Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp6601729rwr; Tue, 9 May 2023 18:27:19 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7671xV8CX/QdbrJ08/43FQISxue3J0Tv68mCPy1JzMDcVHFI6BVhx4MYp39Mjb7ya9ub/M X-Received: by 2002:a17:90b:8c2:b0:24e:1090:40ac with SMTP id ds2-20020a17090b08c200b0024e109040acmr15621120pjb.37.1683682038763; Tue, 09 May 2023 18:27:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683682038; cv=none; d=google.com; s=arc-20160816; b=c4ZVEvSv4GlKAVOPTpDISd3nJSF/b1TSYD9+94ezEltAf39DRL1y0w4lJJEFcxpO7p 5MUJqfuks8fRWkgMNnCJK6L2pSkxPJQ87XeyyHLvcmiJVbp44Yi5m1dKP3feY/i7kD1Z TPvwNWB0TmDq6KEnJbWNUNaytOKsrWFyB3zaGHp1Ye1gEUpad+a3+gzWd8zgMff3GWrX aASoVHRyq55FQz6uiZhsPsQtth2wxlYzJrLNOsDaoMjsJjo0u5xKVuJbWSeDSt8cm82J sxlPUi3YuUGFWa5bigPnenmv2dAW++lfHaZ0uNIrSwa+X88PzzP8J35qfqAEBl0JRGte lNWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=s8U/kO56+ryvdgd3Zu/MG4y3wVGQ9K4RFuHgypD9NY8=; b=ppOFWF9WbIJv4V/vESvRV3yA2bAt7b/XEypC/svcOoTKMKtLEU3z8snRoYNHJtQGHQ qH41ibKgGRdDdva9zSRRnbkSLtfJdad3lF4vFCSdcJqgo0SdxcfSul8OeCrzl+cthiJz kaf2tQWzl8GuoXFJ61MxAifGxGC9FHENV4cDO+SlQO2VA/PkyGqjuDF3PQ8DLLNmZYJk Og86VQAOZtHHxeoxrkG/0oUYavfC/gqsOMoZxLqZORsldP8prFqgX0WCQ6N7sVbnfYWI kQmJSBbvOXsJMn+emHYeWAE0O5YGEVwrtFXdlJQ2L8y94jNLsGpItWXDFZ08paor3YVU N3HA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=B4e5IgXn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a4-20020a17090a854400b0024e35ef410fsi17782535pjw.131.2023.05.09.18.27.04; Tue, 09 May 2023 18:27:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=B4e5IgXn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229527AbjEJAKX (ORCPT + 99 others); Tue, 9 May 2023 20:10:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36390 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229773AbjEJAKV (ORCPT ); Tue, 9 May 2023 20:10:21 -0400 Received: from mail-vk1-xa35.google.com (mail-vk1-xa35.google.com [IPv6:2607:f8b0:4864:20::a35]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EBA252D4C for ; Tue, 9 May 2023 17:10:19 -0700 (PDT) Received: by mail-vk1-xa35.google.com with SMTP id 71dfb90a1353d-44ffef66dabso3581119e0c.2 for ; Tue, 09 May 2023 17:10:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1683677419; x=1686269419; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=s8U/kO56+ryvdgd3Zu/MG4y3wVGQ9K4RFuHgypD9NY8=; b=B4e5IgXnj5eYQ0nrDYPT0l/I0eEVBZqccr94/V4cXIgml1nGfa1Mou1iDiPOTcbeV5 l3aFzN9MvGCC4SbhDRQmLv07G/H2qMk2T3Mg+U0NX2Pd+AGzjjhIUDy+4I8/dQ+trKP9 eZd86vB/hRXjeDk7tlOagjpX8WSZjtZrmXoIlCvMsZZ6vDaVv7nGE8NXzgTKg+Et1O9l nGGfvxNkcU8QK9LSfd8B9V0+R7np15eFLpkWP9Pf+JI+YNnLFsrQL7SVnSGSxrhrFnlh JYRC0MS+Bgv29woF2nFVPISoIdbFVRIdoYU0PW8BGnGAwI/fjJzWOOMegAWd96mK7ytF JNGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683677419; x=1686269419; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=s8U/kO56+ryvdgd3Zu/MG4y3wVGQ9K4RFuHgypD9NY8=; b=JdGp3EeUTb627nL9zGR0bBen963yvKG5+HPzn4VWC8G8Siu0g24IL9lBjuP3z4Un0L V/MFoMPnhmhtiyBEft5Ynx8h8tkLgqUonD2d7Z8UJqqr9Hzk3u6Nvix8Eo+ePYs7e3Yu McDMLhzwtpBw/pNZ56SfpuwopNOov8DPt34qvt1Py7YnBfZtKMLCeW1wYdoozvYViebR cX/YRQBMqAPPGj/MK7MyVTob23JK6SpaN6EXUTa3FCNetLgCDbc9Nm9H4PxZ5xgn1M7U l0XRhXehUgKxw/ejVKZ+lJPD2NJvr1pW7IyQmGNaCMGUrXGWdhqPttfkWpZZgvIz5Ge8 JxIg== X-Gm-Message-State: AC+VfDwEWDAu82iXU3sKJ7iBlwexdM3extyzypwutBFTar0gGOzjgeEN piwIwqBlisn1NbdDf/uxoWOGybsHeiy/QluGe+yERCu4GapHTBVTCLOa4Q== X-Received: by 2002:a1f:e601:0:b0:44f:d211:2df3 with SMTP id d1-20020a1fe601000000b0044fd2112df3mr5054876vkh.13.1683677418877; Tue, 