Re: [PATCH v2 08/11] coco: guest: arm64: Add support for fetching and verifying device info

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jonathan Cameron <jonathan.cameron@huawei.com>
To: "Aneesh Kumar K.V (Arm)" <aneesh.kumar@kernel.org>
Cc: <linux-coco@lists.linux.dev>, <kvmarm@lists.linux.dev>,
	<linux-pci@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
	<dan.j.williams@intel.com>, <aik@amd.com>, <lukas@wunner.de>,
	Samuel Ortiz <sameo@rivosinc.com>,
	Xu Yilun <yilun.xu@linux.intel.com>,
	Jason Gunthorpe <jgg@ziepe.ca>,
	Suzuki K Poulose <Suzuki.Poulose@arm.com>,
	Steven Price <steven.price@arm.com>,
	Bjorn Helgaas <helgaas@kernel.org>,
	Catalin Marinas <catalin.marinas@arm.com>,
	Marc Zyngier <maz@kernel.org>, Will Deacon <will@kernel.org>,
	Oliver Upton <oliver.upton@linux.dev>
Subject: Re: [PATCH v2 08/11] coco: guest: arm64: Add support for fetching and verifying device info
Date: Thu, 20 Nov 2025 17:54:32 +0000	[thread overview]
Message-ID: <20251120175432.00004af8@huawei.com> (raw)
In-Reply-To: <20251117140007.122062-9-aneesh.kumar@kernel.org>

On Mon, 17 Nov 2025 19:30:04 +0530
"Aneesh Kumar K.V (Arm)" <aneesh.kumar@kernel.org> wrote:

> RSI_RDEV_GET_INFO returns different digest hash values, which can be
> compared with host cached values to ensure the host didn't tamper with
> the cached data.
> 
> Signed-off-by: Aneesh Kumar K.V (Arm) <aneesh.kumar@kernel.org>

> diff --git a/drivers/virt/coco/arm-cca-guest/rsi-da.c b/drivers/virt/coco/arm-cca-guest/rsi-da.c
> index c70fb7dd4838..c6b92f4ae9c5 100644
> --- a/drivers/virt/coco/arm-cca-guest/rsi-da.c
> +++ b/drivers/virt/coco/arm-cca-guest/rsi-da.c

> +
> +static int verify_digests(struct cca_guest_dsc *dsc)
> +{
> +	u8 digest[SHA512_DIGEST_SIZE];
> +	size_t digest_size;
> +	void (*digest_func)(const u8 *data, size_t len, u8 *out);
> +
> +	struct pci_dev *pdev = dsc->pci.base_tsm.pdev;
> +	struct {
> +		uint8_t *report;
> +		size_t size;
> +		uint8_t *digest;
> +	} reports[] = {
> +		{
> +			dsc->interface_report,
> +			dsc->interface_report_size,
> +			dsc->dev_info.report_digest
> +		},
> +		{
> +			dsc->certificate,
> +			dsc->certificate_size,
> +			dsc->dev_info.cert_digest
> +		},
> +		{
> +			dsc->measurements,
> +			dsc->measurements_size,
> +			dsc->dev_info.meas_digest
> +		}
> +	};
> +
> +	switch (dsc->dev_info.hash_algo) {
> +	case RSI_HASH_SHA_256:
> +		digest_func = sha256;
> +		digest_size = SHA256_DIGEST_SIZE;
> +		break;
> +
> +	case RSI_HASH_SHA_512:
> +		digest_func = sha512;
> +		digest_size = SHA512_DIGEST_SIZE;
> +		break;
> +	default:
> +		pci_err(pdev, "Unknown realm hash algorithm!\n");
> +		return -EINVAL;
> +	}
> +
> +	for (int i = 0; i < ARRAY_SIZE(reports); i++) {
> +

I'd drop this blank line as it doesn't for me at least enhance readability
and I don't recall it being particularly common to have one here
in kernel code.

