Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp896446rdg; Fri, 13 Oct 2023 04:46:21 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEkEHMF+kkx8Bt32MLPAeag3MFJdtHucBai4Pa1taGKE8t5iKvxssa9GYUtUPhm2wKXTppF X-Received: by 2002:a05:6358:60cd:b0:134:d78f:67bc with SMTP id i13-20020a05635860cd00b00134d78f67bcmr29188358rwi.14.1697197581339; Fri, 13 Oct 2023 04:46:21 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1697197581; cv=pass; d=google.com; s=arc-20160816; b=jtRu1zZMr0ZBBEdzqVnQKO3dvtBdmQAVhXQPkdvSGcL7d/R0gqTYuhjkknWHzSFCXp AtBXIC0Rk2RRX6maYHiUyoTFLAayzw6BO8oc/Z70b4u3KSRlgV5JAf5V+ip5027bY2W4 CCwTHDP1N7pw4G3SXNxDF+7UkriRVBGs8s41ygYe6xRqzqOTaZKmccB0B/arozckED6f odd7AhVN81iAfsWtztZkPe0C3A3XTau3gMqI+x7rKkSbCT/+OO9bwMC0pCw0TCL3TUkC 9D4zdCA8l8XmXhn6bDZgR4eXakRq3vlSkO8IgQtM2gAZZt5yfA5v7q8ASi8PfimQGxYF 0vgw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :in-reply-to:from:references:cc:to:content-language:subject :user-agent:date:message-id:dkim-signature; bh=hLpWqQpdT3AgNCFEw2kRMpvI+qgKyNy9y2JEcJP2MAY=; fh=dbs7kzISHQwNL3ViNMxQ2amU8QhQmG9WhUNJ/6pRJ4I=; b=PFpGM4DhzW4A0A/q3mbeMsq3a8fHkKemK+bWjA0FUCxtm2EmVGC5/BlnGAsfnt1lg5 lU4T4NBc6gdUxNvuQFHAMuBEqVWyIt3BStmapGECGJ1JefBvPVgNLL2nrlu6aNKDWQor qNjH2i5b4LxEApNqHUm16HBWit1/A8TrYUwgaCkjXmykLnyNNDMXuR1SbP5gi7j+VPu+ CqY3/UVmwLQ17dNXUSVsumhykx4kwJhvEyo2CM/MO+kzKP3uEpEyf7qj18v2lD9Ni+EW AA+0C0QJ7Yw8g7F2uGXUQtzpgFJHcOzQgBzmqCDNfVCC/oEwYvJG0nTQanVzzSbLa/ik UqDw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=ooQ6tB2C; arc=pass (i=1 spf=pass spfdomain=amd.com dkim=pass dkdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Return-Path: Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id x6-20020a63fe46000000b0059f0cebd054si4410536pgj.731.2023.10.13.04.46.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Oct 2023 04:46:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=ooQ6tB2C; arc=pass (i=1 spf=pass spfdomain=amd.com dkim=pass dkdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id AEF42826C61E; Fri, 13 Oct 2023 04:46:16 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231398AbjJMLqO (ORCPT + 99 others); Fri, 13 Oct 2023 07:46:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57194 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231167AbjJMLqM (ORCPT ); Fri, 13 Oct 2023 07:46:12 -0400 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2051.outbound.protection.outlook.com [40.107.95.51]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ED33DA9; Fri, 13 Oct 2023 