Received: by 2002:a89:48b:0:b0:1f5:f2ab:c469 with SMTP id a11csp774035lqd; Wed, 24 Apr 2024 17:15:50 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUH5Xc2EU/Iv2I4I8NV6aSzjC5XxL2AZ/21BAR6Ivvg6OzrrBWzc2Pikjz+T+OYt9M3R2ABBcT/F0+PDmbYspuFux1QZRb5RZBF8t2tzQ== X-Google-Smtp-Source: AGHT+IHxWevof/ZqCMneMKFOYJq7mgs/W/rUD3i1ztuzdTp7PTFSfY5kLawzp+cTY4iHtiiAi8HO X-Received: by 2002:a0c:cdd2:0:b0:6a0:5c0c:d1be with SMTP id a18-20020a0ccdd2000000b006a05c0cd1bemr4353497qvn.3.1714004150699; Wed, 24 Apr 2024 17:15:50 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714004150; cv=pass; d=google.com; s=arc-20160816; b=eYgt8c2hkhxFweldaDGfrZP3g3PbfsQDbvzXQqIWdZR8fJ/pDPli/jGz3bxoQ/mcbe FxIPGxJVUXVFtIlVCwVrgiiS8dfP7pEXQQBQfbkyxSDdmlSu9HQO0R9dmjVqkxBSM0R+ AVH8AGMq5ra2n13m+dgHwX7iLONiICK8u0cGVlhIv9naengAnKaD84ulw9RhF5sNAAwe P9BQSIqsFWqpyglWiZUQ6+bUOXLjkjBmz22zEmJkodK7ybfW6C+vB8yFU6ng//cu44mi 0PESS33Hm9TDjKOobAnAuMu2mRYNUKz/Zkij3xJj7VAnjopRWP6ErE77JO1LkwzqS1B9 n0AA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :dkim-signature; bh=phUjQDDq8M6U9JQBTiJHu0B69Sr2zO6j83b67DrRLu8=; fh=pUoKMXVS7mzXEB3qzr25Vh5vZ/NpVEWAuczOh4BPS4s=; b=j9p4iUen37OxpW7sDT9WqiLYVIPZGVGIoI/XsnbmFabY3xaJM4WBJUnB226/AnXdea 7Ik0fRZZD88R8CKdLlLG0FVQ04GsxUV9M3M5Yw87UEpDYaT3fjBcFiXiWvwtv2tUHDMt R81xzQcFQd7jBDH1ahbqHwWTbKNgrCAucHpqS8JTwfef8vwsM+RnqqLwpwt+FwxRJqdh NPaj233fWWDDenYMS8H67tOXUqrEO1xgPiCQpLEwudhaO3manffcjPe6ObUDDu3NbTOi phON7zFqkmIKUxDgZBT/aPf9mjFeOKm7pZbVNWWzQL3zZ1p4IfkQMO2YJ9L9KArfrVh3 7/rg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=b8iV3JsO; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-crypto+bounces-3840-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3840-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id jm12-20020ad45ecc000000b006993bbcb63dsi16831725qvb.549.2024.04.24.17.15.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Apr 2024 17:15:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto+bounces-3840-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=b8iV3JsO; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-crypto+bounces-3840-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3840-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 6B5751C22D05 for ; Thu, 25 Apr 2024 00:15:50 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id BF183A3D; Thu, 25 Apr 2024 00:15:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="b8iV3JsO" X-Original-To: linux-crypto@vger.kernel.org Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 62E3F386 for ; Thu, 25 Apr 2024 00:15:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714004143; cv=none; b=jZT6wVjCHZPNgk+5zDuE0Kn95Zmh/cb09kpPalq61+5RwcBrFawgAbAQUQUPRnd0Pv4N5ebTjZP6KAPmFzN7/rtuKsPxTqLjW4sbNOmC21QDItIQAtS9yrJbC1v7Ud5G17ZyoQ/Md+wrYKwYh1biW2AYtzIQ+1k2LoorWq1PqAY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714004143; c=relaxed/simple; bh=AoCc2xRVw+eeSuN5RnnkMfbAOu6Mq8awkjYkscN3FUE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=OuVIwZwvVT1kYGEKWzRzMN48n9XEsSJiysm0OCkkoHAdOWyt9pBE/xR7CP/eYL0qW0ATzua4V3hl1UQRP10ILpXX+U65irdAQ2d631VfBRW9qm7BBe08qL5NxMTRnn8BmYRQeq80w1KQ4A/JTGTrNCZIfrvYiD3N1TUBhF/lCLo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=b8iV3JsO; arc=none smtp.client-ip=209.85.215.