From: Donald Hunter <donald.hunter@gmail.com>
To: Dan Williams <djbw@kernel.org>
Cc: linux-coco@lists.linux.dev, linux-pci@vger.kernel.org,
driver-core@lists.linux.dev, ankita@nvidia.com,
Alistair Francis <alistair.francis@wdc.com>,
Lukas Wunner <lukas@wunner.de>,
Jakub Kicinski <kuba@kernel.org>,
Bjorn Helgaas <bhelgaas@google.com>,
Xu Yilun <yilun.xu@linux.intel.com>,
"Aneesh Kumar K.V (Arm)" <aneesh.kumar@kernel.org>,
Alexey Kardashevskiy <aik@amd.com>
Subject: Re: [PATCH 04/15] device core: Introduce "device evidence" over netlink
Date: Wed, 08 Jul 2026 14:22:06 +0100 [thread overview]
Message-ID: <m2tsq9boqp.fsf@gmail.com> (raw)
In-Reply-To: <20260705220819.2472765-5-djbw@kernel.org>
Dan Williams <djbw@kernel.org> writes:
> Multiple device security mechanisms are built on top of the SPDM protocol
> from the DMTF. The protocol arranges for devices to verify their identity
> and establish secure sessions between requesters and responders. In turn,
> device security protocols like PCIe IDE use SPDM sessions to program link
> encryption keys, and protocols like PCIe TDISP use exclusive secure
> sessions for managing the device's security state.
>
> All of these uses share a need to retrieve the device's installed
> certificates, its measurements, and other protocol specific objects like
> interface reports. Unify all of those object retrieval and regeneration
> cases into a device-scoped ABI that buses can leverage.
>
> When PCI CMA was presented at Linux Plumbers the consensus reaction was
> that it was not suitable to be driven via sysfs. Given the varied use
> cases of the same fundamental objects the consensus converged on
> netlink. With the new 'blob' extensions to netlink, it can support up to
> the 16MB signed transcripts that SPDM generates.
>
> A bus opts in to evidence gathering via device_evidence_register() and
> passing device_evidence_ops. The ops resolve a device handle to its
> corresponding 'struct device_evidence' context.
>
> See inline documentation in
> Documentation/netlink/specs/device-evidence.yaml for the object types and
> options. This includes objects like TDISP interface reports and options
> like digests instead of full blobs.
Can you include sample pyynl output; it helps immensely during review.
>
> Cc: Alistair Francis <alistair.francis@wdc.com>
> Cc: Lukas Wunner <lukas@wunner.de>
> Cc: Donald Hunter <donald.hunter@gmail.com>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: Bjorn Helgaas <bhelgaas@google.com>
> Cc: Xu Yilun <yilun.xu@linux.intel.com>
> Cc: "Aneesh Kumar K.V (Arm)" <aneesh.kumar@kernel.org>
> Cc: Alexey Kardashevskiy <aik@amd.com>
> Signed-off-by: Dan Williams <djbw@kernel.org>
You probably need to cc the netdev list so that the series gets picked
up by patchwork.
> ---
> drivers/base/Kconfig | 4 +
> drivers/base/Makefile | 1 +
> .../netlink/specs/device-evidence.yaml | 186 +++++++
> drivers/base/device-evidence-netlink.h | 23 +
> include/linux/device/evidence.h | 85 ++++
> include/uapi/linux/device-evidence.h | 110 +++++
> drivers/base/device-evidence-netlink.c | 44 ++
> drivers/base/evidence.c | 453 ++++++++++++++++++
> MAINTAINERS | 4 +
> 9 files changed, 910 insertions(+)
> create mode 100644 Documentation/netlink/specs/device-evidence.yaml
> create mode 100644 drivers/base/device-evidence-netlink.h
> create mode 100644 include/linux/device/evidence.h
> create mode 100644 include/uapi/linux/device-evidence.h
> create mode 100644 drivers/base/device-evidence-netlink.c
> create mode 100644 drivers/base/evidence.c
>
> diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig
> index f7d385cbd3ba..e3929fe6b240 100644
> --- a/drivers/base/Kconfig
> +++ b/drivers/base/Kconfig
> @@ -190,6 +190,10 @@ config HMEM_REPORTING
> Enable reporting for heterogeneous memory access attributes under
> their non-uniform memory nodes.