04:46:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PO7RbIHNzMJO9CDDv2ahkqSIi/UZ/9Cp2duRrT2zVh4ViRjQmmKgX0/khN1asp92lpMDfT+8LNN4FKI0WTbJRscH7HcaYcZOY26A6gi7SDfn4ccNJ2EypbP2ExXFm9hhl1hGUHt7hJe91eNFU0VaErlS2rQ3C1UCfuHgo98ZYv2ayuc0P1DF7J/7hSC5DH4pCBrljrV8b70ERM6l0aP8ZiUKOsCa93VELI/AKnyweU00uqhb5KJtsge1Mck2Y16sCK+EOG2pw+cYAB3F9QBmHOQb8zr1bxXjOmzEhIfeOT0C0320axQbUvAOao9LSgP5sATreo0+x5wfzVd1QcJgmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hLpWqQpdT3AgNCFEw2kRMpvI+qgKyNy9y2JEcJP2MAY=; b=YEAhH/pJB/UXpdlRLc9DiXNvY5Llwn1ExcC2oh0tKy4felggngkv4R3C0pgXF3uE4sGU2IHVR4Z0IGDM/mIUxr2qfJHfRuRKFhwI49OnaSAsVNWPK8mJKlx+dwXF6RXu/wVKZSYn7Ha75e+ReKRNahebmxdcbqhnOpJEsEfb87g/vbmDnK/4+lpwnuGMNrjfmRN0ReVKHQUwNZZy9Q3g/vi9dEIhxp/wkDvI1aPj9joecF72WDfNbwDZtLDuML2yavGEGbIHfq4zyKQaBNflHOhBhnP8KwJab6Tqbt/RVwnVs32pwLUrQeULMhnt6LW3lsQSHHGCkZyQAhE9NjZHzg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hLpWqQpdT3AgNCFEw2kRMpvI+qgKyNy9y2JEcJP2MAY=; b=ooQ6tB2C4YWkSxpTXDt1180zmpEE1ao1U7cuzgtE14Dikn0psIQSBj/C2+9BKDtQWwI7bGuVqnzUUDqOftYAVx3kRByMjVF58oksA2ZVvVzGgBP+ETfv1+M4pFebDRTlF2ArlxRNRTeioxu0+KNezuvl4IEqhX+W0oWOSuWBkrA= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from CH3PR12MB9194.namprd12.prod.outlook.com (2603:10b6:610:19f::7) by DS0PR12MB7747.namprd12.prod.outlook.com (2603:10b6:8:138::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.43; Fri, 13 Oct 2023 11:46:08 +0000 Received: from CH3PR12MB9194.namprd12.prod.outlook.com ([fe80::16da:8b28:d454:ad5a]) by CH3PR12MB9194.namprd12.prod.outlook.com ([fe80::16da:8b28:d454:ad5a%3]) with mapi id 15.20.6863.043; Fri, 13 Oct 2023 11:46:08 +0000 Message-ID: <5eb25628-2ad1-4e70-87dd-e61e9826ac1a@amd.com> Date: Fri, 13 Oct 2023 22:45:47 +1100 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH 00/12] PCI device authentication Content-Language: en-US To: Samuel Ortiz , Jonathan Cameron Cc: Lukas Wunner , Dan Williams , Bjorn Helgaas , David Howells , David Woodhouse , Herbert Xu , "David S. Miller" , Alex Williamson , linux-pci@vger.kernel.org, linux-cxl@vger.kernel.org, linux-coco@lists.linux.dev, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, kvm@vger.kernel.org, linuxarm@huawei.com, David Box , Dave Jiang , "Li, Ming" , Zhi Wang , Alistair Francis , Wilfred Mallawa , Tom Lendacky , Sean Christopherson , Alexander Graf References: <652030759e42d_ae7e72946@dwillia2-xfh.jf.intel.com.notmuch> <20231007100433.GA7596@wunner.de> <20231009123335.00006d3d@Huawei.com> <20231009134950.GA7097@wunner.de> <20231012091542.GA22596@wunner.de> <20231012163221.000064af@Huawei.com> From: Alexey Kardashevskiy In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-ClientProxiedBy: SI2PR04CA0003.apcprd04.prod.outlook.com (2603:1096:4:197::23) To CH3PR12MB9194.namprd12.prod.outlook.com (2603:10b6:610:19f::7) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PR12MB9194:EE_|DS0PR12MB7747:EE_ X-MS-Office365-Filtering-Correlation-Id: 82521cbe-7e5c-467b-acc3-08dbcbe1fd63 