From: Jonathan Cameron <jonathan.cameron@huawei.com>
To: Dan Williams <dan.j.williams@intel.com>
Cc: <linux-pci@vger.kernel.org>, <linux-coco@lists.linux.dev>,
<gregkh@linuxfoundation.org>, <aik@amd.com>,
<aneesh.kumar@kernel.org>, <yilun.xu@linux.intel.com>,
Bjorn Helgaas <bhelgaas@google.com>,
Lukas Wunner <lukas@wunner.de>, Samuel Ortiz <sameo@rivosinc.com>
Subject: Re: [PATCH v8 7/9] PCI/IDE: Add IDE establishment helpers
Date: Mon, 3 Nov 2025 15:04:59 +0000 [thread overview]
Message-ID: <20251103150459.00007104@huawei.com> (raw)
In-Reply-To: <20251031212902.2256310-8-dan.j.williams@intel.com>
On Fri, 31 Oct 2025 14:28:59 -0700
Dan Williams <dan.j.williams@intel.com> wrote:
> There are two components to establishing an encrypted link, provisioning
> the stream in Partner Port config-space, and programming the keys into
> the link layer via IDE_KM (IDE Key Management). This new library,
> drivers/pci/ide.c, enables the former. IDE_KM, via a TSM low-level
> driver, is saved for later.
>
> With the platform TSM implementations of SEV-TIO and TDX Connect in mind
> this library abstracts small differences in those implementations. For
> example, TDX Connect handles Root Port register setup while SEV-TIO
> expects System Software to update the Root Port registers. This is the
> rationale for fine-grained 'setup' + 'enable' verbs.
>
> The other design detail for TSM-coordinated IDE establishment is that
> the TSM may manage allocation of Stream IDs, this is why the Stream ID
> value is passed in to pci_ide_stream_setup().
>
> The flow is:
>
> pci_ide_stream_alloc():
> Allocate a Selective IDE Stream Register Block in each Partner Port
> (Endpoint + Root Port), and reserve a host bridge / platform stream
> slot. Gather Partner Port specific stream settings like Requester ID.
>
> pci_ide_stream_register():
> Publish the stream in sysfs after allocating a Stream ID. In the TSM
> case the TSM allocates the Stream ID for the Partner Port pair.
>
> pci_ide_stream_setup():
> Program the stream settings to a Partner Port. Caller is responsible
> for optionally calling this for the Root Port as well if the TSM
> implementation requires it.
>
> pci_ide_stream_enable():
> Enable the stream after IDE_KM.
>
> In support of system administrators auditing where platform, Root Port,
> and Endpoint IDE stream resources are being spent, the allocated stream
> is reflected as a symlink from the host bridge to the endpoint with the
> name:
>
> stream%d.%d.%d
>
> Where the tuple of integers reflects the allocated platform, Root Port,
> and Endpoint stream index (Selective IDE Stream Register Block) values.
>
> Thanks to Wu Hao for a draft implementation of this infrastructure.
>
> Cc: Bjorn Helgaas <bhelgaas@google.com>
> Cc: Lukas Wunner <lukas@wunner.de>
> Cc: Samuel Ortiz <sameo@rivosinc.com>
> Co-developed-by: Alexey Kardashevskiy <aik@amd.com>
> Signed-off-by: Alexey Kardashevskiy <aik@amd.com>
> Co-developed-by: Xu Yilun <yilun.xu@linux.intel.com>
> Signed-off-by: Xu Yilun <yilun.xu@linux.intel.com>
> Acked-by: Bjorn Helgaas <bhelgaas@google.com>
> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com>
next prev parent reply other threads:[~2025-11-03 15:05 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-31 21:28 [PATCH v8 0/9] PCI/TSM: Core infrastructure for PCI device security (TDISP) Dan Williams
2025-10-31 21:28 ` [PATCH v8 1/9] coco/tsm: Introduce a core device for TEE Security Managers Dan Williams
2025-11-08 15:45 ` Xu Yilun
2025-10-31 21:28 ` [PATCH v8 2/9] PCI/IDE: Enumerate Selective Stream IDE capabilities Dan Williams
2025-11-08 16:15 ` Xu Yilun
2025-10-31 21:28 ` [PATCH v8 3/9] PCI: Introduce pci_walk_bus_reverse(), for_each_pci_dev_reverse() Dan Williams
2025-10-31 21:28 ` [PATCH v8 4/9] PCI/TSM: Establish Secure Sessions and Link Encryption Dan Williams
2025-11-04 10:46 ` kernel test robot
2025-11-10 3:44 ` Xu Yilun
2025-11-10 23:19 ` dan.j.williams
2025-10-31 21:28 ` [PATCH v8 5/9] PCI: Add PCIe Device 3 Extended Capability enumeration Dan Williams
2025-11-10 3:45 ` Xu Yilun
2025-10-31 21:28 ` [PATCH v8 6/9] PCI: Establish document for PCI host bridge sysfs attributes Dan Williams
2025-10-31 21:28 ` [PATCH v8 7/9] PCI/IDE: Add IDE establishment helpers Dan Williams
2025-11-03 15:04 ` Jonathan Cameron [this message]
2025-11-10 4:16 ` Xu Yilun
2025-11-10 23:21 ` dan.j.williams
2025-10-31 21:29 ` [PATCH v8 8/9] PCI/IDE: Report available IDE streams Dan Williams
2025-11-10 4:49 ` Xu Yilun
2025-11-10 23:49 ` dan.j.williams
2025-10-31 21:29 ` [PATCH v8 9/9] PCI/TSM: Report active " Dan Williams
2025-11-04 13:24 ` kernel test robot
2025-11-10 4:52 ` Xu Yilun
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251103150459.00007104@huawei.com \
--to=jonathan.cameron@huawei.com \
--cc=aik@amd.com \
--cc=aneesh.kumar@kernel.org \
--cc=bhelgaas@google.com \
--cc=dan.j.williams@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-pci@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=sameo@rivosinc.com \
--cc=yilun.xu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.