From: Aneesh Kumar K.V <aneesh.kumar@kernel.org>
To: Dan Williams <dan.j.williams@intel.com>,
linux-coco@lists.linux.dev, linux-pci@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, bhelgaas@google.com, aik@amd.com,
lukas@wunner.de, "Ilpo Järvinen" <ilpo.jarvinen@linux.intel.com>,
"Isaku Yamahata" <isaku.yamahata@intel.com>,
"John Allen" <john.allen@amd.com>,
"Jonathan Cameron" <Jonathan.Cameron@huawei.com>,
"Samuel Ortiz" <sameo@rivosinc.com>,
"Suzuki K Poulose" <suzuki.poulose@arm.com>,
"Tom Lendacky" <thomas.lendacky@amd.com>,
"Xiaoyao Li" <xiaoyao.li@intel.com>,
"Xu Yi lun" <yilun.xu@linux.intel.com>,
"Yilun Xu" <yilun.xu@intel.com>
Subject: Re: [PATCH v4 00/10] PCI/TSM: Core infrastructure for PCI device security (TDISP)
Date: Fri, 18 Jul 2025 16:27:11 +0530 [thread overview]
Message-ID: <yq5ah5z922d4.fsf@kernel.org> (raw)
In-Reply-To: <20250717183358.1332417-1-dan.j.williams@intel.com>
Dan Williams <dan.j.williams@intel.com> writes:
> Changes since v3 [1]:
> - Move the TSM core out of the host/ subdirectory since it is shared
> with the guest (Aneesh)
> - Support multiple simultaneous TSM providers (Jason, Alexey)
> - Do not reuse the "connect" operation for both Link and Security state
> management (Aneesh, Alexey)
> - Derive the pci_tsm instance type from details in the @pdev or @dsm
> properties (Aneesh)
> - Delay TSM association until ->connect(), results in removing the need
> for the @state attribute
> - Introduce reverse iterators for all PCI bus and function walking.
> - Move all per-device context setup/teardown to
> pci_tsm_(constructor,destructor)
> - Add pci_ide_stream_release() for scope-based cleanup of IDE setup
> - Shorten the name of the "stream" sysfs link (Jonathan)
> - misc fixups (Jonathan)
> - Note creation of pci_host_bridge_type in changelog (Jonathan)
> - Drop now unused PREP_PCI_IDE_SEL_ADDR1() and related macros (Jonathan)
> - Open code PREP_PCI_IDE_SEL_RID_2 in its only caller (Jonathan)
> - Clarify the specification Stream term from a Linux "stream" object
> (Jonathan)
> - Convert samples/devsec/ to faux device (Jonathan)
> - Drop Date: from ABI entries
> - Add basic driver-api documentation to build kdoc
> - Switch to ACQUIRE()
> - Add an explicit 'disconnect' attribute
> - Clarify the PCI_IDE_STREAM_MAX Kconfig help (Jonathan)
> - Use unsigned variables from sel_ide_offset (Jonathan)
>
> [1]: http://lore.kernel.org/20250516054732.2055093-1-dan.j.williams@intel.com
>
> This set is available at tsm.git#staging (rebasing branch) or
> tsm.git#devsec-20250717 (immutable tag). It passes a basic that
> exercises load/unload of the samples/devsec/ modules and
> connect/disconnect of the emulated device.
>
> Status (complexity reductions):
> -------------------------------
>
> Between the support for multiple TSMs, the split of "Link" and
> "Security" operations and inferring the type of 'struct pci_tsm' context
> from its properties, the implementation shed complexity.
>
> Now, ->probe() is only called in the sysfs::connect_store() path which
> means that there is no need to track the PCI_TSM_INIT and
> PCI_TSM_CONNECT states. Simply, when a Device Security Manager (DSM) is
> connected, at that point all potential TDIs (assignable functions where
> the DSM can manage its security state) are probed.