>
> +config DEVICE_EVIDENCE
> + bool
> + depends on NET
> +
> source "drivers/base/test/Kconfig"
>
> config SYS_HYPERVISOR
> diff --git a/drivers/base/Makefile b/drivers/base/Makefile
> index 8074a10183dc..02bdc4f74019 100644
> --- a/drivers/base/Makefile
> +++ b/drivers/base/Makefile
> @@ -26,6 +26,7 @@ obj-$(CONFIG_DEV_COREDUMP) += devcoredump.o
> obj-$(CONFIG_GENERIC_MSI_IRQ) += platform-msi.o
> obj-$(CONFIG_GENERIC_ARCH_TOPOLOGY) += arch_topology.o
> obj-$(CONFIG_GENERIC_ARCH_NUMA) += arch_numa.o
> +obj-$(CONFIG_DEVICE_EVIDENCE) += evidence.o device-evidence-netlink.o
> obj-$(CONFIG_ACPI) += physical_location.o
>
> obj-y += test/
> diff --git a/Documentation/netlink/specs/device-evidence.yaml b/Documentation/netlink/specs/device-evidence.yaml
> new file mode 100644
> index 000000000000..44b278bc20e1
> --- /dev/null
> +++ b/Documentation/netlink/specs/device-evidence.yaml
> @@ -0,0 +1,186 @@
> +# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
> +#
> +---
> +name: device-evidence
The naming seems to be too narrow - if the scope expands at all then the
name would need to change. A subsystem name like spdm, tsm or tsm-device
seems better?
> +protocol: genetlink
> +uapi-header: linux/device-evidence.h
> +doc: Device evidence retrieval over generic netlink
> +
> +definitions:
> + -
> + type: const
> + name: max-object-size
> + value: 0x01000000
> + -
> + type: const
> + name: max-nonce-size
> + value: 32
> + -
> + name: type
> + type: enum
> + doc: Device security evidence objects
> + render-max: true
> + entries:
> + -
> + name: cert0
> + doc: SPDM certificate chain from device slot0
> + -
> + name: cert1
> + doc: SPDM certificate chain from device slot1
> + -
> + name: cert2
> + doc: SPDM certificate chain from device slot2
> + -
> + name: cert3
> + doc: SPDM certificate chain from device slot3
> + -
> + name: cert4
> + doc: SPDM certificate chain from device slot4
> + -
> + name: cert5
> + doc: SPDM certificate chain from device slot5
> + -
> + name: cert6
> + doc: SPDM certificate chain from device slot6
> + -
> + name: cert7
> + doc: SPDM certificate chain from device slot7
> + -
> + name: vca
> + doc: |
> + SPDM version, capabilities, and algorithms transcript
> + negotiated at session establishment. An implementation may not
> + provide this separately and instead include it in the
> + measurements transcript.
> + -
> + name: measurements
> + doc: SPDM GET_MEASUREMENTS response
> + -
> + name: report
> + doc: |
> + A bus that implements a device interface security protocol
> + like TDISP may convey an interface report that details
> + interface settings and capabilities.
> + -
> + name: type-flag
> + type: flags
> + doc: Device security evidence request flags
> + render-max: true
> + # NOTE! these values must match the type enum name and order
> + entries:
> + -
> + name: cert0
> + -
> + name: cert1
> + -
> + name: cert2
> + -
> + name: cert3
> + -
> + name: cert4
> + -
> + name: cert5
> + -
> + name: cert6
> + -
> + name: cert7
> + -
> + name: vca
> + -
> + name: measurements
> + -
> + name: report
> + -
> + name: flag
> + type: flags
> + render-max: true
> + doc: Flags to control evidence retrieval
> + entries:
> + -
> + name: digest
> + doc: |
> + Request a secure hash of objects like vca and measurements.
> + The expectation is that this digest is produced by a responder
> + within the TCB like a platform TSM. It validates a blob that
> + may have traversed a transport without integrity protections.
> +
> +attribute-sets:
> + -
> + name: object
> + attributes:
> + -
> + name: type
> + type: u32
Is this an instance of the type enum? If so then:
enum: type
> + doc: evidence type-id
> + -
> + name: type-mask
> + type: u32
Likewise:
enum: type-flag
> + doc: evidence types as a flag mask
> + -
> + name: flags
> + type: u32
And:
enum: flags
> + doc: evidence modifier flags like 'request object digest'
> + -
> + name: subsys
> + type: string
> + doc: device subsystem name (e.g. bus or class name)
> + -
> + name: dev-name
> + type: string
> + doc: device name
> + -
> + name: nonce
> + type: binary
> + checks:
> + max-len: max-nonce-size
> + -
> + name: generation
> + type: u32
> + doc: detect local threads racing evidence refresh
> + -
> + name: count
> + type: u64
> + doc: TSM, if present, observed count of evidence refresh events
> + -
> + name: length
> + type: u32
> + checks:
> + max: max-object-size
> + doc: |
> + Final size of 'val' blob after all messages received.
> + -
> + name: val
Any reason for the abbreviated name?
> + type: binary
> + multi-attr: true
> + bloblen: length
> + doc: |
> + Ordered evidence object value chunk. Large evidence objects
> + may be split over several dump reply messages up to 'length'.
> + 'length' is transmitted before the first chunk.
> +
> +operations:
> + list:
> + -
> + name: read
> + doc: |
> + Read device evidence objects of a given type mask. The dump reply
> + reports the total value length before val attributes fill the evidence
> + object, possibly across multiple messages.
