Received: by 2002:ab2:6d45:0:b0:1fb:d597:ff75 with SMTP id d5csp56404lqr; Tue, 4 Jun 2024 21:04:57 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWwM5LkJxL9sF5D2AY8Ra0MTt+F4Si8m2TCYcXDLzj0jNg1jLGfX0HBH0Vic7Ijtb6I6gDxnFuU5jFmWPLgmFyd+G4BIFvbZ/fAYnK4jQ== X-Google-Smtp-Source: AGHT+IGtPj6Iam7AHwD4+TG0wtgH2dNCThmbdk4EYjLfENYvhrgwXBEqbP8O1WfmF4tkAwqv1PYG X-Received: by 2002:ad4:5bc3:0:b0:6ad:753d:45cb with SMTP id 6a1803df08f44-6aff736f9c3mr82901536d6.20.1717560297577; Tue, 04 Jun 2024 21:04:57 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717560297; cv=pass; d=google.com; s=arc-20160816; b=WXkJvN3gopiQYg1o0q3Na4bY6m5euqnssm5LL9DTtCDQMNwp1CPBzP3CUIBa7P48W4 PyruyEt6qeHX/g9qY/aGYBlT6R6pzb8aaLtJm+O3daBg83FgOSJq//y4QfMy6Ykb+52k TwX0PGCoIgTic3JMqPyeYMsjDxB1X3wEHohgQ7wpMqI6fb8ASK38j+TYfejuVk9JvKJR PKdI70aGp2hsVm/2nvvIcl8+b25mgF8jmmkKZ4a+lQuvfsBjvJBVkypgCkv+UQOTSKN4 aD4HH1NRAMvy6WgaPcLSDCRm9XpHIOkoOA1htOUVYX8hSS3AAKQcitPoJgHO4phK/aM6 r+cA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:references:cc:to:from:subject:message-id:date :content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:dkim-signature; bh=j/pgde9ogLNN139THLcmFVIlOqfkyLW3Noc8R+XhRRc=; fh=ob5azfB9XxoxMZDgxzt241xWNaHrW/LZm1mChu2OyKk=; b=G3YFaNb06H6o7iUtLjZ5oGmPqKGpgmK875kpUIUpHzm4Zb4wHNmaK0znUyHtGpRVcn 8BC3oWqRWQk5RPhTSS9eIlxALjXHy6skuWw6TMH5LYBVGfPghC6MyUe2iH2rGU3sZziX cZB7cBDF8jXOEp4tADHHVh6z4ulqBahFb5zALgmR3sHBbeqQLc+F2ra8y8YEjcQ+cf1U 0bq0OBkbovr55C79jm6RtF+r3Fs4qWQa0nNC67IX5n+rLsgK+K7sVnRp2j0OPArXopwd 4huTDOILvf9DgEFI+lIQY00ojd45Fr1uV1Vrk6UifAio2gDN/vL4OYldizRWdDl4jKUM rMMw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OLHBjXbj; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-4748-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4748-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id 6a1803df08f44-6ae4a74204asi18398926d6.133.2024.06.04.21.04.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Jun 2024 21:04:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto+bounces-4748-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OLHBjXbj; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-4748-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4748-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 50B101C223B7 for ; Wed, 5 Jun 2024 04:04:57 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4B6237344F; Wed, 5 Jun 2024 04:04:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="OLHBjXbj" X-Original-To: linux-crypto@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EAEB1171B0; Wed, 5 Jun 2024 04:04:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717560292; cv=none; b=hSIyzVK9Me2plBEwy3X8TT+zKMEbUd3v0u8Jvvyut2Ngq7FmLmKxiH5D0uy83/Bgf8elPjR5MXfbY2KXIzL3fWS/gZCLZRCc34BAMVgVtTI08qprIWZzF3AubUftK462XFQsQQ9/L/PZ0OVEBZh2su96rxqtxMtvF1N4BBsV4oQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717560292; c=relaxed/simple; bh=D7YS8tUT6zoxR7+gztQhZtUYQS3g8Jha1gq4gWlWSOY=; h=Mime-Version:Content-Type:Date:Message-Id:Subject:From:To:Cc: References:In-Reply-To; b=RiLKJm3keyvEIHE4ZRxZsUb9llrQN14DZli6q8iWpkULTsZJ8Am87z2ImqEHEmqEt42yZFUZ5NZFIV+h9e2yeXkn0RiucS72eWLimve1exK3xgSc6zfMbb1fOk9rB/dwisFifctXuAka1Z/pnOaqMUsF/bcqUyUUTOK4y03+IZ0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=OLHBjXbj; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id C8DB9C32781; Wed, 5 Jun 2024 04:04:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1717560291; bh=D7YS8tUT6zoxR7+gztQhZtUYQS3g8Jha1gq4gWlWSOY=; h=Date:Subject:From:To:Cc:References:In-Reply-To:From; b=OLHBjXbjh6nagm8wzjsU74vNbjvZwzzPO+E00JnpPO6Tulhx7zlyZpBPqdWd6WPF1 0o02okbEIMvrN84g7B34RhAKA3TzXOzc9L4I4qoFW3GE5yp8iV3D161WZL+TKfivxp KDrad0HF7ReV0kat6LU5tGwJfNFBlYhDTbQ1hupt6j2nlLT061/WeQYPx4hHMJfD+e s3UlT8wgXGfl56Pk4WEwnn1M8Rxi7E20n92tqvzbrxiVE4UuJYp5DJeSWCzmnuQCx3 5EXyZTzK7B8tDsB+2fAwatEU+JWnzlEaTmd4BmcudlGhxXZFypidLPXm54h7rlf+l/ lF6g9OOk30l+w== Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Wed, 05 Jun 2024 07:04:44 +0300 