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-pg1-f201.google.com with SMTP id 41be03b00d2f7-604bad9b2e8so474527a12.2 for ; Wed, 24 Apr 2024 17:15:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1714004142; x=1714608942; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=phUjQDDq8M6U9JQBTiJHu0B69Sr2zO6j83b67DrRLu8=; b=b8iV3JsOo0klDrNZU5qb1QgovGMlzIQB5Q8uilkHT4W+TvluZxT+EsFReE0eqVhg1i BjARfdm4YXnzw77zvf7gvEnLuBZLGKr6XxyPM62sjjHmeRGo+5ywBeRw7My8TiLsUxnV VtA2Qki3Pkr390x9ByLdtVmugiyVsi6H4zZtBCeCiMr1KJ8/3azIDRHJM/I8MdTUSadV K6QpXXedlohXH/8Dstxq4/BHgNLST/iPdl7kP6njogguXiTntEtJI7gDelEZYzpoxu6T KjY/GLTkZIRG+LSfHeSoChu6oFr+XIkQUll7XWXzQJbUKpWSTa7GwJM6tVza5Vd63E8h IaWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714004142; x=1714608942; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=phUjQDDq8M6U9JQBTiJHu0B69Sr2zO6j83b67DrRLu8=; b=btNjKWu9bL/iSGdhw8QG6K5JtuEnniSpTxbnWtS3fxxs5lyL0GsjC7AkDwt939pz0F wWDzvCxqwmeMfkE/WlCmhWd51R3iqzw0jvcW74ToSyVD3yesTWEmQnFB3IQ97ayQ3b0e goDrFzL7G6WNf6wAENrOmB8LNzptUP2FqxNwcofhcLeG9pdXcvOn0Rb7rsYH/xys0B+W QR7kThXCJ2WVGIrKI6hyAttueHekMOky0HDDEuYwSuzvo36vbndJRPwJNWMMAvzUfHXl Kj8u66nqsfOwCWDU7mhhnJI08G+hkPhX4f16tL56TxvwrpZNZAkyduyBv63VtN4WsGvn PZOA== X-Forwarded-Encrypted: i=1; AJvYcCW+pKrMqbExJjm9wUMGOxTBzviCOsK4Vy33vYPRZMKq2ofTYrJ/IRYjRUgGZNHGaj554bGNgWyZFo2cYmVAt1pZVMpYlfQh4UhJMd+v X-Gm-Message-State: AOJu0YyaTU++DUfK8rGZEeR6Au37VPLeKCHaKrKE5BK+0SvVdnJWXdRl kJINJipDGVj4JpORz6FtkwKe5Sk0VJSNDs29iVa4iLSJkHE1apdKvMQF0Oj9hA2Nwa8C3Nkr/YA ixQ== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a65:674d:0:b0:5cd:9ea4:c99 with SMTP id c13-20020a65674d000000b005cd9ea40c99mr16727pgu.6.1714004141606; Wed, 24 Apr 2024 17:15:41 -0700 (PDT) Date: Wed, 24 Apr 2024 17:15:40 -0700 In-Reply-To: <20240421180122.1650812-22-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240421180122.1650812-1-michael.roth@amd.com> <20240421180122.1650812-22-michael.roth@amd.com> Message-ID: Subject: Re: [PATCH v14 21/22] crypto: ccp: Add the SNP_{PAUSE,RESUME}_ATTESTATION commands From: Sean Christopherson To: Michael Roth Cc: kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, jarkko@kernel.org, ashish.kalra@amd.com, nikunj.dadhania@amd.com, pankaj.gupta@amd.com, liam.merwick@oracle.com Content-Type: text/plain; charset="us-ascii" On Sun, Apr 21, 2024, Michael Roth wrote: > These commands can be used to pause servicing of guest attestation > requests. This useful when updating the reported TCB or signing key with > commands such as SNP_SET_CONFIG/SNP_COMMIT/SNP_VLEK_LOAD, since they may > in turn require updates to userspace-supplied certificates, and if an > attestation request happens to be in-flight at the time those updates > are occurring there is potential for a guest to receive a certificate > blob that is out of sync with the effective signing key for the > attestation report. > > These interfaces also provide some versatility with how similar > firmware/certificate update activities can be handled in the future. Wait, IIUC, this is using the kernel to get two userspace components to not stomp over each other. Why is this the kernel's problem to solve?