Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp735749rdg; Thu, 12 Oct 2023 22:03:15 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFtOzNq8vpzBPA8SSzsNn0/l5xJHZgeB94IFajSbVseJoX1MhtGDhljKBd5DjlGcwBRiJEf X-Received: by 2002:a05:6808:198e:b0:3a7:f153:b5e5 with SMTP id bj14-20020a056808198e00b003a7f153b5e5mr31319824oib.29.1697173395055; Thu, 12 Oct 2023 22:03:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697173395; cv=none; d=google.com; s=arc-20160816; b=vqCW7jP77kv3mWeCApLkiMfRi68ZfegVcrLeEN6dNQ7uYE0Xx1YhKyOWfUFcWz5xVL oOpO8bsxRFVF/BreLcVFtb+5qhuB+vSIkz9ScJTJxAoTPc1750pW7rv2imcoxCm2D5i+ 3cQDHfTpqoGhRe059KKz3qMYDjPkeTthf0Un4EJ2ubwkZ4e1jvlfTbIPBLXNfoY0JNhm WROVf5iOh/ZEckflp0yApJZ51UznYooNdMsfz6946Bi8Np/pnCp+ggs/OGY74Ht4DceB zzgqqUkr1DvJfMvhXIQLoNcmIFCcVTEId4+FKFHlVi1hnxWjjpyFTUR/hllVOsVJU2I6 ZJzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=UVpd0E4GFx6H/SM7YV3uveoOWkdUC4wwz8FAahExBkA=; fh=8i8p6JZVgl+6mRjHU+Y4yTgFMePT87qPwv3GYcerB2c=; b=U6LrSDsu5P8KPOO1Znm+SlycRdP1g0+OIuAZWlTewRI+UbpuA1RgKL8wrE8So50S5r MuQ0C2FJF8FYvQYbhMPrgbbn4B8e+ifyOy3/kf6WhEAU16su2KjKY8zUSIuM7Zk0J0CW tWp5fesTYG1WcT453b0Hio3qBFfUzVZR3/wzbWSm3ZEGs3N0qWJx6HJ3T1I0IbF7sy4E vh3bOYEOga9835PA2VKwFuqlCOrDy3VgQI3u2Q2SwjTUHDC2bvoZmyJo2ZKx3AxycfTL wq/xALY5Za+UofKAtt8ssSKdZzic9JSLyJl0n0hWmJAoEBdo9mRKk7O+ntMsGwDZZc+k 4bAw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=RFbKBnHD; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id bx1-20020a056a02050100b0059b7f926c04si4411189pgb.721.2023.10.12.22.03.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Oct 2023 22:03:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=RFbKBnHD; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id A47B78069F33; Thu, 12 Oct 2023 22:03:13 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229587AbjJMFDK (ORCPT + 99 others); Fri, 13 Oct 2023 01:03:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47734 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229487AbjJMFDJ (ORCPT ); Fri, 13 Oct 2023 01:03:09 -0400 Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 957CFC9 for ; Thu, 12 Oct 2023 22:03:06 -0700 (PDT) Received: by mail-wr1-x42f.google.com with SMTP id ffacd0b85a97d-3232be274a0so1847713f8f.1 for ; Thu, 12 Oct 2023 22:03:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1697173385; x=1697778185; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=UVpd0E4GFx6H/SM7YV3uveoOWkdUC4wwz8FAahExBkA=; b=RFbKBnHDCyktRRB57c8Fy81XmruDZuU0iBvedpxokaFQAg/X3OcvG7Z8qH5+8qmLJC NKIzdQfKKUec13eemPEIPSAxBCFTLPosnixtOqHzXxx0OSCK3GclprQj6R71ZMT51Uo9 SDkcVohf7dPmjEHSdH0DBrTHAP2Vqdk4kBKgrlR/gki1HpX55HF4iI0r82uIG4rLPo+A dqCv5GabtcL0w3yaxA4aFyJdXpR9WZpULD0eveJ7Z/57nvwq/jl3szm2ZwRm/quRAEin To5XH2S4eCryqXdSALjPxPYTrBnlyIld+g35x4FRfaHl04/yYCBFwnlTFcQp8Ctram0D hLbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697173385; x=1697778185; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=UVpd0E4GFx6H/SM7YV3uveoOWkdUC4wwz8FAahExBkA=; b=suAgJaHrrkn/QHFx1n2spn3ihggZmSExHRwqInTNk0LBTiGmnOGQ7f1be3ppWqt1BB nMN5jGZhLNC3KCvrgkralK+Y7h2EjJVYXNLFDRvHOsMwIGLRmv1h4jyjjd/+UBXidP8K vpfRaUNxnW6isiyl2+7+Annu5nhK98LY/jGUkPTRspaMA5kfQ6koUUNRKCWqEo0rmudq kRRGCtx2+DKN+SKKDbiNfVidsbD5+Bqv0OSEX/u6TxOHoAEj9xPdlWPxakRYzP43rMFi q2kevIkZUgKYyDRX0o/VlRnc2gH5x9I2k+zYdPhdILL/AeqsGPbtFjGFczLfmqWFDf8L HjrQ== X-Gm-Message-State: AOJu0Yy0v1Ct6M4dSmpYbxiJ0LuRaSeAIoYQYTY+kaHAp5MG0cAfKES2 WT3jyHOqY6afHjO7ACeoynbqjw== X-Received: by 2002:adf:fb47:0:b0:318:416:a56a with SMTP id c7-20020adffb47000000b003180416a56amr17734101wrs.13.1697173384872; Thu, 12 Oct 2023 22:03:04 -0700 (PDT) Received: from vermeer ([2a01:cb1d:81a9:dd00:b570:b34c:ffd4:c805]) by smtp.gmail.com with ESMTPSA id u5-20020a05600c00c500b004063c9f68f2sm1455494wmm.26.2023.10.12.22.03.