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 7CP6IwGT9bKdpacndfdrDV3SsWcOsGqBOp4mn1TVdWP6hRVsW//ny9yCBaeas+JArBiJTMmXp0QNyQJckJp7DS26K++WcJ6QkAnSpXPbFivHVL3bUyyDEiGdRmoXpkZQLs2pYB0Bm+1C0cgAQwwrbq0DAMjMOq0MuKCUEtYCj+dz+M9N74KA37XqVps+sKBTH49zrTgqRFKO3LVN9NZSUwiE2olH1qrpT7aeAMhrvH2d15EkoSMFnXfpQNdQrziJgBZqeNzw4PN3maI+G7QDB7D41/JDgOyLI0j4zPNMD//qE3nTBfaLId50UUNNmw2OT9Rt5FPgVg7/DjdRJ3LN54z/s0YVLAk27qgATKIPoWYU9Fe2+xp7p2S8GB6SM/x75TDvLGOfnbPyMDA0pKdFG2DAy50Bo1IXq6lHpSZnT3b6dmGUH9oqIEuWUIjEX9+N8qNdJicQtQLoHGaiXraWrSgtdBhTxYYuoNJ8ShoZg21BjQu7aCNBFFf9Yze3LgWauAUQKmDBQ3cr8aP3aF0LYoL/xFbZXCRVxqny/HKX14XfrMTDNuWQoqT40YCYqrhDm4rfwqe3WKvzEy8VNmzeiY7ix12ZOpF+X0a2gs4h+aXLqIUXD1LWb1NmIzf2QNCoLhjFlrGvwP+g5RDtoZZyNg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR12MB9194.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(366004)(396003)(136003)(376002)(346002)(39860400002)(230922051799003)(64100799003)(451199024)(1800799009)(186009)(31686004)(6486002)(478600001)(66946007)(6666004)(66476007)(66556008)(110136005)(31696002)(54906003)(83380400001)(6512007)(6506007)(26005)(316002)(2616005)(53546011)(36756003)(2906002)(5660300002)(38100700002)(8936002)(8676002)(4326008)(7416002)(41300700001)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?Uk5tU3lYRTBnTnNRdFJXa3VwYzd1OU5zQWpqYU5kcFNXRkZtN2F0c01QNGM5?= =?utf-8?B?SVYxWlZJblFkY0tTQ2g3KzlvQVBvbE1zU1BIODdKWENWY3Z6R0ZLYVlWZ0ZE?= =?utf-8?B?UGNJN3ptK1pGQ0hmajBGcmpUVnhGWTFqbU1nbE1PTmJtUENrK1h2czFHZW0z?= =?utf-8?B?NFlZamZuSDl4RmgxLzNpa0NwbWUwb2JEREF2dzRaM2NaMUNjMDJoMWFXcGdS?= =?utf-8?B?TTN2TjhrZHZ0UTlSdWl3R0tTOGVvemVDZjM5N1FJWU5hQ2xrQjgwN2VRMFA3?= =?utf-8?B?bytRcVpwc2hqMzh3Zm10MUZuVVJ3RUJYZVVFRnpEeU1sUWk2NDhNOGxvV3k5?= =?utf-8?B?U08zWUdtRFFxbERnT1BLQmxsRG5vUUJZTklkc2xGaFJxOHJ4UVA2RHFiSUp2?= =?utf-8?B?RnpDclNMZVp3TS9DWTVyOHU4MC9OdEsyNFNJWklNbnM4bjI0RTJMZVlGMURz?= =?utf-8?B?eEZ4c3A3aGlWNEh6bFV6N1A4WUdyWDFLYXlUckJFVmdMVkhrWkdMMnpNam8y?= =?utf-8?B?R05ucU1JaVd3YjY4WlMzeDFpM0wyendoS2NrK1VhWjBBMHdaZ1I0UlhsV0Jq?= =?utf-8?B?RFVsRXZyMFljbTkzaTJMcFkrbzQ3U3Btc2tsVW5sOGczVi9FSTF5TFV3Q0ln?= =?utf-8?B?Z0hOdVo4Tmhhb0VZeW9YOEpJQmhOZ0o0UjA1WHR6aWVna010TGFxYythSHNv?= =?utf-8?B?ZUdFRExDRnlhVzVsZ2FFYmJCTE01dktGYWVubTFJRG9ENyt5RDIycDJVd2F6?= =?utf-8?B?cERKMStNTVQwdEpodTdNTUswZU5lSk1BZ0JEc3JnQjZ4VG9YTXMwR0VtRks3?= =?utf-8?B?ZVVITTczaTlkb3E5NnRpaGFqSTNYK1V6SHAybkZDallHNWIyT3lSK0h1M05j?= =?utf-8?B?b3RMQ2R3UnhZMzU0RE1vc1JpVjFKRWhjR3VaSjVTQlhYYVRTMU1yUXJkOE1W?= =?utf-8?B?YlJKN1lwZnUxRmNYdHBST0tWdWdMeEtnVWlpOTd2NmszdlEyUmZ4WTFYNG9Z?= =?utf-8?B?LzRBTzdjMlhqUERSbUtxeDladEJGRTgrQWZRZHNQekw2a3hqMXJwK3h0QThG?= =?utf-8?B?Q2kzb0xibjliWlpybHRNSS9zeHFoWkNYd1hTc2dCSWozcW9NNHd2S2J2SmpF?= =?utf-8?B?RjNZUWlmRXdTUzg4N2w5MXZMTGtSQkZ6Qlg1TG1VeGM2TFhPT1puVHU1VjJa?