From: Alexey Kardashevskiy <aik@amd.com>
To: <x86@kernel.org>
Cc: <linux-kernel@vger.kernel.org>, <kvm@vger.kernel.org>,
<linux-pci@vger.kernel.org>, Thomas Gleixner <tglx@linutronix.de>,
"Ingo Molnar" <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
"Sean Christopherson" <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
"Andy Lutomirski" <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
"Bjorn Helgaas" <bhelgaas@google.com>,
Dan Williams <dan.j.williams@intel.com>,
"Marek Szyprowski" <m.szyprowski@samsung.com>,
Robin Murphy <robin.murphy@arm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Michael Ellerman <mpe@ellerman.id.au>,
"Mike Rapoport" <rppt@kernel.org>,
Tom Lendacky <thomas.lendacky@amd.com>,
"Ard Biesheuvel" <ardb@kernel.org>,
Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>,
Ashish Kalra <ashish.kalra@amd.com>,
Stefano Garzarella <sgarzare@redhat.com>,
Melody Wang <huibo.wang@amd.com>,
Seongman Lee <augustus92@kaist.ac.kr>,
Joerg Roedel <joerg.roedel@amd.com>,
"Nikunj A Dadhania" <nikunj@amd.com>,
Michael Roth <michael.roth@amd.com>,
"Suravee Suthikulpanit" <suravee.suthikulpanit@amd.com>,
Andi Kleen <ak@linux.intel.com>,
Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@linux.intel.com>,
Tony Luck <tony.luck@intel.com>,
David Woodhouse <dwmw@amazon.co.uk>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
Denis Efremov <efremov@linux.com>,
Geliang Tang <geliang@kernel.org>,
Piotr Gregor <piotrgregor@rsyncme.org>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Alex Williamson" <alex@shazbot.org>,
Arnd Bergmann <arnd@arndb.de>,
Jesse Barnes <jbarnes@virtuousgeek.org>,
Jacob Pan <jacob.jun.pan@linux.intel.com>,
Yinghai Lu <yinghai@kernel.org>,
Kevin Brodsky <kevin.brodsky@arm.com>,
Jonathan Cameron <jonathan.cameron@huawei.com>,
"Aneesh Kumar K.V (Arm)" <aneesh.kumar@kernel.org>,
Xu Yilun <yilun.xu@linux.intel.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Kim Phillips <kim.phillips@amd.com>,
"Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>,
Stefano Stabellini <sstabellini@kernel.org>,
Claire Chang <tientzu@chromium.org>, <linux-coco@lists.linux.dev>,
<iommu@lists.linux.dev>, Alexey Kardashevskiy <aik@amd.com>
Subject: [PATCH kernel 0/9] PCI/TSM: coco/sev-guest: Implement SEV-TIO PCIe TDISP (phase2)
Date: Wed, 25 Feb 2026 16:37:43 +1100 [thread overview]
Message-ID: <20260225053806.3311234-1-aik@amd.com> (raw)
Here are some patches to continue enabling SEV-TIO on AMD.
SEV-TIO allows guests to establish trust in a device that supports TEE
Device Interface Security Protocol (TDISP, defined in PCIe r6.0+) and
then interact with the device via private memory.
In order to streamline upstreaming process, a common TSM infrastructure
is being developed in collaboration with Intel+ARM+RiscV. There is
Documentation/driver-api/pci/tsm.rst with proposed phases:
1. IDE: encrypt PCI, host only
2. TDISP: lock + accept flow, host and guest, interface report
3. Enable secure MMIO + DMA: IOMMUFD, KVM changes
4. Device attestation: certificates, measurements
This is phase2 == basic guest support allowing TDISP CONFIG_LOCKED and RUN states, and unlocking as well.
Acronyms:
TEE - Trusted Execution Environments, a concept of managing trust between the host and devices
TSM - TEE Security Manager (TSM), an entity which ensures security on the host
PSP - AMD platform secure processor (also "ASP", "AMD-SP"), acts as TSM on AMD.
SEV TIO - the TIO protocol implemented by the PSP and used by the host, extension to SEV-SNP
GHCB - guest/host communication block - a protocol for guest-to-host communication via a shared page
TDISP - TEE Device Interface Security Protocol (PCIe).