> +		digest_func(reports[i].report, reports[i].size, digest);
> +		if (memcmp(reports[i].digest, digest, digest_size)) {
> +			pci_err(pdev, "Invalid digest\n");
> +			return -EINVAL;
> +		}
> +	}
> +
> +	pci_dbg(pdev, "Successfully verified the digests\n");
> +	return 0;
> +}
> +
> +int cca_device_verify_and_accept(struct pci_dev *pdev)
> +{
> +	int ret;
> +	int vdev_id = rsi_vdev_id(pdev);
> +	struct rsi_vdevice_info *dev_info;
> +	struct cca_guest_dsc *dsc = to_cca_guest_dsc(pdev);
> +
> +	/* Now make a host call to copy the interface report to guest. */
> +	ret = rhi_read_cached_object(vdev_id, RHI_DA_OBJECT_INTERFACE_REPORT,
> +				     &dsc->interface_report, &dsc->interface_report_size);
> +	if (ret) {
> +		pci_err(pdev, "failed to get interface report from the host (%d)\n", ret);
> +		return ret;
> +	}
> +
> +	ret = rhi_read_cached_object(vdev_id, RHI_DA_OBJECT_CERTIFICATE,
> +				     &dsc->certificate, &dsc->certificate_size);
> +	if (ret) {
> +		pci_err(pdev, "failed to get device certificate from the host (%d)\n", ret);
> +		return ret;
> +	}
> +
> +	ret = rhi_read_cached_object(vdev_id, RHI_DA_OBJECT_MEASUREMENT,
> +				     &dsc->measurements, &dsc->measurements_size);
> +	if (ret) {
> +		pci_err(pdev, "failed to get device certificate from the host (%d)\n", ret);
> +		return ret;
> +	}
> +
> +	/* RMM expects sizeof(*dev_info) = 512 bytes aligned address */
> +	BUILD_BUG_ON(sizeof(*dev_info) != 512);
> +	dev_info = kmalloc(sizeof(*dev_info), GFP_KERNEL);
> +	if (!dev_info)
> +		return -ENOMEM;
> +
> +	if (rsi_vdev_get_info(vdev_id, virt_to_phys(dev_info))) {
> +		pci_err(pdev, "failed to get device digests (%d)\n", ret);
> +		kfree(dev_info);

Could use __free for that and not worry that we free it a little later than
last place we need it.

> +		return -EIO;
> +	}
> +
> +	dsc->dev_info.cert_id       = dev_info->cert_id;
> +	dsc->dev_info.hash_algo     = dev_info->hash_algo;
> +	dsc->dev_info.lock_nonce    = dev_info->lock_nonce;
> +	dsc->dev_info.meas_nonce    = dev_info->meas_nonce;
> +	dsc->dev_info.report_nonce  = dev_info->report_nonce;
> +	memcpy(dsc->dev_info.cert_digest, dev_info->cert_digest, SHA512_DIGEST_SIZE);
> +	memcpy(dsc->dev_info.meas_digest, dev_info->meas_digest, SHA512_DIGEST_SIZE);
> +	memcpy(dsc->dev_info.report_digest, dev_info->report_digest, SHA512_DIGEST_SIZE);

So copy everything other than flags.  Any reason why not flags?
> +
> +	kfree(dev_info);
> +	/*
> +	 * Verify that the digests of the provided reports match with the
> +	 * digests from RMM
> +	 */
> +	ret = verify_digests(dsc);
> +	if (ret) {
> +		pci_err(pdev, "device digest validation failed (%d)\n", ret);
> +		return ret;
> +	}
> +
> +	ret = cca_apply_interface_report_mappings(pdev, true);
> +	if (ret) {
> +		pci_err(pdev, "failed to validate the interface report\n");
> +		return -EIO;
> +	}
> +
> +	return 0;
> +}

