Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp508641rwd; Sun, 14 May 2023 00:49:21 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7XbbNCbrOTF72bfFd4swg46gg4gYfXunJqm2N1dl8spkxeiwznDGFX5Q5Fflw01jExQker X-Received: by 2002:a17:903:2448:b0:1ab:1a6:34bc with SMTP id l8-20020a170903244800b001ab01a634bcmr38080273pls.9.1684050561224; Sun, 14 May 2023 00:49:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684050561; cv=none; d=google.com; s=arc-20160816; b=N1+FDEwqC+EE1hKDC0giFiyGBcc4N+DLNGLheeBOI6WjRwmOxx/TsoanfK+aV8LXbv NOqkQpmeMsPWMqxFUBH/khkNArbNeBUPPCMeLqLFfkPerg8TccHNrDGQvDZHjIEgIl66 SyjU4jAD0+CC8zLpHLmo0kBtqadt2NxHnD8jbbLLBYyVc+RRiI/s/vdHh1wbj1BiZR5v mhvprtIO7pldpZNs8s0xXwSOrFO0+eqy86PSQHh1KZX2wbCYkY1bTHikVSd+nRS9HnJ8 TWQqG3NJkqq1PZDmkjmXUotKKMUjavXsfrkWbmGQpU4GFGiXx35c02d+HGINqbUHLoa6 4E1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=lvpjo6CqRQfMoYq9xtaju+2Dl8jN4Llp5Xb1QrwCXrI=; b=bXiNzBXcBdEKoHvQhtVBa1eqLjmpFBkTqRsbtCy7/uWKy2hB+VtzpSH2ynQOfBCl/2 ojIKq/KPcTVImpismLbWNIM88OyxS9uYOc9fCR8Yazoo0V2EpBnEQw8BCyKPVTkbGaPR p05feIsm9RNLp9CKzy/E3AQ2tcToIslYcaAL1XzBHkWaFqKNHW2r76kGlFxRg2hHngLL /7123axv2FTOcCzMzugy2UK+aRYSJluG1yKx+JgYbFRkBZ5h/Hi1yqF5ukceSdrS/LFI 4X11Zc2xnFHaOUBeTWfJ5jYjdkjBmfFoRSdnfHHI5Ag7Kjvp3N1OU1Z2Cmm2PNmTxYe7 EnHQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=cxCsUnth; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i12-20020a17090332cc00b001a59439dbfesi13979685plr.529.2023.05.14.00.49.07; Sun, 14 May 2023 00:49:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=cxCsUnth; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229942AbjENHYC (ORCPT + 99 others); Sun, 14 May 2023 03:24:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50680 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229447AbjENHYA (ORCPT ); Sun, 14 May 2023 03:24:00 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F1C0F199E; Sun, 14 May 2023 00:23:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1684049039; x=1715585039; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=npeBkINJGxSpUKevbIGygQlsBP2qc6pkrXvu4pgq/P0=; b=cxCsUnthsil2N/LWw/zopFTfo0uRrDGlaIxYMecg1zSHGRGENx96OmfR yaQ2b+yDwuuL7e3Pvft0IAECx0cLSver+2xoIYFtkduhq6OcKpVFG3yl9 M884sFg0y47xXX/mO3+AVAWgWZNnhldC9OBcqmyaeBSsa54WfiadVsdcI o9bGs4622B99q09T7nHNiviEb9W2gAHXPqVBuhW2RU2zwtueo/2InAtt2 Tg2HfrKkMXRaYW67nXOiBR4WgmvlXBmczbb13YLrFLfuYJeQ7Tz3PCqn1 2jbk9GTxeO0N+ai6ewnqub2WNdi1UHHhWuj8FygdVPNMmtiUvwXEHDBZm w==; X-IronPort-AV: E=McAfee;i="6600,9927,10709"; a="354167273" X-IronPort-AV: E=Sophos;i="5.99,273,1677571200"; d="scan'208";a="354167273" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2023 00:23:57 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10709"; a="731262936" X-IronPort-AV: E=Sophos;i="5.99,273,1677571200"; d="scan'208";a="731262936" Received: from mply-mobl1.amr.corp.intel.com (HELO skuppusw-desk1.amr.corp.intel.com) ([10.212.130.17]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2023 00:23:57 -0700 From: Kuppuswamy Sathyanarayanan To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, Shuah Khan , Jonathan Corbet Cc: "H . Peter Anvin" , Kuppuswamy Sathyanarayanan , "Kirill A . Shutemov" , Tony Luck , Wander Lairson Costa , Erdem Aktas , Dionna Amalie Glaze , Chong Cai , Qinkun Bao , Guorui Yu , Du Fan , linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org Subject: [PATCH v3 0/3] TDX Guest Quote generation support Date: Sun, 14 May 2023 00:23:43 -0700 Message-Id: X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi All, In TDX guest, the attestation process is used to verify the TDX guest trustworthiness to other entities before provisioning secrets to the guest. The TDX guest attestation process consists of two steps: 1. TDREPORT generation 2. Quote generation. The First step (TDREPORT generation) involves getting the TDX guest measurement data in the format of TDREPORT which is further used to validate the authenticity of the TDX guest. The second step involves sending the TDREPORT to a Quoting Enclave (QE) server to generate a remotely verifiable Quote. TDREPORT by design can only be verified on the local platform. To support remote verification of the TDREPORT, TDX leverages Intel SGX Quoting Enclave to verify the TDREPORT locally and convert it to a remotely verifiable Quote. Although attestation software can use communication methods like TCP/IP or vsock to send the TDREPORT to QE, not all platforms support these communication models. So TDX GHCI specification [1] defines a method for Quote generation via hypercalls. Please check the discussion from Google [2] and Alibaba [3] which clarifies the need for hypercall based Quote generation support. This patch set adds this support. Support for TDREPORT generation already exists in the TDX guest driver. This patchset extends the same driver to add the Quote generation support. Following are the details of the patch set: Patch 1/3 -> Adds event notification IRQ support. Patch 2/3 -> Adds Quote generation support. Patch 3/3 -> Adds selftest support for Quote generation feature. [1] https://cdrdv2.intel.com/v1/dl/getContent/726790, section titled "TDG.VP.VMCALL". [2] https://lore.kernel.org/lkml/CAAYXXYxxs2zy_978GJDwKfX5Hud503gPc8=1kQ-+JwG_kA79mg@mail.gmail.com/ [3] https://lore.kernel.org/lkml/a69faebb-11e8-b386-d591-dbd08330b008@linux.alibaba.com/ Kuppuswamy Sathyanarayanan (3): x86/tdx: Add TDX Guest event notify interrupt support virt: tdx-guest: Add Quote generation support selftests/tdx: Test GetQuote TDX attestation feature Documentation/virt/coco/tdx-guest.rst | 11 ++ arch/x86/coco/tdx/tdx.c | 194 +++++++++++++++++++ arch/x86/include/asm/tdx.h | 8 + drivers/virt/coco/tdx-guest/tdx-guest.c | 175 ++++++++++++++++- include/uapi/linux/tdx-guest.h | 44 +++++ tools/testing/selftests/tdx/tdx_guest_test.c | 65 ++++++- 6 files changed, 490 insertions(+), 7 deletions(-) -- 2.34.1