Flow:
- Boot guest OS, load sev-guest.ko which registers itself as a TSM
- PCI TSM creates sysfs nodes under "tsm" subdirectory in for all
TDISP-capable devices
- lock the device via:
echo tsm0 > "/sys/bus/pci/devices/0000:01:00.0/tsm/lock"
- accept the device via:
echo 1 > "/sys/bus/pci/devices/0000:01:00.0/tsm/accept"
- load the device driver:
- DMA to encrypted memory should work right away
- MMIO regions reported in TDISP interface report will be mapped as encrypted
Since one of my test devices does not use private MMIO for the main function,
there is 9/9 which allows https://github.com/billfarrow/pcimem.git mapping MMIO as private.
The previous conversation is here:
https://lore.kernel.org/r/20250218111017.491719-1-aik@amd.com
This is based on sha1
4fe8662d1a9c Dan Williams PCI/TSM: Documentation: Add Maturity Map
from
https://git.kernel.org/pub/scm/linux/kernel/git/devsec/tsm.git/log/?h=staging
and 3 cherrypicks on top, please find the exact tree at:
https://github.com/AMDESE/linux-kvm/commits/tsm-staging
The host support is pushed here:
https://github.com/AMDESE/linux-kvm/commits/tsm
The SEV TIO spec:
https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58271.pdf
Individual patches have extra "---" comments (could have been "RFC"?)
Please comment. Thanks.
ps: quite a cc list from get_maintainers.pl.
Alexey Kardashevskiy (9):
pci/tsm: Add TDISP report blob and helpers to parse it
pci/tsm: Add tsm_tdi_status
coco/sev-guest: Allow multiple source files in the driver
dma/swiotlb: Stop forcing SWIOTLB for TDISP devices
x86/mm: Stop forcing decrypted page state for TDISP devices
x86/dma-direct: Stop changing encrypted page state for TDISP devices
coco/sev-guest: Implement the guest support for SEV TIO (phase2)
RFC: PCI: Avoid needless touching of Command register
pci: Allow encrypted MMIO mapping via sysfs
arch/x86/Kconfig | 1 +
drivers/virt/coco/sev-guest/Kconfig | 1 +
drivers/virt/coco/sev-guest/Makefile | 6 +-
arch/x86/include/asm/dma-direct.h | 39 ++
arch/x86/include/asm/sev-common.h | 1 +
arch/x86/include/asm/sev.h | 13 +
arch/x86/include/uapi/asm/svm.h | 13 +
drivers/virt/coco/sev-guest/sev-guest.h | 20 +
include/linux/pci-tsm.h | 110 +++
include/linux/pci.h | 2 +-
include/linux/psp-sev.h | 31 +
include/linux/swiotlb.h | 9 +
include/uapi/linux/sev-guest.h | 43 ++
arch/x86/coco/sev/core.c | 53 ++
arch/x86/mm/mem_encrypt.c | 5 +-
drivers/pci/mmap.c | 11 +-
drivers/pci/pci-sysfs.c | 27 +-
drivers/pci/probe.c | 5 +
drivers/pci/proc.c | 2 +-
drivers/pci/quirks.c | 9 +
drivers/virt/coco/sev-guest/sev-guest.c | 23 +-
drivers/virt/coco/sev-guest/tio.c | 707 ++++++++++++++++++++
drivers/virt/coco/tsm-core.c | 19 +
23 files changed, 1129 insertions(+), 21 deletions(-)
create mode 100644 arch/x86/include/asm/dma-direct.h
create mode 100644 drivers/virt/coco/sev-guest/sev-guest.h
create mode 100644 drivers/virt/coco/sev-guest/tio.c
--
2.52.0
next reply other threads:[~2026-02-25 5:38 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-25 5:37 Alexey Kardashevskiy [this message]
2026-02-25 5:37 ` [PATCH kernel 1/9] pci/tsm: Add TDISP report blob and helpers to parse it Alexey Kardashevskiy
2026-02-25 6:16 ` dan.j.williams
2026-02-25 10:10 ` Arnd Bergmann
2026-02-26 0:09 ` Alexey Kardashevskiy
2026-02-26 2:34 ` dan.j.williams
2026-02-26 3:49 ` Alexey Kardashevskiy
2026-02-26 21:08 ` dan.j.williams
2026-02-25 5:37 ` [PATCH kernel 2/9] pci/tsm: Add tsm_tdi_status Alexey Kardashevskiy
2026-02-25 6:33 ` dan.j.williams
2026-02-25 23:42 ` Alexey Kardashevskiy
2026-03-02 6:58 ` Aneesh Kumar K.V