Message-Id: Subject: Re: [PATCH v9 04/19] x86: Secure Launch Resource Table header file From: "Jarkko Sakkinen" To: , , , , , , , , Cc: , , , , , , , , , , , , , , , , , , , , , X-Mailer: aerc 0.17.0 References: <20240531010331.134441-1-ross.philipson@oracle.com> <20240531010331.134441-5-ross.philipson@oracle.com> <1eca8cb1-4b3b-402b-993b-53de7c810016@oracle.com> <249a9b27-c18d-4377-8b51-9bc610b53a8b@oracle.com> In-Reply-To: On Wed Jun 5, 2024 at 5:33 AM EEST, wrote: > On 6/4/24 5:22 PM, Jarkko Sakkinen wrote: > > On Wed Jun 5, 2024 at 2:00 AM EEST, wrote: > >> On 6/4/24 3:36 PM, Jarkko Sakkinen wrote: > >>> On Tue Jun 4, 2024 at 11:31 PM EEST, wrote: > >>>> On 6/4/24 11:21 AM, Jarkko Sakkinen wrote: > >>>>> On Fri May 31, 2024 at 4:03 AM EEST, Ross Philipson wrote: > >>>>>> Introduce the Secure Launch Resource Table which forms the formal > >>>>>> interface between the pre and post launch code. > >>>>>> > >>>>>> Signed-off-by: Ross Philipson > >>>>> > >>>>> If a uarch specific, I'd appreciate Intel SDM reference here so tha= t I > >>>>> can look it up and compare. Like in section granularity. > >>>> > >>>> This table is meant to not be architecture specific though it can > >>>> contain architecture specific sub-entities. E.g. there is a TXT spec= ific > >>>> table and in the future there will be an AMD and ARM one (and hopefu= lly > >>>> some others). I hope that addresses what you are pointing out or may= be I > >>>> don't fully understand what you mean here... > >>> > >>> At least Intel SDM has a definition of any possible architecture > >>> specific data structure. It is handy to also have this available > >>> in inline comment for any possible such structure pointing out the > >>> section where it is defined. > >> > >> The TXT specific structure is not defined in the SDM or the TXT dev > >> guide. Part of it is driven by requirements in the TXT dev guide but > >> that guide does not contain implementation details. > >> > >> That said, if you would like links to relevant documents in the commen= ts > >> before arch specific structures, I can add them. > >=20 > > Vol. 2D 7-40, in the description of GETSEC[WAKEUP] there is in fact a > > description of MLE JOINT structure at least: > >=20 > > 1. GDT limit (offset 0) > > 2. GDT base (offset 4) > > 3. Segment selector initializer (offset 8) > > 4. EIP (offset 12) > >=20 > > So is this only exercised in protect mode, and not in long mode? Just > > wondering whether I should make a bug report on this for SDM or not. > > I believe you can issue the SENTER instruction in long mode, compat mode= =20 > or protected mode. On the other side thought, you will pop out of the=20 > TXT initialization in protected mode. The SDM outlines what registers=20 > will hold what values and what is valid and not valid. The APs will also= =20 > vector through the join structure mentioned above to the location=20 > specified in protected mode using the GDT information you provide. > > >=20 > > Especially this puzzles me, given that x86s won't have protected > > mode in the first place... > > My guess is the simplified x86 architecture will not support TXT. It is= =20 > not supported on a number of CPUs/chipsets as it stands today. Just a=20 > guess but we know only vPro systems support TXT today. I'm wondering could this bootstrap itself inside TDX or SNP, and that way provide path forward? AFAIK, TDX can be nested straight of the bat and SNP from 2nd generation EPYC's, which contain the feature. I do buy the idea of attesting the host, not just the guests, even in the "confidential world". That said, I'm not sure does it make sense to add all this infrastructure for a technology with such a short expiration date? I would not want to say this at v9, and it is not really your fault either, but for me this would make a lot more sense if the core of Trenchboot was redesigned around these newer technologies with a long-term future. The idea itself is great! BR, Jarkko