= =?utf-8?B?S2NsNmMxVmJkWVBLL0d1S0dUK3MwWUhmdUJoYnZNNFZ6a3QxMXNQNXM0K2hC?= =?utf-8?B?V2FVUDR2d0lJdzNlZGQwbDhKdXg2bTVhMCtKK3dxMndOYWwrSjBNcEZHYnd6?= =?utf-8?B?dUd4VkV1VzVjRWtxRTllQVUwNDhFZHlmeUFrZkxnQkplL2Z1V3Q5YlRPamJE?= =?utf-8?B?aTI3U0RrclBWWXI2akVoNE56Q0h3ZFRhTVRmMG9lSTNzclBDb1pobnpRVnlm?= =?utf-8?B?TUp5NGliRFE3LzNaQ2x3WlVpUFJsZ2Z3MjVib2tIM2h3Wm1IZmQzT2t2di80?= =?utf-8?B?cyt2RlR6N2ptbE52QisyOS9idnhPZndzODViblJjcDMrOXV5UDdvdHUyT2xh?= =?utf-8?B?SWdGMHZUNGt5Z3cwRkhIcjJSV2RQeStieVJxdytkL2FpT1huVE1YcjRadC95?= =?utf-8?B?NDBaTEhCU0swVWlicDFGWHR2Z0FUcjB6T0pNMCtJN05QTWdUcE8zeWFSNmFY?= =?utf-8?B?WU5Gc25ickRPWmdXZDRldDk1TlBuTjZmczJ3ZzI4YUQ3SFhielJHeUV4Y0da?= =?utf-8?B?N0Jib0lrZHJ5d2prdmRMZS9yL1FNT3VVQlBuQXhway9hellYMzdsbXp0Y1VW?= =?utf-8?B?QnRSUmlBM2xxaXNDZEpWY2JPWHFRS09YM05ldytTUG1wOFRrRU5vV3piQkF3?= =?utf-8?B?N080aUJvSFU4NmQyWkVmVW01cnZGRVdoNnM4R0dYVUFWL2xZSjdIU0M5Y2VH?= =?utf-8?B?L3RVeHR4MW0wd2xhOXBKWFFlTUs0WENUWlhkVGFwT0E2MnhsWVVzUXAwV1Iz?= =?utf-8?B?Q2YwNTAzVlVlZ1hEWHpNcHNhTjVhZFVyaFhZQ0JDYXEwSWtQYUM0YldiY2dh?= =?utf-8?B?RHFyczVrNXRHcW9vMnpBNGVod3pZZGI2QlJPampzcVMxMHlFYnFRNmpNMS9R?= =?utf-8?Q?e913FykTTzEtXAJYRlhpj55On?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 82521cbe-7e5c-467b-acc3-08dbcbe1fd63 X-MS-Exchange-CrossTenant-AuthSource: CH3PR12MB9194.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Oct 2023 11:46:08.5779 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: sRcjjQYXpOP4JnLr92jkRGBALmTj2BroM/RLNVRZNCUSByQG1gxmf+KmisU96FrMzcRGjo+/bma94UZLwOd0fw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB7747 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Fri, 13 Oct 2023 04:46:17 -0700 (PDT) On 13/10/23 16:03, Samuel Ortiz wrote: > On Thu, Oct 12, 2023 at 04:32:21PM +0100, Jonathan Cameron wrote: >> On Thu, 12 Oct 2023 15:13:31 +0200 >> Samuel Ortiz wrote: >> >>> On Thu, Oct 12, 2023 at 11:15:42AM +0200, Lukas Wunner wrote: >>>> On Tue, Oct 10, 2023 at 03:07:41PM +1100, Alexey Kardashevskiy wrote: >>>>> But the way SPDM is done now is that if the user (as myself) wants to let >>>>> the firmware run SPDM - the only choice is disabling CONFIG_CMA completely >>>>> as CMA is not a (un)loadable module or built-in (with some "blacklist" >>>>> parameters), and does not provide a sysfs knob to control its tentacles. >>>>> Kinda harsh. >>>> >>>> On AMD SEV-TIO, does the PSP perform SPDM exchanges with a device >>>> *before* it is passed through to a guest? If so, why does it do that? >>> >>> SPDM exchanges would be done with the DSM, i.e. through the PF, which is >>> typically *not* passed through to guests. VFs are. >>> >>> The RISC-V CoVE-IO [1] spec follows similar flows as SEV-TIO (and to >>> some extend TDX-Connect) and expects the host to