2026-02-25 5:37 ` [PATCH kernel 3/9] coco/sev-guest: Allow multiple source files in the driver Alexey Kardashevskiy
2026-02-25 5:37 ` [PATCH kernel 4/9] dma/swiotlb: Stop forcing SWIOTLB for TDISP devices Alexey Kardashevskiy
2026-02-25 16:30 ` dan.j.williams
2026-02-25 18:00 ` Robin Murphy
2026-02-25 20:57 ` dan.j.williams
2026-02-28 0:28 ` Jason Gunthorpe
2026-03-02 23:53 ` dan.j.williams
2026-03-03 0:19 ` Jason Gunthorpe
2026-03-03 0:29 ` dan.j.williams
2026-03-03 12:43 ` Jason Gunthorpe
2026-03-04 6:45 ` Alexey Kardashevskiy
2026-03-04 12:43 ` Jason Gunthorpe
2026-03-25 10:42 ` Alexey Kardashevskiy
2026-04-03 12:40 ` Alexey Kardashevskiy
2026-04-15 6:32 ` Alexey Kardashevskiy
2026-04-20 23:50 ` Jason Gunthorpe
2026-04-30 3:25 ` Alexey Kardashevskiy
2026-02-25 16:48 ` Robin Murphy
2026-02-26 0:09 ` Alexey Kardashevskiy
2026-03-02 7:54 ` Aneesh Kumar K.V
2026-02-25 5:37 ` [PATCH kernel 5/9] x86/mm: Stop forcing decrypted page state " Alexey Kardashevskiy
2026-02-25 16:51 ` dan.j.williams
2026-02-25 5:37 ` [PATCH kernel 6/9] x86/dma-direct: Stop changing encrypted " Alexey Kardashevskiy
2026-02-25 17:08 ` Robin Murphy
2026-02-25 21:35 ` dan.j.williams
2026-02-26 6:22 ` Alexey Kardashevskiy
2026-02-28 0:06 ` Jason Gunthorpe
2026-03-02 0:01 ` Alexey Kardashevskiy
2026-03-02 0:35 ` Jason Gunthorpe
2026-03-02 5:26 ` Alexey Kardashevskiy
2026-03-02 13:35 ` Jason Gunthorpe
2026-03-03 8:19 ` Alexey Kardashevskiy
2026-03-03 12:15 ` Jason Gunthorpe
2026-02-25 5:37 ` [PATCH kernel 7/9] coco/sev-guest: Implement the guest support for SEV TIO (phase2) Alexey Kardashevskiy
2026-02-25 6:00 ` Borislav Petkov
2026-02-26 3:39 ` Alexey Kardashevskiy
2026-02-26 19:52 ` Borislav Petkov
2026-02-25 5:37 ` [PATCH kernel 8/9] RFC: PCI: Avoid needless touching of Command register Alexey Kardashevskiy
2026-02-26 0:24 ` Bjorn Helgaas
2026-02-26 5:58 ` Alexey Kardashevskiy
2026-02-26 0:34 ` dan.j.williams
2026-02-25 5:37 ` [PATCH kernel 9/9] pci: Allow encrypted MMIO mapping via sysfs Alexey Kardashevskiy
2026-03-02 8:20 ` Aneesh Kumar K.V
2026-03-02 8:59 ` Alexey Kardashevskiy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260225053806.3311234-1-aik@amd.com \
--to=aik@amd.com \
--cc=Neeraj.Upadhyay@amd.com \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=alex@shazbot.org \
--cc=aneesh.kumar@kernel.org \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=ashish.kalra@amd.com \
--cc=augustus92@kaist.ac.kr \
--cc=bhelgaas@google.com \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=dwmw@amazon.co.uk \
--cc=efremov@linux.com \
--cc=geliang@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=huibo.wang@amd.com \
--cc=iommu@lists.linux.dev \
--cc=jacob.jun.pan@linux.intel.com \
--cc=jbarnes@virtuousgeek.org \
--cc=joerg.roedel@amd.com \
--cc=jonathan.cameron@huawei.com \
--cc=kevin.brodsky@arm.com \
--cc=kim.phillips@amd.com \
--cc=konrad.wilk@oracle.com \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=luto@kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=mst@redhat.com \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=piotrgregor@rsyncme.org \
--cc=robin.murphy@arm.com \
--cc=rppt@kernel.org \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=seanjc@google.com \
--cc=sgarzare@redhat.com \
--cc=sstabellini@kernel.org \
--cc=suravee.suthikulpanit@amd.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tientzu@chromium.org \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
--cc=yilun.xu@linux.intel.com \
--cc=yinghai@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.