>
> Now, initial determination of when the "tsm/" sysfs group appears
> follows typical expectations. If at least one TSM device has been
> registered prior to a DSM device being scanned, its "tsm/" attribute
> group will appear. No more need for a pci_tsm_init() call via
> pci_init_capabilities().
>
> The pci_tsm_destroy() path is now simply arranging for
> pci_tsm_disconnect() of all DSMs after all TDIs have gone through
> ->remove() callback. This is accomplished with new "reverse" iterators
> for all PCI bus walks.
>
> Next steps:
> -----------
> The campaign to graduate this out of tsm.git#staging and into mainline
> starts in earnest when samples/devsec/ + 1 vendor implementation, or 2
> vendor implementations can demonstrate the end-to-end flow (minus
> attestation). That is the "consensus" event horizon where prior to that
> it seems reasonable for impacted subsystem maintainers to opt-out of
> reviewing all the fine details under debate. Suffice to say there are a
> lot of fine details flying around.
>
> To that end I expect it would help to have a tracking document in
> tsm.git#staging that catalogs the open debates and the current leanings
> of the staging tree. That is next in the hopper.
>
> Original Cover letter:
> ----------------------
>
> Trusted execution environment (TEE) Device Interface Security Protocol
> (TDISP) is a chapter name in the PCI specification. It describes an
> alphabet soup of mechanisms, SPDM, CMA, IDE, TSM/DSM, that system
> software uses to establish trust in a device and assign it to a
> confidential virtual machine (CVM). It is protocol for dynamically
> extending the trusted computing boundary (TCB) of a CVM with a PCI
> device interface that can issue DMA to CVM private memory.
>
> The acronym soup problem is enhanced by every major platform vendor
> having distinct TEE Security Manager (TSM) API implementations /
> capabilities, and to a lesser extent, every potential endpoint Device
> Security Manager (DSM) having its own idiosyncratic behaviors around
> TDISP state transitions.
>
> Despite all that opportunity for differentiation, there is a significant
> portion of the implementation that is cross-vendor common. However, it
> is difficult to develop, debate, test and settle all those pieces absent
> a low level TSM driver implementation to pull it all together.
>
> The proposal, of which this set is the first phase, is incrementally
> develop the shared infrastructure on top of a sample TSM driver
> implementation to enable clean vendor agnostic discussions about the
> commons. "samples/devsec/" is meant to be: just enough emulation to
> exercise all the core infrastructure, a reference implementation, and a
> simple unit test. The sample also enables coordination with the native
> PCI device security effort [2].
>
> [2]: http://lore.kernel.org/cover.1719771133.git.lukas@wunner.de
>
> Dan Williams (10):
> coco/tsm: Introduce a core device for TEE Security Managers
> PCI/IDE: Enumerate Selective Stream IDE capabilities
> PCI: Introduce pci_walk_bus_reverse(), for_each_pci_dev_reverse()
> PCI/TSM: Authenticate devices via platform TSM
> samples/devsec: Introduce a PCI device-security bus + endpoint sample