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Oct 2023 22:03:04 -0700 (PDT) Date: Fri, 13 Oct 2023 07:03:01 +0200 From: Samuel Ortiz To: Jonathan Cameron Cc: Lukas Wunner , Alexey Kardashevskiy , Dan Williams , Bjorn Helgaas , David Howells , David Woodhouse , Herbert Xu , "David S. Miller" , Alex Williamson , linux-pci@vger.kernel.org, linux-cxl@vger.kernel.org, linux-coco@lists.linux.dev, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, kvm@vger.kernel.org, linuxarm@huawei.com, David Box , Dave Jiang , "Li, Ming" , Zhi Wang , Alistair Francis , Wilfred Mallawa , Tom Lendacky , Sean Christopherson , Alexander Graf Subject: Re: [PATCH 00/12] PCI device authentication Message-ID: References: <652030759e42d_ae7e72946@dwillia2-xfh.jf.intel.com.notmuch> <20231007100433.GA7596@wunner.de> <20231009123335.00006d3d@Huawei.com> <20231009134950.GA7097@wunner.de> <20231012091542.GA22596@wunner.de> <20231012163221.000064af@Huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20231012163221.000064af@Huawei.com> X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 12 Oct 2023 22:03:13 -0700 (PDT) On Thu, Oct 12, 2023 at 04:32:21PM +0100, Jonathan Cameron wrote: > On Thu, 12 Oct 2023 15:13:31 +0200 > Samuel Ortiz wrote: > > > On Thu, Oct 12, 2023 at 11:15:42AM +0200, Lukas Wunner wrote: > > > On Tue, Oct 10, 2023 at 03:07:41PM +1100, Alexey Kardashevskiy wrote: > > > > But the way SPDM is done now is that if the user (as myself) wants to let > > > > the firmware run SPDM - the only choice is disabling CONFIG_CMA completely > > > > as CMA is not a (un)loadable module or built-in (with some "blacklist" > > > > parameters), and does not provide a sysfs knob to control its tentacles. > > > > Kinda harsh. > > > > > > On AMD SEV-TIO, does the PSP perform SPDM exchanges with a device > > > *before* it is passed through to a guest? If so, why does it do that? > > > > SPDM exchanges would be done with the DSM, i.e. through the PF, which is > > typically *not* passed through to guests. VFs are. > > > > The RISC-V CoVE-IO [1] spec follows similar flows as SEV-TIO (and to > > some extend TDX-Connect) and expects the host to explicitly request the > > TSM to establish an SPDM connection with the DSM (PF) before passing one > > VF through a TSM managed guest. VFs would be vfio bound, not the PF, so > > I think patch #12 does not solve our problem here. > > > > > Dan and I discussed this off-list and Dan is arguing for lazy attestation, > > > i.e. the TSM should only have the need to perform SPDM exchanges with > > > the device when it is passed through. > > > > > > So the host enumerates the DOE protocols and authenticates the device. > > > When the device is passed through, patch 12/12 ensures that the host > > > keeps its hands off of the device, thus affording the TSM exclusive > > > SPDM control. > > > > Just to re-iterate: The TSM does not talk SPDM with the passed > > through device(s), but with the corresponding PF. If the host kernel > > owns the SPDM connection when the TSM initiates the SPDM connection with > > the DSM (For IDE key setup), the connection establishment will fail. > > Both CoVE-IO and SEV-TIO (Alexey, please correct me if I'm wrong) > > expect the host to explicitly ask the TSM to establish that SPDM > > connection. That request should somehow come from KVM, which then would > > have to destroy the existing CMA/SPDM connection in order to give the > > TSM a chance to successfully establish the SPDM link. > > Agreed - I don't see a problem with throwing away the initial connection. > In these cases you are passing that role on to another entity - the > job of this patch set is done. Right. As long as there's a way for the kernel to explicitly drop that ownership before calling into the TSM for asking it to create a new SPDM connection, we should be fine. Alexey, would you agree with that statement? > I'm not clear yet if we need an explicit lock out similar to the VFIO > one for PF pass through or if everything will happen in a 'safe' order > anyway. I suspect a lockout on the ability to re attest is necessary > if the PF driver is loaded. > > Perhaps just dropping the > +#if IS_ENABLED(CONFIG_VFIO_PCI_CORE) > and letting other PF drivers or another bit of core kernel code > (I'm not sure where the proxy resides for the models being discussed) > claim ownership is enough? If we agree that other parts of the kernel (I suspect KVM would do the "Connect to device" call to the TSM) should be able to tear the established SPDM connection, then yes, the claim/return_ownership() API should not be only available to VFIO. Cheers, Samuel.