Received: by 2002:a05:7412:da14:b0:e2:908c:2ebd with SMTP id fe20csp880229rdb; Sat, 7 Oct 2023 03:04:59 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGL0SGrXXbFSyShRzQGCfUjESM//803C4ib9bup04htIxrFlkjODY3y5JAHCT7cLz5M3j7o X-Received: by 2002:a05:6a20:8e1f:b0:16b:8488:babf with SMTP id y31-20020a056a208e1f00b0016b8488babfmr4639905pzj.35.1696673098712; Sat, 07 Oct 2023 03:04:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696673098; cv=none; d=google.com; s=arc-20160816; b=cyIC2a9Qjh4cBPPZyGEkqL0AtDgwiYXXy2ZsnlHWl8XK/rzUcKvyQfNFoBURi0B9do NvjrexcEjtbnjug1Z1FaWnZR1LRZmRIGGkpNC49RQZ46t99ai2ZqgNjVqU60vBXSRazX DY8rS8uOUuk/Pez3MsCVcSFKu5nhubDhKLSZOKYjq6+6rAgT9y/rZbN312z7oVGL72k/ 5R/2VWMrXL7aFPFobtdGX+wsXbyszzG8sTlDrok4mNrwjM7pc83wdt3+v/tpXKjxDEJ9 vWrVURWrsXhRDi4im+zISSDhKs66bOCCvcjjbp34OAYV/85A2oT31SGhniQ8tFyRyTzN bI4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=SrsQl092lPzZcQXaZJIPvUKAbEgPonCzq+spFiNwR7g=; fh=vFP1ju1V3xr29GshN4DbO6w0T3mfP1mELPn2Pv6xpM8=; b=vOLva/S4KjTrVjwHVYhOrzT2/4gl5ZeyaHeBt7QqJQz0fn1llT+23d0ziTYcyUzxm2 RZLbRQCGW+ROW2cLH0mOXbThbydPcCogIsIiFPDYZs2MXOEX2FSExMuHiVb9MeYid5fy 2MYn7w7bfWfx+ECgK44za4Sq2xYZ3sCxPzafGS89Iq5xWM2ayhp7BXHZZWBjGrRi3/jB JOYR5f4TvImnTej/yiLQHR+DeMNuZWwIk33cRLYHzDTXJicNpq9ToYrAyy89aXFE8PWl amnMMlvBoPnN9vFAHNVvLS36XJcq2EhnVTiP3u8tuXD0DVtMjm9earZMiao/uGb/Y1h2 R1dA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8]) by mx.google.com with ESMTPS id ei5-20020a056a0080c500b0069024c6a9a8si3168081pfb.389.2023.10.07.03.04.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 07 Oct 2023 03:04:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id E3A268070896; Sat, 7 Oct 2023 03:04:54 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234187AbjJGKEl (ORCPT + 99 others); Sat, 7 Oct 2023 06:04:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60914 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234148AbjJGKEk (ORCPT ); Sat, 7 Oct 2023 06:04:40 -0400 Received: from bmailout3.hostsharing.net (bmailout3.hostsharing.net [IPv6:2a01:4f8:150:2161:1:b009:f23e:0]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5BED6CE; Sat, 7 Oct 2023 03:04:39 -0700 (PDT) Received: from h08.hostsharing.net (h08.hostsharing.net [IPv6:2a01:37:1000::53df:5f1c:0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "*.hostsharing.net", Issuer "RapidSSL Global TLS RSA4096 SHA256 2022 CA1" (verified OK)) by bmailout3.hostsharing.net (Postfix) with ESMTPS id 593B6100D587B; Sat, 7 Oct 2023 12:04:33 +0200 (CEST) Received: by h08.hostsharing.net (Postfix, from userid 100393) id 22C151C0227; Sat, 7 Oct 2023 12:04:33 +0200 (CEST) Date: Sat, 7 Oct 2023 12:04:33 +0200 From: Lukas Wunner To: Dan Williams Cc: Bjorn Helgaas , David Howells , David Woodhouse , Herbert Xu , "David S. Miller" , Alex Williamson , linux-pci@vger.kernel.org, linux-cxl@vger.kernel.org, linux-coco@lists.linux.dev, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, kvm@vger.kernel.org, Jonathan Cameron , linuxarm@huawei.com, David Box , Dave Jiang , "Li, Ming" , Zhi Wang , Alistair Francis , Wilfred Mallawa , Alexey Kardashevskiy , Tom Lendacky , Sean Christopherson , Alexander Graf Subject: Re: [PATCH 00/12] PCI device authentication Message-ID: <20231007100433.GA7596@wunner.de> References: <652030759e42d_ae7e72946@dwillia2-xfh.jf.intel.com.notmuch> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <652030759e42d_ae7e72946@dwillia2-xfh.jf.intel.com.notmuch> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=2.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Sat, 07 Oct 2023 03:04:55 -0700 (PDT) X-Spam-Level: ** On Fri, Oct 06, 2023 at 09:06:13AM -0700, Dan Williams wrote: > Lukas Wunner wrote: > > The root of trust is initially an in-kernel key ring of certificates. > > We can discuss linking the system key ring into it, thereby allowing > > EFI to pass trusted certificates to the kernel for CMA. Alternatively, > > a bundle of trusted certificates could be loaded from the initrd. > > I envision that we'll add TPMs or remote attestation services such as > > https://keylime.dev/ to create an ecosystem of various trust sources. > > Linux also has an interest in accommodating opt-in to using platform > managed keys, so the design requires that key management and session > ownership is a system owner policy choice. You're pointing out a gap in the specification: There's an existing mechanism to negotiate which PCI features are handled natively by the OS and which by platform firmware and that's the _OSC Control Field (PCI Firmware Spec r3.3 table 4-5 and 4-6). There are currently 10 features whose ownership is negotiated with _OSC, examples are Hotplug control and DPC configuration control. I propose adding an 11th bit to negotiate ownership of the CMA-SPDM session. Once that's added to the PCI Firmware Spec, amending the implementation to honor it is trivial: Just check for platform ownership at the top of pci_cma_init() and return. Thanks, Lukas