Received: by 2002:a05:7412:da14:b0:e2:908c:2ebd with SMTP id fe20csp1829643rdb; Mon, 9 Oct 2023 04:33:55 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHF8elQxtvYKZVarQ78b0Vr0/zlXQrlvjdEQwuwOoG6U8Ar3t7kZFJUbv/TZaiBTuGpTtHT X-Received: by 2002:a05:6830:3d09:b0:6b7:5687:8a9e with SMTP id eu9-20020a0568303d0900b006b756878a9emr15961436otb.15.1696851234801; Mon, 09 Oct 2023 04:33:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696851234; cv=none; d=google.com; s=arc-20160816; b=ZpGl2ww3F/9cs+LwI6ONaj2ESx2c0MVLizZkFpqadTRz7bg+B0ppO6fV8xz9SLGAn8 hyyW8ijFaFmJsfMTa9BXryK6MnrDUgdZT3Xf0C+qk1tQjzKhbcHYPmXjBbcf44MyzEzq k5sq1aOxtoITObKHUo5K7tdbmkjc+A2cCAUAhSbIxamqUDZdvils/ILy6/0B6wzlhY5O z73/0t6h726Cx52Ox4InsooBsfaM1EbNqfJMvxmY47pHPjcSHCCOFGi/HquN41N5IArl aNn3CAfFjNw6cBdTnoPlKN+Ov1Y57lG/OLgjXxvdLeKKr4m4hTNiPPpV+jpQQruvHVk7 K+yQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date; bh=a4n8/elxprSG5j+xbhsEFQbLRlxoc6cy7qWpR263dQI=; fh=tm7K0lP4aZ54z57r0v1oKRWfTMDwZRjiKe8+hpmIWXc=; b=zKAzZHM+XETx/obHmvCCakxb7i7wiSH8pMYm5Izyax6FGOw4hxwHe65fL8KJkDe997 uUj/jFFa8HIhuEz/gpPkSY8FxM6QgZctywUY+w4QjNSVk9nAq3UGwMFtFgxnrbjMpzbX FBVv8NHpMMP+ckIAzO6Ln+SkGYplvBZCfXg3l10IEJOW7cuVUEPsdVAkrNB0YT6paYSY N6CvCOLBYXyPPDZk4rKMOk9KXLoU1UxacVJ0f/5X6MwrWGs2lIEA76hs73Xkb+HHVXSp DmQOoyf1pvjL4DibsyckCAkRRSdH1KQeZDg7/zxaSJ/1ouFEbJnl+TMDjTQr8uXXjkZD ZYjw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id h190-20020a6383c7000000b0056536fc7901si9341385pge.593.2023.10.09.04.33.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Oct 2023 04:33:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 3B7408034A6E; Mon, 9 Oct 2023 04:33:45 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346308AbjJILdm (ORCPT + 99 others); Mon, 9 Oct 2023 07:33:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42000 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346227AbjJILdl (ORCPT ); Mon, 9 Oct 2023 07:33:41 -0400 Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4848594; Mon, 9 Oct 2023 04:33:40 -0700 (PDT) Received: from lhrpeml500005.china.huawei.com (unknown [172.18.147.226]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4S3xjq4l38z6K918; Mon, 9 Oct 2023 19:33:19 +0800 (CST) Received: from localhost (10.202.227.76) by lhrpeml500005.china.huawei.com (7.191.163.240) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.31; Mon, 9 Oct 2023 12:33:36 +0100 Date: Mon, 9 Oct 2023 12:33:35 +0100 From: Jonathan Cameron To: Lukas Wunner CC: Dan Williams , Bjorn Helgaas , David Howells , David Woodhouse , Herbert Xu , "David S. Miller" , Alex Williamson , , , , , , , , David Box , Dave Jiang , "Li, Ming" , Zhi Wang , Alistair Francis , Wilfred Mallawa , Alexey Kardashevskiy , Tom Lendacky , Sean Christopherson , Alexander Graf Subject: Re: [PATCH 00/12] PCI device authentication Message-ID: <20231009123335.00006d3d@Huawei.com> In-Reply-To: <20231007100433.GA7596@wunner.de> References: <652030759e42d_ae7e72946@dwillia2-xfh.jf.intel.com.notmuch> <20231007100433.GA7596@wunner.de> Organization: Huawei Technologies Research and Development (UK) Ltd. X-Mailer: Claws Mail 4.1.0 (GTK 3.24.33; x86_64-w64-mingw32) MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.202.227.76] X-ClientProxiedBy: lhrpeml100001.china.huawei.com (7.191.160.183) To lhrpeml500005.china.huawei.com (7.191.163.240) X-CFilter-Loop: Reflected X-Spam-Status: No, score=2.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Mon, 09 Oct 2023 04:33:45 -0700 (PDT) X-Spam-Level: ** On Sat, 7 Oct 2023 12:04:33 +0200 Lukas Wunner wrote: > On Fri, Oct 06, 2023 at 09:06:13AM -0700, Dan Williams wrote: > > Lukas Wunner wrote: > > > The root of trust is initially an in-kernel key ring of certificates. > > > We can discuss linking the system key ring into it, thereby allowing > > > EFI to pass trusted certificates to the kernel for CMA. Alternatively, > > > a bundle of trusted certificates could be loaded from the initrd. > > > I envision that we'll add TPMs or remote attestation services such as > > > https://keylime.dev/ to create an ecosystem of various trust sources. > > > > Linux also has an interest in accommodating opt-in to using platform > > managed keys, so the design requires that key management and session > > ownership is a system owner policy choice. > > You're pointing out a gap in the specification: > > There's an existing mechanism to negotiate which PCI features are > handled natively by the OS and which by platform firmware and that's > the _OSC Control Field (PCI Firmware Spec r3.3 table 4-5 and 4-6). > > There are currently 10 features whose ownership is negotiated with _OSC, > examples are Hotplug control and DPC configuration control. > > I propose adding an 11th bit to negotiate ownership of the CMA-SPDM > session. > > Once that's added to the PCI Firmware Spec, amending the implementation > to honor it is trivial: Just check for platform ownership at the top > of pci_cma_init() and return. This might want to be a control over the specific DOE instance instead of a general purpose CMA control (or maybe we want both). There is no safe way to access a DOE to find out if it supports CMA that doesn't potentially break another entity using the mailbox. Given the DOE instances might be for something entirely different we can't just decide not to use them at all based on a global control. Any such control becomes messy when hotplug is taken into account. I suppose we could do a _DSM based on BDF / path to device (to remain stable across reenumeration) and config space offset to allow the OS to say 'Hi other entity / firmware are you using this DOE instance?" Kind of an OSC with parameters. Also includes the other way around that the question tells the firmware that if it says "no you can't" the OS will leave it alone until a reboot or similar - that potentially avoids the problem that we access DOE instances already without taking care about this (I dropped ball on this having raised it way back near start of us adding DOE support.) If we do want to do any of these, which spec is appropriate? Link it to PCI and propose a PCI firmware spec update? (not sure they have a code first process available) or make it somewhat generic and propose an ACPI Code first change? Jonathan > > Thanks, > > Lukas > >