09 May 2023 17:10:18 -0700 (PDT) MIME-Version: 1.0 References: <20230413034108.1902712-1-sathyanarayanan.kuppuswamy@linux.intel.com> In-Reply-To: <20230413034108.1902712-1-sathyanarayanan.kuppuswamy@linux.intel.com> From: Erdem Aktas Date: Tue, 9 May 2023 17:10:07 -0700 Message-ID: Subject: Re: [PATCH v2 0/3] TDX Guest Quote generation support To: Kuppuswamy Sathyanarayanan Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, Shuah Khan , Jonathan Corbet , "H . Peter Anvin" , "Kirill A . Shutemov" , Tony Luck , Wander Lairson Costa , Dionna Amalie Glaze , Chong Cai , Qinkun Bao , Guorui Yu , Du Fan , linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED,USER_IN_DEF_DKIM_WL, USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 12, 2023 at 8:42=E2=80=AFPM Kuppuswamy Sathyanarayanan wrote: > > Hi All, > > In TDX guest, the attestation process is used to verify the TDX guest > trustworthiness to other entities before provisioning secrets to the > guest. > > The TDX guest attestation process consists of two steps: > > 1. TDREPORT generation > 2. Quote generation. > > The First step (TDREPORT generation) involves getting the TDX guest > measurement data in the format of TDREPORT which is further used to > validate the authenticity of the TDX guest. The second step involves > sending the TDREPORT to a Quoting Enclave (QE) server to generate a > remotely verifiable Quote. TDREPORT by design can only be verified on > the local platform. To support remote verification of the TDREPORT, > TDX leverages Intel SGX Quoting Enclave to verify the TDREPORT > locally and convert it to a remotely verifiable Quote. Although > attestation software can use communication methods like TCP/IP or > vsock to send the TDREPORT to QE, not all platforms support these > communication models. So TDX GHCI specification [1] defines a method > for Quote generation via hypercalls. Please check the discussion from > Google [2] and Alibaba [3] which clarifies the need for hypercall based > Quote generation support. This patch set adds this support. Thanks Kuppuswamy for the v2 of this patch set. I reviewed all 3 patches and it looks good for me and it covers our use ca= ses. > > Support for TDREPORT generation already exists in the TDX guest driver. > This patchset extends the same driver to add the Quote generation > support. > > Following are the details of the patch set: > > Patch 1/3 -> Adds event notification IRQ support. > Patch 2/3 -> Adds Quote generation support. > Patch 3/3 -> Adds selftest support for Quote generation feature. > > [1] https://cdrdv2.intel.com/v1/dl/getContent/726790, section titled "TDG= .VP.VMCALL". > [2] https://lore.kernel.org/lkml/CAAYXXYxxs2zy_978GJDwKfX5Hud503gPc8=3D1k= Q-+JwG_kA79mg@mail.gmail.com/ > [3] https://lore.kernel.org/lkml/a69faebb-11e8-b386-d591-dbd08330b008@lin= ux.alibaba.com/ > > Kuppuswamy Sathyanarayanan (3): > x86/tdx: Add TDX Guest event notify interrupt support > virt: tdx-guest: Add Quote generation support > selftests/tdx: Test GetQuote TDX attestation feature > > Documentation/virt/coco/tdx-guest.rst | 11 ++ > arch/x86/coco/tdx/tdx.c | 196 +++++++++++++++++++ > arch/x86/include/asm/tdx.h | 8 + > drivers/virt/coco/tdx-guest/tdx-guest.c | 168 +++++++++++++++- > include/uapi/linux/tdx-guest.h | 43 ++++ > tools/testing/selftests/tdx/tdx_guest_test.c | 68 ++++++- > 6 files changed, 487 insertions(+), 7 deletions(-) > > -- > 2.34.1 >