next prev parent reply	other threads:[~2025-11-20 17:54 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-11-17 13:59 [PATCH v2 00/11] TSM: Implement ->lock()/->accept() callbacks for ARM CCA TDISP setup Aneesh Kumar K.V (Arm)
2025-11-17 13:59 ` [PATCH v2 01/11] coco: guest: arm64: Guest TSM callback and realm device lock support Aneesh Kumar K.V (Arm)
2025-11-19 15:22   ` Jonathan Cameron
2025-11-24  4:40     ` Aneesh Kumar K.V
2025-11-17 13:59 ` [PATCH v2 02/11] coco: guest: arm64: Add Realm Host Interface and guest DA helper Aneesh Kumar K.V (Arm)
2025-11-19 15:32   ` Jonathan Cameron
2025-11-24  5:07     ` Aneesh Kumar K.V
2025-11-17 13:59 ` [PATCH v2 03/11] coco: guest: arm64: Add support for guest initiated TDI bind/unbind Aneesh Kumar K.V (Arm)
2025-11-19 15:50   ` Jonathan Cameron
2026-01-08 15:32   ` Will Deacon
2025-11-17 14:00 ` [PATCH v2 04/11] coco: guest: arm64: Add support for updating interface reports from device Aneesh Kumar K.V (Arm)
2025-11-19 15:54   ` Jonathan Cameron
2025-11-24  5:42     ` Aneesh Kumar K.V
2025-11-17 14:00 ` [PATCH v2 05/11] coco: guest: arm64: Add support for updating measurements " Aneesh Kumar K.V (Arm)
2025-11-20 15:22   ` Jonathan Cameron
2025-11-24  6:18     ` Aneesh Kumar K.V
2025-11-17 14:00 ` [PATCH v2 06/11] coco: guest: arm64: Add support for reading cached objects from host Aneesh Kumar K.V (Arm)
2025-11-20 17:31   ` Jonathan Cameron
2025-11-24  6:52     ` Aneesh Kumar K.V
2025-11-17 14:00 ` [PATCH v2 07/11] coco: guest: arm64: Validate Realm MMIO mappings from TDISP report Aneesh Kumar K.V (Arm)
2025-11-20 17:43   ` Jonathan Cameron
2025-11-17 14:00 ` [PATCH v2 08/11] coco: guest: arm64: Add support for fetching and verifying device info Aneesh Kumar K.V (Arm)
2025-11-20 17:54   ` Jonathan Cameron [this message]
2025-11-24  8:28     ` Aneesh Kumar K.V
2025-11-17 14:00 ` [PATCH v2 09/11] coco: guest: arm64: Wire Realm TDISP RUN/STOP transitions into guest driver Aneesh Kumar K.V (Arm)
2025-11-20 17:55   ` Jonathan Cameron
2025-11-17 14:00 ` [PATCH v2 10/11] coco: arm64: dma: Update force_dma_unencrypted for accepted devices Aneesh Kumar K.V (Arm)
2025-11-20 17:58   ` Jonathan Cameron
2025-11-17 14:00 ` [PATCH v2 11/11] coco: guest: arm64: Enable vdev DMA after attestation Aneesh Kumar K.V (Arm)
2025-11-20 17:59   ` Jonathan Cameron

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20251120175432.00004af8@huawei.com \
    --to=jonathan.cameron@huawei.com \
    --cc=Suzuki.Poulose@arm.com \
    --cc=aik@amd.com \
    --cc=aneesh.kumar@kernel.org \
    --cc=catalin.marinas@arm.com \
    --cc=dan.j.williams@intel.com \
    --cc=helgaas@kernel.org \
    --cc=jgg@ziepe.ca \
    --cc=kvmarm@lists.linux.dev \
    --cc=linux-coco@lists.linux.dev \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-pci@vger.kernel.org \
    --cc=lukas@wunner.de \
    --cc=maz@kernel.org \
    --cc=oliver.upton@linux.dev \
    --cc=sameo@rivosinc.com \
    --cc=steven.price@arm.com \
    --cc=will@kernel.org \
    --cc=yilun.xu@linux.intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.