From: Aneesh Kumar K.V <aneesh.kumar@kernel.org>
To: Dan Williams <dan.j.williams@intel.com>,
linux-coco@lists.linux.dev, linux-pci@vger.kernel.org
Cc: gregkh@linuxfoundation.org, bhelgaas@google.com,
yilun.xu@linux.intel.com, aik@amd.com
Subject: Re: [PATCH 2/7] PCI/TSM: Add pci_tsm_guest_req() for managing TDIs
Date: Thu, 28 Aug 2025 18:32:59 +0530 [thread overview]
Message-ID: <yq5awm6nppj0.fsf@kernel.org> (raw)
In-Reply-To: <20250827035259.1356758-3-dan.j.williams@intel.com>
Dan Williams <dan.j.williams@intel.com> writes:
> +/**
> + * enum pci_tsm_req_scope - Scope of guest requests to be validated by TSM
> + *
> + * Guest requests are a transport for a TVM to communicate with a TSM + DSM for
> + * a given TDI. A TSM driver is responsible for maintaining the kernel security
> + * model and limit commands that may affect the host, or are otherwise outside
> + * the typical TDISP operational model.
> + */
> +enum pci_tsm_req_scope {
> + /**
> + * @PCI_TSM_REQ_INFO: Read-only, without side effects, request for
> + * typical TDISP collateral information like Device Interface Reports.
> + * No device secrets are permitted, and no device state is changed.
> + */
> + PCI_TSM_REQ_INFO = 0,
> + /**
> + * @PCI_TSM_REQ_STATE_CHANGE: Request to change the TDISP state from
> + * UNLOCKED->LOCKED, LOCKED->RUN. No any other device state,
> + * configuration, or data change is permitted.
> + */
> + PCI_TSM_REQ_STATE_CHANGE = 1,
> + /**
> + * @PCI_TSM_REQ_DEBUG_READ: Read-only request for debug information
> + *
> + * A method to facilitate TVM information retrieval outside of typical
> + * TDISP operational requirements. No device secrets are permitted.
> + */
> + PCI_TSM_REQ_DEBUG_READ = 2,
> + /**
> + * @PCI_TSM_REQ_DEBUG_WRITE: Device state changes for debug purposes
> + *
> + * The request may affect the operational state of the device outside of
> + * the TDISP operational model. If allowed, requires CAP_SYS_RAW_IO, and
> + * will taint the kernel.
> + */
> + PCI_TSM_REQ_DEBUG_WRITE = 3,
> +};
> +
Will all architectures need to support all the above pci_tsm_req_scope
values?
For example, on ARM, I’ve implemented a simpler approach [1] by using an
architecture-specific pci_tsm_req_scope / type. This simplifies
the implementation, as I can access `info->req` and `info->resp`
directly within the same callback, without needing an additional
structure to carry arch-specific request types like
`ARM_CCA_DA_OBJECT_SIZE` or `ARM_CCA_DA_OBJECT_READ`.
[1] https://git.gitlab.arm.com/linux-arm/linux-cca/-/commit/ae6e667a6426fdeff9cdf9f6807acb8a5d5d601f
-aneesh
next prev parent reply other threads:[~2025-08-28 13:03 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-27 3:52 [PATCH 0/7] PCI/TSM: TEE I/O infrastructure Dan Williams
2025-08-27 3:52 ` [PATCH 1/7] PCI/TSM: Add pci_tsm_{bind,unbind}() methods for instantiating TDIs Dan Williams
2025-09-02 0:12 ` Alexey Kardashevskiy
2025-09-02 15:04 ` Aneesh Kumar K.V
2025-09-10 4:47 ` dan.j.williams
2025-09-10 4:46 ` dan.j.williams
2025-09-02 15:05 ` Aneesh Kumar K.V
2025-09-10 4:50 ` dan.j.williams
2025-09-03 15:17 ` Aneesh Kumar K.V
2025-09-04 10:38 ` Alexey Kardashevskiy
2025-09-04 12:56 ` Aneesh Kumar K.V
2025-09-05 2:32 ` Alexey Kardashevskiy
2025-09-10 5:09 ` dan.j.williams
2025-08-27 3:52 ` [PATCH 2/7] PCI/TSM: Add pci_tsm_guest_req() for managing TDIs Dan Williams
2025-08-28 9:53 ` Alexey Kardashevskiy
2025-08-28 22:07 ` dan.j.williams
2025-08-29 2:21 ` Alexey Kardashevskiy
2025-08-30 2:37 ` dan.j.williams
2025-09-01 23:49 ` Alexey Kardashevskiy
2025-09-08 11:09 ` Alexey Kardashevskiy
2025-09-10 5:35 ` dan.j.williams
2025-10-10 4:48 ` Xu Yilun
2025-08-28 13:02 ` Aneesh Kumar K.V [this message]
2025-08-28 22:14 ` dan.j.williams
2025-08-27 3:52 ` [PATCH 3/7] device core: Introduce confidential device acceptance Dan Williams
2025-08-27 6:14 ` Greg KH
2025-08-28 20:07 ` dan.j.williams
2025-09-16 16:58 ` Jonathan Cameron
2025-08-27 3:52 ` [PATCH 4/7] x86/ioremap, resource: Introduce IORES_DESC_ENCRYPTED for encrypted PCI MMIO Dan Williams
2025-09-17 21:30 ` Jason Gunthorpe
2025-10-07 8:23 ` Alexey Kardashevskiy
2025-10-07 21:31 ` Alexey Kardashevskiy
2025-08-27 3:52 ` [PATCH 5/7] PCI/TSM: Add Device Security (TVM Guest) operations support Dan Williams
2025-09-03 15:22 ` Aneesh Kumar K.V
2025-09-10 5:15 ` dan.j.williams
2025-09-11 8:31 ` Aneesh Kumar K.V
2025-09-04 15:02 ` Aneesh Kumar K.V
2025-09-10 5:31 ` dan.j.williams
2025-09-16 17:10 ` Jonathan Cameron
2025-08-27 3:52 ` [PATCH 6/7] samples/devsec: Introduce a "Device Security TSM" sample driver Dan Williams
2025-08-27 12:39 ` Jason Gunthorpe
2025-08-27 23:47 ` Alexey Kardashevskiy
2025-08-28 21:38 ` dan.j.williams
2025-08-29 16:02 ` Jason Gunthorpe
2025-08-29 20:00 ` dan.j.williams
2025-08-29 23:34 ` Jason Gunthorpe
2025-08-27 3:52 ` [PATCH 7/7] tools/testing/devsec: Add a script to exercise samples/devsec/ Dan Williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=yq5awm6nppj0.fsf@kernel.org \
--to=aneesh.kumar@kernel.org \
--cc=aik@amd.com \
--cc=bhelgaas@google.com \
--cc=dan.j.williams@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-pci@vger.kernel.org \
--cc=yilun.xu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.