> PCI: Add PCIe Device 3 Extended Capability enumeration
> PCI/IDE: Add IDE establishment helpers
> PCI/IDE: Report available IDE streams
> PCI/TSM: Report active IDE streams
> samples/devsec: Add sample IDE establishment
>
> Documentation/ABI/testing/sysfs-bus-pci | 51 ++
> Documentation/ABI/testing/sysfs-class-tsm | 19 +
> .../ABI/testing/sysfs-devices-pci-host-bridge | 29 +
> Documentation/driver-api/pci/index.rst | 1 +
> Documentation/driver-api/pci/tsm.rst | 12 +
> MAINTAINERS | 7 +-
> drivers/base/bus.c | 38 +
> drivers/pci/Kconfig | 28 +
> drivers/pci/Makefile | 2 +
> drivers/pci/bus.c | 37 +
> drivers/pci/ide.c | 578 ++++++++++++++
> drivers/pci/pci-sysfs.c | 4 +
> drivers/pci/pci.h | 17 +
> drivers/pci/probe.c | 25 +-
> drivers/pci/remove.c | 3 +
> drivers/pci/search.c | 63 +-
> drivers/pci/tsm.c | 554 ++++++++++++++
> drivers/virt/coco/Kconfig | 3 +
> drivers/virt/coco/Makefile | 2 +
> drivers/virt/coco/tsm-core.c | 198 +++++
> include/linux/device/bus.h | 3 +
> include/linux/pci-ide.h | 72 ++
> include/linux/pci-tsm.h | 158 ++++
> include/linux/pci.h | 36 +
> include/linux/tsm.h | 15 +
> include/uapi/linux/pci_regs.h | 89 +++
> samples/Kconfig | 16 +
> samples/Makefile | 1 +
> samples/devsec/Makefile | 10 +
> samples/devsec/bus.c | 711 ++++++++++++++++++
> samples/devsec/common.c | 26 +
> samples/devsec/devsec.h | 40 +
> samples/devsec/tsm.c | 241 ++++++
> 33 files changed, 3078 insertions(+), 11 deletions(-)
> create mode 100644 Documentation/ABI/testing/sysfs-class-tsm
> create mode 100644 Documentation/driver-api/pci/tsm.rst
> create mode 100644 drivers/pci/ide.c
> create mode 100644 drivers/pci/tsm.c
> create mode 100644 drivers/virt/coco/tsm-core.c
> create mode 100644 include/linux/pci-ide.h
> create mode 100644 include/linux/pci-tsm.h
> create mode 100644 samples/devsec/Makefile
> create mode 100644 samples/devsec/bus.c
> create mode 100644 samples/devsec/common.c
> create mode 100644 samples/devsec/devsec.h
> create mode 100644 samples/devsec/tsm.c
>
>
> base-commit: df877487cac3509cbae2625181e7ad6748afed24
This series currently doesn’t include the TDI bind equivalent.
Incorporating some of the changes from patch [1] would help lay the
groundwork for submitting the remaining POC patches.
Also, could you clarify the purpose of sec_probe and sec_remove? How are
they being used?
[1] https://lore.kernel.org/all/20250516054732.2055093-13-dan.j.williams@intel.com
-aneesh
prev parent reply other threads:[~2025-07-18 10:57 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-17 18:33 [PATCH v4 00/10] PCI/TSM: Core infrastructure for PCI device security (TDISP) Dan Williams
2025-07-17 18:33 ` [PATCH v4 01/10] coco/tsm: Introduce a core device for TEE Security Managers Dan Williams
2025-07-29 11:28 ` Jonathan Cameron
2025-07-17 18:33 ` [PATCH v4 02/10] PCI/IDE: Enumerate Selective Stream IDE capabilities Dan Williams
2025-07-29 12:03 ` Jonathan Cameron
2025-08-05 20:59 ` dan.j.williams
2025-08-07 20:12 ` Bjorn Helgaas
2025-08-07 22:37 ` dan.j.williams
2025-08-07 22:53 ` Bjorn Helgaas
2025-08-08 2:17 ` dan.j.williams
2025-08-08 15:59 ` Bjorn Helgaas
2025-08-07 22:43 ` Bjorn Helgaas
