From: Jarkko Sakkinen <jarkko@kernel.org>
To: rust-for-linux@vger.kernel.org
Cc: linux-integrity@vger.kernel.org
Subject: Re: Using Rust on non-Rust side of kernel
Date: Sat, 23 Aug 2025 15:22:27 +0300 [thread overview]
Message-ID: <aKmyg0auI8jHuAmZ@kernel.org> (raw)
In-Reply-To: <aKmwPFb4cCk_E-ob@kernel.org>
On Sat, Aug 23, 2025 at 03:12:48PM +0300, Jarkko Sakkinen wrote:
> Hi
>
> As of today can we possibly do this:
>
> 1. drivers/char/tpm (C code)
> 2. drivers/char/tpm/protocol (imported tpm2_protocol)
>
> ?
>
> And then build FFI from C to Rust for building commands that we need
> today etc.
>
> There's one particular challenge where this could help: early boot code
> for D-RTM (i.e., Trenchboot) as given my crate is just a thing in stack
> with no deps, it could be linked also to that payload.
>
> This would be much better integration step for TPM2 than having a
> separate driver on Rust side. We could start with tpm2-cmd1/cmd2, then
> move on to tpm2-space.c i.e. get all structural processing inside Rust.
>
> tpm2_protocol is light on definitions and should not need any kernel
> specific Rust shenanigans.
>
> Consider it as value like integer but just a bit more complex internaal
> represention but in the end it is just a value on stack.
>
> My goal with tpm2_protocol is to have ACPICA alike model of imports as
> the crate is driven by TCG spec updates and it is very likely to be
> also used by TPM-RS (also via import style process).
The source code since 0.10.0 version has been relocated here:
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2-protocol.git
The representation of commands and responses defined is pretty well
high-lighted by
https://bsky.app/profile/jarkk0.bsky.social/post/3lx2n2uvxos2h
I'm also working on a test that measures the estimated compile time
size and realized run-time size (suggested by Philip Tricca) so that
we know where we are at on stack usage.
I've started to optimize it after development phase with some
low-hanging fruit cut already in 0.10.0 but this work is barely
starting [1].
There's also a kselftest compatible test that can be run with
"make test" in the repo using only rustc (build + run circa
2 seconds on my laptop).
[1] https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2-protocol.git/commit/?id=cd6641bf9e8c8fde8726bece9eb6cdc630d893c2
BR, Jarkko
next prev parent reply other threads:[~2025-08-23 12:22 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-23 12:12 Using Rust on non-Rust side of kernel Jarkko Sakkinen
2025-08-23 12:22 ` Jarkko Sakkinen [this message]
[not found] ` <BE42A51A-60C4-4E79-8459-CADEAB8DC3BA@collabora.com>
2025-08-23 23:06 ` Jarkko Sakkinen
2025-08-23 23:12 ` Jarkko Sakkinen
2025-08-24 1:12 ` Daniel Almeida
2025-08-24 7:15 ` Jarkko Sakkinen
2025-08-24 9:21 ` Jarkko Sakkinen
2025-08-23 23:41 ` Jarkko Sakkinen
2025-08-23 23:50 ` Jarkko Sakkinen
2025-08-25 12:04 ` Jonathan McDowell
2025-08-25 19:30 ` Jarkko Sakkinen
2025-08-25 19:42 ` Jarkko Sakkinen
2025-08-25 22:29 ` Jarkko Sakkinen
2025-08-25 23:23 ` Jarkko Sakkinen
2025-08-26 8:35 ` Jonathan McDowell
2025-08-26 8:56 ` Jarkko Sakkinen
2025-08-26 9:13 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aKmyg0auI8jHuAmZ@kernel.org \
--to=jarkko@kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=rust-for-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.