to add the Quote generation support. Following are the details of the patch set: Patch 1/3 -> Adds event notification IRQ support. Patch 2/3 -> Adds Quote generation support. Patch 3/3 -> Adds selftest support for Quote generation feature. [1] https://cdrdv2.intel.com/v1/dl/getContent/726790, section titled "TDG.VP.VMCALL". [2] https://lore.kernel.org/lkml/CAAYXXYxxs2zy_978GJDwKfX5Hud503gPc8=1kQ-+JwG_kA79mg@mail.gmail.com/ [3] https://lore.kernel.org/lkml/a69faebb-11e8-b386-d591-dbd08330b008@linux.alibaba.com/ Kuppuswamy Sathyanarayanan (3): x86/tdx: Add TDX Guest event notify interrupt support virt: tdx-guest: Add Quote generation support selftests/tdx: Test GetQuote TDX attestation feature Documentation/virt/coco/tdx-guest.rst | 11 ++ arch/x86/coco/tdx/tdx.c | 196 +++++++++++++++++++ arch/x86/include/asm/tdx.h | 8 + drivers/virt/coco/tdx-guest/tdx-guest.c | 168 +++++++++++++++- include/uapi/linux/tdx-guest.h | 43 ++++ tools/testing/selftests/tdx/tdx_guest_test.c | 68 ++++++- 6 files changed, 487 insertions(+), 7 deletions(-) -- 2.34.1