2025-07-17 18:33 ` [PATCH v4 03/10] PCI: Introduce pci_walk_bus_reverse(), for_each_pci_dev_reverse() Dan Williams
2025-07-29 13:06 ` Jonathan Cameron
2025-08-05 23:52 ` dan.j.williams
2025-08-06 10:54 ` Jonathan Cameron
2025-08-07 20:24 ` Bjorn Helgaas
2025-08-07 23:17 ` dan.j.williams
2025-08-07 23:26 ` Bjorn Helgaas
2025-07-17 18:33 ` [PATCH v4 04/10] PCI/TSM: Authenticate devices via platform TSM Dan Williams
2025-07-29 14:56 ` Jonathan Cameron
2025-08-06 1:35 ` dan.j.williams
2025-08-06 11:10 ` Jonathan Cameron
2025-08-06 23:16 ` dan.j.williams
2025-08-07 10:42 ` Jonathan Cameron
2025-08-07 2:35 ` dan.j.williams
2025-08-05 15:53 ` Xu Yilun
2025-08-06 22:30 ` dan.j.williams
2025-08-07 21:27 ` Bjorn Helgaas
2025-08-08 22:51 ` dan.j.williams
2025-08-13 2:57 ` Alexey Kardashevskiy
2025-08-14 1:40 ` dan.j.williams
2025-08-14 14:52 ` Alexey Kardashevskiy
2025-08-18 21:08 ` dan.j.williams
2025-07-17 18:33 ` [PATCH v4 05/10] samples/devsec: Introduce a PCI device-security bus + endpoint sample Dan Williams
2025-07-29 15:16 ` Jonathan Cameron
2025-08-06 3:20 ` dan.j.williams
2025-08-06 11:16 ` Jonathan Cameron
2025-08-06 18:33 ` dan.j.williams
2025-08-11 13:18 ` Gerd Hoffmann
2025-08-11 20:47 ` dan.j.williams
2025-08-07 21:45 ` Bjorn Helgaas
2025-08-08 23:45 ` dan.j.williams
2025-07-17 18:33 ` [PATCH v4 06/10] PCI: Add PCIe Device 3 Extended Capability enumeration Dan Williams
2025-07-29 15:23 ` Jonathan Cameron
2025-08-06 21:00 ` dan.j.williams
2025-08-06 21:02 ` dan.j.williams
2025-08-07 22:06 ` Bjorn Helgaas
2025-08-09 0:05 ` dan.j.williams
2025-08-07 22:46 ` Bjorn Helgaas
2025-07-17 18:33 ` [PATCH v4 07/10] PCI/IDE: Add IDE establishment helpers Dan Williams
2025-07-29 15:45 ` Jonathan Cameron
2025-08-06 21:40 ` dan.j.williams
2025-08-07 22:38 ` Bjorn Helgaas
2025-08-09 1:52 ` dan.j.williams
2025-08-07 22:47 ` Bjorn Helgaas
2025-08-08 10:21 ` Arto Merilainen
2025-08-08 17:26 ` dan.j.williams
2025-08-11 8:02 ` Arto Merilainen
2025-08-28 8:19 ` Aneesh Kumar K.V
2025-09-11 4:15 ` Aneesh Kumar K.V
2025-09-11 19:25 ` dan.j.williams
2025-09-25 10:18 ` Xu Yilun
2025-09-25 11:30 ` Arto Merilainen
2025-07-17 18:33 ` [PATCH v4 08/10] PCI/IDE: Report available IDE streams Dan Williams
2025-07-29 15:47 ` Jonathan Cameron
2025-08-07 22:48 ` Bjorn Helgaas
2025-07-17 18:33 ` [PATCH v4 09/10] PCI/TSM: Report active " Dan Williams
2025-07-29 15:58 ` Jonathan Cameron
2025-08-06 21:55 ` dan.j.williams
2025-08-07 22:49 ` Bjorn Helgaas
2025-07-17 18:33 ` [PATCH v4 10/10] samples/devsec: Add sample IDE establishment Dan Williams
2025-07-29 16:06 ` Jonathan Cameron
2025-07-18 10:57 ` Aneesh Kumar K.V [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=yq5ah5z922d4.fsf@kernel.org \
--to=aneesh.kumar@kernel.org \
--cc=Jonathan.Cameron@huawei.com \
--cc=aik@amd.com \
--cc=bhelgaas@google.com \
--cc=dan.j.williams@intel.com \
--cc=ilpo.jarvinen@linux.intel.com \
--cc=isaku.yamahata@intel.com \
--cc=john.allen@amd.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=sameo@rivosinc.com \
--cc=suzuki.poulose@arm.com \
--cc=thomas.lendacky@amd.com \
--cc=xiaoyao.li@intel.com \
--cc=yilun.xu@intel.com \
--cc=yilun.xu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.