explicitly request the >>> TSM to establish an SPDM connection with the DSM (PF) before passing one >>> VF through a TSM managed guest. VFs would be vfio bound, not the PF, so >>> I think patch #12 does not solve our problem here. >>> >>>> Dan and I discussed this off-list and Dan is arguing for lazy attestation, >>>> i.e. the TSM should only have the need to perform SPDM exchanges with >>>> the device when it is passed through. >>>> >>>> So the host enumerates the DOE protocols and authenticates the device. >>>> When the device is passed through, patch 12/12 ensures that the host >>>> keeps its hands off of the device, thus affording the TSM exclusive >>>> SPDM control. >>> >>> Just to re-iterate: The TSM does not talk SPDM with the passed >>> through device(s), but with the corresponding PF. If the host kernel >>> owns the SPDM connection when the TSM initiates the SPDM connection with >>> the DSM (For IDE key setup), the connection establishment will fail. >>> Both CoVE-IO and SEV-TIO (Alexey, please correct me if I'm wrong) >>> expect the host to explicitly ask the TSM to establish that SPDM >>> connection. That request should somehow come from KVM, which then would >>> have to destroy the existing CMA/SPDM connection in order to give the >>> TSM a chance to successfully establish the SPDM link. >> >> Agreed - I don't see a problem with throwing away the initial connection. >> In these cases you are passing that role on to another entity - the >> job of this patch set is done. > > Right. As long as there's a way for the kernel to explicitly drop that > ownership before calling into the TSM for asking it to create a new SPDM > connection, we should be fine. Alexey, would you agree with that > statement? Yes, sounds right. >> I'm not clear yet if we need an explicit lock out similar to the VFIO >> one for PF pass through or if everything will happen in a 'safe' order >> anyway. I suspect a lockout on the ability to re attest is necessary >> if the PF driver is loaded. >> >> Perhaps just dropping the >> +#if IS_ENABLED(CONFIG_VFIO_PCI_CORE) >> and letting other PF drivers or another bit of core kernel code >> (I'm not sure where the proxy resides for the models being discussed) >> claim ownership is enough? > > If we agree that other parts of the kernel (I suspect KVM would do the > "Connect to device" call to the TSM) should be able to tear the > established SPDM connection, then yes, the claim/return_ownership() API > should not be only available to VFIO. Correct. I just want to make sure that DOE mailboxes stay alive and nothing in the host kernel relies on SPDM being still active after ownership is transferred to the TSM==PSP. > > Cheers, > Samuel. -- Alexey