> + attribute-set: object
> + flags: [admin-perm]
> + dump:
> + pre: device-evidence-nl-read-pre
> + post: device-evidence-nl-read-post
> + request:
> + attributes:
> + - type-mask
> + - flags
> + - subsys
> + - dev-name
> + - nonce
> + reply:
> + attributes:
> + - type
> + - generation
> + - length
> + - val
Is the intention that the dump filter must narrow to a single device? Is
the user expected to enumerate the devices in subsystem then read device
evidence for each in turn?
next prev parent reply other threads:[~2026-07-08 13:48 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-05 22:08 [PATCH 00/15] Device Evidence and Trust for PCI Security Protocol (TDISP) Dan Williams
2026-07-05 22:08 ` [PATCH 01/15] netlink: specs: Introduce multi-message blobs for SPDM Dan Williams
2026-07-05 22:13 ` sashiko-bot
2026-07-08 11:13 ` Donald Hunter
2026-07-11 1:43 ` Dan Williams (nvidia)
2026-07-08 13:23 ` Donald Hunter
2026-07-05 22:08 ` [PATCH 02/15] tools: ynl: Teach pyynl to handle blobs Dan Williams
2026-07-05 22:18 ` sashiko-bot
2026-07-08 13:48 ` Donald Hunter
2026-07-05 22:08 ` [PATCH 03/15] tools: ynl: Teach ynl_gen_c to validate and dump 'blob' attributes Dan Williams
2026-07-05 22:20 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 04/15] device core: Introduce "device evidence" over netlink Dan Williams
2026-07-05 22:20 ` sashiko-bot
2026-07-08 13:22 ` Donald Hunter [this message]
2026-07-05 22:08 ` [PATCH 05/15] device core: Add "device evidence" 'validate' command Dan Williams
2026-07-05 22:26 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 06/15] PCI/TSM: Add device evidence support Dan Williams
2026-07-05 22:16 ` sashiko-bot
2026-07-08 5:00 ` Alexey Kardashevskiy
2026-07-08 18:25 ` Dan Williams (nvidia)
2026-07-05 22:08 ` [PATCH 07/15] modules: Document the global async_probe parameter Dan Williams
2026-07-05 22:15 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 08/15] device core: Initial device trust infrastructure Dan Williams
2026-07-05 22:17 ` sashiko-bot
2026-07-06 13:45 ` Jason Gunthorpe
2026-07-05 22:08 ` [PATCH 09/15] PCI, device core: Move "untrusted" concept to DEVICE_TRUST_ADVERSARY Dan Williams
2026-07-05 22:25 ` sashiko-bot
2026-07-06 13:49 ` Jason Gunthorpe
2026-07-07 13:04 ` Robin Murphy
2026-07-05 22:08 ` [PATCH 10/15] PCI/TSM: Add device interface security LOCKED support Dan Williams
2026-07-05 22:25 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 11/15] PCI/TSM: Add device interface security RUN support Dan Williams
2026-07-05 22:21 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 12/15] PCI/TSM: Add device interface security DMA enable/disable Dan Williams
2026-07-05 22:25 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 13/15] PCI, device core: Add private memory access for DEVICE_TRUST_TCB Dan Williams
2026-07-05 22:28 ` sashiko-bot
2026-07-06 12:42 ` Aneesh Kumar K.V
2026-07-08 18:06 ` Dan Williams (nvidia)
2026-07-08 18:10 ` Aneesh Kumar K.V
2026-07-09 6:32 ` Alexey Kardashevskiy
2026-07-09 7:38 ` Alexey Kardashevskiy
2026-07-05 22:08 ` [PATCH 14/15] PCI/TSM: Create MMIO descriptors via TDISP Report Dan Williams
2026-07-05 22:24 ` sashiko-bot
2026-07-08 9:49 ` Alexey Kardashevskiy
2026-07-05 22:08 ` [PATCH 15/15] PCI/TSM: Add relative MMIO offset support? Dan Williams
2026-07-05 22:25 ` sashiko-bot
2026-07-08 2:25 ` Alexey Kardashevskiy
2026-07-08 18:05 ` Dan Williams (nvidia)
2026-07-06 12:51 ` [PATCH 00/15] Device Evidence and Trust for PCI Security Protocol (TDISP) Jason Gunthorpe
2026-07-06 20:55 ` Dan Williams (nvidia)
2026-07-07 12:43 ` Jason Gunthorpe
2026-07-08 0:12 ` Dan Williams (nvidia)
2026-07-08 14:31 ` Jason Gunthorpe
2026-07-09 2:45 ` Dan Williams (nvidia)
2026-07-09 13:36 ` Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m2tsq9boqp.fsf@gmail.com \
--to=donald.hunter@gmail.com \
--cc=aik@amd.com \
--cc=alistair.francis@wdc.com \
--cc=aneesh.kumar@kernel.org \
--cc=ankita@nvidia.com \
--cc=bhelgaas@google.com \
--cc=djbw@kernel.org \
--cc=driver-core@lists.linux.dev \
--cc=kuba@kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-pci@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=yilun.xu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.