Received: by 2002:a05:7412:da14:b0:e2:908c:2ebd with SMTP id fe20csp880229rdb;
        Sat, 7 Oct 2023 03:04:59 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IGL0SGrXXbFSyShRzQGCfUjESM//803C4ib9bup04htIxrFlkjODY3y5JAHCT7cLz5M3j7o
X-Received: by 2002:a05:6a20:8e1f:b0:16b:8488:babf with SMTP id y31-20020a056a208e1f00b0016b8488babfmr4639905pzj.35.1696673098712;
        Sat, 07 Oct 2023 03:04:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1696673098; cv=none;
        d=google.com; s=arc-20160816;
        b=cyIC2a9Qjh4cBPPZyGEkqL0AtDgwiYXXy2ZsnlHWl8XK/rzUcKvyQfNFoBURi0B9do
         NvjrexcEjtbnjug1Z1FaWnZR1LRZmRIGGkpNC49RQZ46t99ai2ZqgNjVqU60vBXSRazX
         DY8rS8uOUuk/Pez3MsCVcSFKu5nhubDhKLSZOKYjq6+6rAgT9y/rZbN312z7oVGL72k/
         5R/2VWMrXL7aFPFobtdGX+wsXbyszzG8sTlDrok4mNrwjM7pc83wdt3+v/tpXKjxDEJ9
         vWrVURWrsXhRDi4im+zISSDhKs66bOCCvcjjbp34OAYV/85A2oT31SGhniQ8tFyRyTzN
         bI4g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:user-agent:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date;
        bh=SrsQl092lPzZcQXaZJIPvUKAbEgPonCzq+spFiNwR7g=;
        fh=vFP1ju1V3xr29GshN4DbO6w0T3mfP1mELPn2Pv6xpM8=;
        b=vOLva/S4KjTrVjwHVYhOrzT2/4gl5ZeyaHeBt7QqJQz0fn1llT+23d0ziTYcyUzxm2
         RZLbRQCGW+ROW2cLH0mOXbThbydPcCogIsIiFPDYZs2MXOEX2FSExMuHiVb9MeYid5fy
         2MYn7w7bfWfx+ECgK44za4Sq2xYZ3sCxPzafGS89Iq5xWM2ayhp7BXHZZWBjGrRi3/jB
         JOYR5f4TvImnTej/yiLQHR+DeMNuZWwIk33cRLYHzDTXJicNpq9ToYrAyy89aXFE8PWl
         amnMMlvBoPnN9vFAHNVvLS36XJcq2EhnVTiP3u8tuXD0DVtMjm9earZMiao/uGb/Y1h2
         R1dA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8])
        by mx.google.com with ESMTPS id ei5-20020a056a0080c500b0069024c6a9a8si3168081pfb.389.2023.10.07.03.04.58
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 07 Oct 2023 03:04:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by fry.vger.email (Postfix) with ESMTP id E3A268070896;
	Sat,  7 Oct 2023 03:04:54 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234187AbjJGKEl (ORCPT <rfc822;sbozturk97@gmail.com> + 99 others);
        Sat, 7 Oct 2023 06:04:41 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60914 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234148AbjJGKEk (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Sat, 7 Oct 2023 06:04:40 -0400
Received: from bmailout3.hostsharing.net (bmailout3.hostsharing.net [IPv6:2a01:4f8:150:2161:1:b009:f23e:0])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5BED6CE;
        Sat,  7 Oct 2023 03:04:39 -0700 (PDT)
Received: from h08.hostsharing.net (h08.hostsharing.net [IPv6:2a01:37:1000::53df:5f1c:0])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
         client-signature RSA-PSS (4096 bits) client-digest SHA256)
        (Client CN "*.hostsharing.net", Issuer "RapidSSL Global TLS RSA4096 SHA256 2022 CA1" (verified OK))
        by bmailout3.hostsharing.net (Postfix) with ESMTPS id 593B6100D587B;
        Sat,  7 Oct 2023 12:04:33 +0200 (CEST)
Received: by h08.hostsharing.net (Postfix, from userid 100393)
        id 22C151C0227; Sat,  7 Oct 2023 12:04:33 +0200 (CEST)
Date:   Sat, 7 Oct 2023 12:04:33 +0200
From:   Lukas Wunner <lukas@wunner.de>
To:     Dan Williams <dan.j.williams@intel.com>
Cc:     Bjorn Helgaas <helgaas@kernel.org>,
        David Howells <dhowells@redhat.com>,
        David Woodhouse <dwmw2@infradead.org>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>,
        Alex Williamson <alex.williamson@redhat.com>,
        linux-pci@vger.kernel.org, linux-cxl@vger.kernel.org,
        linux-coco@lists.linux.dev, keyrings@vger.kernel.org,
        linux-crypto@vger.kernel.org, kvm@vger.kernel.org,
        Jonathan Cameron <Jonathan.Cameron@huawei.com>,
        linuxarm@huawei.com, David Box <david.e.box@intel.com>,
        Dave Jiang <dave.jiang@intel.com>,
        "Li, Ming" <ming4.li@intel.com>, Zhi Wang <zhi.a.wang@intel.com>,
        Alistair Francis <alistair.francis@wdc.com>,
        Wilfred Mallawa <wilfred.mallawa@wdc.com>,
        Alexey Kardashevskiy <aik@amd.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Sean Christopherson <seanjc@google.com>,
        Alexander Graf <graf@amazon.com>
Subject: Re: [PATCH 00/12] PCI device authentication
Message-ID: <20231007100433.GA7596@wunner.de>
References: <cover.1695921656.git.lukas@wunner.de>
 <652030759e42d_ae7e72946@dwillia2-xfh.jf.intel.com.notmuch>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <652030759e42d_ae7e72946@dwillia2-xfh.jf.intel.com.notmuch>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Spam-Status: No, score=2.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS autolearn=no
	autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Sat, 07 Oct 2023 03:04:55 -0700 (PDT)
X-Spam-Level: **

On Fri, Oct 06, 2023 at 09:06:13AM -0700, Dan Williams wrote:
> Lukas Wunner wrote:
> > The root of trust is initially an in-kernel key ring of certificates.
> > We can discuss linking the system key ring into it, thereby allowing
> > EFI to pass trusted certificates to the kernel for CMA.  Alternatively,
> > a bundle of trusted certificates could be loaded from the initrd.
> > I envision that we'll add TPMs or remote attestation services such as
> > https://keylime.dev/ to create an ecosystem of various trust sources.
> 
> Linux also has an interest in accommodating opt-in to using platform
> managed keys, so the design requires that key management and session
> ownership is a system owner policy choice.

You're pointing out a gap in the specification:

There's an existing mechanism to negotiate which PCI features are
handled natively by the OS and which by platform firmware and that's
the _OSC Control Field (PCI Firmware Spec r3.3 table 4-5 and 4-6).

There are currently 10 features whose ownership is negotiated with _OSC,
examples are Hotplug control and DPC configuration control.

I propose adding an 11th bit to negotiate ownership of the CMA-SPDM
session.

Once that's added to the PCI Firmware Spec, amending the implementation
to honor it is trivial:  Just check for platform ownership at the top
of pci_cma_init() and return.

Thanks,

Lukas