Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp176106rdg; Thu, 12 Oct 2023 02:16:50 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG8GHjDavOf2R8BK4QcTQYs6XdjdacP2YmSEHPRnWG0QFHPnl/NfnobCaYoc+LTE4sLX+RY X-Received: by 2002:a17:90a:d510:b0:274:98c4:b6e7 with SMTP id t16-20020a17090ad51000b0027498c4b6e7mr19525689pju.24.1697102210111; Thu, 12 Oct 2023 02:16:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697102210; cv=none; d=google.com; s=arc-20160816; b=oHDQFm3NWsRQshHx51R2VYEiSVHaVxRe3Pq2d1JPOW7J46R1zftkrOSBcXyEgwabwd eF23SOFc/bxmwtGA9PqBTJRJzCMKauiL71XSTWrC8ExPWRhB911qt2DWKSXcfj5DxX0b zDO7Ep3IF6nHecDy1aC3IlUNdbaZno4BzImiSp373UCuTH+wznvyT8vdHrmEuOMFPceH 9ykZa4SL+HrYxrOk+ssrRKcSNqgO2/5lqw6JjN15L6ys9fxbj9SDehwt+IGFY9tHnmCO pbJFvYP9jMWCE+PeZo7zfEiHhmC7dK+iGtRgCmLSa2/u/QuS7XasdoDgNr7h+NH82Yof 9EfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=47SshmDLtld7C6Ak4SGTJfC0POHUYTdY38DwqyugvKc=; fh=/dG2QFM9P20+AvK64iv1OYERiFtog1YGmUR4V/xQDj4=; b=S974MUSEe6cIWU1iqNE6rEmrWHIfS+wX/pLYps4hcEyv3j2iQ+foqsgvcQ7NYlK/bH eJP85u1H6iJDrJuQjj4xz/q3G2fBX/6pkrKphr+c6Bq8Hsw1lNRU0xc8sl22y3UPeGkg LvztB41xFKgZWbD0hI3MbcmK0gdBuAv39Zq1o2YxZwyauU4EAs6Xy3ZX/eip3LwZaTk3 K+/w7BnmF4FDdEB1D6JICzSM47/D5C+9OSaMdnrZlBrhEkUmrzfE7QsCmBUfk+NhG+Qx H2+mH5C0yXCRjseCSR0AW8ZAkTOch2SWz2l0/wz6q7jrpZbLRamIVLBLh8NLWwYzRvRq 4RSw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id 28-20020a17090a001c00b00274a5edad0csi1866229pja.139.2023.10.12.02.16.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Oct 2023 02:16:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 60D0B802C8F2; Thu, 12 Oct 2023 02:16:22 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235518AbjJLJQU (ORCPT + 99 others); Thu, 12 Oct 2023 05:16:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34388 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234133AbjJLJP7 (ORCPT ); Thu, 12 Oct 2023 05:15:59 -0400 Received: from bmailout3.hostsharing.net (bmailout3.hostsharing.net [IPv6:2a01:4f8:150:2161:1:b009:f23e:0]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6C274ED; Thu, 12 Oct 2023 02:15:45 -0700 (PDT) Received: from h08.hostsharing.net (h08.hostsharing.net [IPv6:2a01:37:1000::53df:5f1c:0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "*.hostsharing.net", Issuer "RapidSSL Global TLS RSA4096 SHA256 2022 CA1" (verified OK)) by bmailout3.hostsharing.net (Postfix) with ESMTPS id DACAF100DCEF1; Thu, 12 Oct 2023 11:15:42 +0200 (CEST) Received: by h08.hostsharing.net (Postfix, from userid 100393) id 8BED2224D1; Thu, 12 Oct 2023 11:15:42 +0200 (CEST) Date: Thu, 12 Oct 2023 11:15:42 +0200 From: Lukas Wunner To: Alexey Kardashevskiy Cc: Jonathan Cameron , Dan Williams , Bjorn Helgaas , David Howells , David Woodhouse , Herbert Xu , "David S. Miller" , Alex Williamson , linux-pci@vger.kernel.org, linux-cxl@vger.kernel.org, linux-coco@lists.linux.dev, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, kvm@vger.kernel.org, linuxarm@huawei.com, David Box , Dave Jiang , "Li, Ming" , Zhi Wang , Alistair Francis , Wilfred Mallawa , Tom Lendacky , Sean Christopherson , Alexander Graf Subject: Re: [PATCH 00/12] PCI device authentication Message-ID: <20231012091542.GA22596@wunner.de> References: <652030759e42d_ae7e72946@dwillia2-xfh.jf.intel.com.notmuch> <20231007100433.GA7596@wunner.de> <20231009123335.00006d3d@Huawei.com> <20231009134950.GA7097@wunner.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE, SPF_NONE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 12 Oct 2023 02:16:22 -0700 (PDT) On Tue, Oct 10, 2023 at 03:07:41PM +1100, Alexey Kardashevskiy wrote: > But the way SPDM is done now is that if the user (as myself) wants to let > the firmware run SPDM - the only choice is disabling CONFIG_CMA completely > as CMA is not a (un)loadable module or built-in (with some "blacklist" > parameters), and does not provide a sysfs knob to control its tentacles. > Kinda harsh. On AMD SEV-TIO, does the PSP perform SPDM exchanges with a device *before* it is passed through to a guest? If so, why does it do that? Dan and I discussed this off-list and Dan is arguing for lazy attestation, i.e. the TSM should only have the need to perform SPDM exchanges with the device when it is passed through. So the host enumerates the DOE protocols and authenticates the device. When the device is passed through, patch 12/12 ensures that the host keeps its hands off of the device, thus affording the TSM exclusive SPDM control. I agree that the commit message of 12/12 is utterly misleading in that it says "the guest" is granted exclusive control. It should say "the TSM" instead. (There might be implementations where the guest itself has the role of the TSM and authenticates the device on its own behalf, but PCIe r6.1 sec 11 uses the term "TSM" so that's what the commit message needs to use.) However apart from the necessary rewrite of the commit message and perhaps a rename of the PCI_CMA_OWNED_BY_GUEST flag, I think patch 12/12 should already be doing exactly what you need -- provided that the PSP doesn't perform SPDM exchanges before passthrough. If it already performs them, say, on boot, I'd like to understand the reason. Thanks, Lukas