Linux driver-core infrastructure
 help / color / mirror / Atom feed
From: Dan Williams <djbw@kernel.org>
To: linux-coco@lists.linux.dev
Cc: linux-pci@vger.kernel.org, driver-core@lists.linux.dev,
	ankita@nvidia.com, Bjorn Helgaas <bhelgaas@google.com>,
	Alistair Francis <alistair.francis@wdc.com>,
	Lukas Wunner <lukas@wunner.de>,
	Xu Yilun <yilun.xu@linux.intel.com>,
	"Aneesh Kumar K.V (Arm)" <aneesh.kumar@kernel.org>,
	Alexey Kardashevskiy <aik@amd.com>
Subject: [PATCH 06/15] PCI/TSM: Add device evidence support
Date: Sun,  5 Jul 2026 15:08:10 -0700	[thread overview]
Message-ID: <20260705220819.2472765-7-djbw@kernel.org> (raw)
In-Reply-To: <20260705220819.2472765-1-djbw@kernel.org>

Register the PCI Trusted Execution Environment Security Manager (TSM)
framework with the device-evidence netlink ABI. The security operations
that PCI core coordinates with a device security manager (DSM) through a
platform TEE security manager (TSM), builds upon the SPDM protocol.

A TSM owns an SPDM session and publishes the corresponding evidence through
TSM firwmware ABIs. A low level TSM driver is responsible for creating a
'struct device_evidence' context and carrying out refresh_evidence()
requests for regenerating measurement transcripts with a nonce.

Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: Alistair Francis <alistair.francis@wdc.com>
Cc: Lukas Wunner <lukas@wunner.de>
Cc: Xu Yilun <yilun.xu@linux.intel.com>
Cc: "Aneesh Kumar K.V (Arm)" <aneesh.kumar@kernel.org>
Cc: Alexey Kardashevskiy <aik@amd.com>
Signed-off-by: Dan Williams <djbw@kernel.org>
---
 drivers/pci/Kconfig               |   1 +
 drivers/pci/Makefile              |   2 +-
 drivers/pci/tsm/Makefile          |   8 +++
 include/linux/pci-tsm.h           |  14 ++++
 drivers/pci/{tsm.c => tsm/core.c} |   9 +--
 drivers/pci/tsm/evidence.c        | 110 ++++++++++++++++++++++++++++++
 MAINTAINERS                       |   2 +-
 7 files changed, 137 insertions(+), 9 deletions(-)
 create mode 100644 drivers/pci/tsm/Makefile
 rename drivers/pci/{tsm.c => tsm/core.c} (99%)
 create mode 100644 drivers/pci/tsm/evidence.c

diff --git a/drivers/pci/Kconfig b/drivers/pci/Kconfig
index 0c7408509ba2..ed17b5d2d5ae 100644
--- a/drivers/pci/Kconfig
+++ b/drivers/pci/Kconfig
@@ -126,6 +126,7 @@ config PCI_IDE
 
 config PCI_TSM
 	bool "PCI TSM: Device security protocol support"
+	select DEVICE_EVIDENCE if NET
 	select PCI_IDE
 	select PCI_DOE
 	select TSM
diff --git a/drivers/pci/Makefile b/drivers/pci/Makefile
index 41ebc3b9a518..211f195ff2c9 100644
--- a/drivers/pci/Makefile
+++ b/drivers/pci/Makefile
@@ -35,7 +35,7 @@ obj-$(CONFIG_XEN_PCIDEV_FRONTEND) += xen-pcifront.o
 obj-$(CONFIG_VGA_ARB)		+= vgaarb.o
 obj-$(CONFIG_PCI_DOE)		+= doe.o
 obj-$(CONFIG_PCI_IDE)		+= ide.o
-obj-$(CONFIG_PCI_TSM)		+= tsm.o
+obj-$(CONFIG_PCI_TSM)		+= tsm/
 obj-$(CONFIG_PCI_DYNAMIC_OF_NODES) += of_property.o
 obj-$(CONFIG_PCI_NPEM)		+= npem.o
 obj-$(CONFIG_PCIE_TPH)		+= tph.o
diff --git a/drivers/pci/tsm/Makefile b/drivers/pci/tsm/Makefile
new file mode 100644
index 000000000000..fd7ac2e862f1
--- /dev/null
+++ b/drivers/pci/tsm/Makefile
@@ -0,0 +1,8 @@
+# SPDX-License-Identifier: GPL-2.0
+#
+# Makefile for the PCI/TSM infrastructure
+
+obj-$(CONFIG_PCI_TSM) += tsm.o
+
+tsm-y := core.o
+tsm-$(CONFIG_DEVICE_EVIDENCE) += evidence.o
diff --git a/include/linux/pci-tsm.h b/include/linux/pci-tsm.h
index a6435aba03f9..8bc16029d31e 100644
--- a/include/linux/pci-tsm.h
+++ b/include/linux/pci-tsm.h
@@ -3,7 +3,10 @@
 #define __PCI_TSM_H
 #include <linux/mutex.h>
 #include <linux/pci.h>
+#include <linux/rwsem.h>
 #include <linux/sockptr.h>
+#include <linux/tsm.h>
+#include <linux/device/evidence.h>
 
 struct pci_tsm;
 struct tsm_dev;
@@ -18,6 +21,7 @@ enum pci_tsm_req_scope;
  * @devsec_ops: Lock, unlock, and interrogate the security state of the
  *		function via the platform TSM (typically virtual function
  *		operations).
+ * @refresh_evidence: Common operation to regenerate attestation objects
  *
  * This operations are mutually exclusive either a tsm_dev instance
  * manages physical link properties or it manages function security
@@ -75,6 +79,9 @@ struct pci_tsm_ops {
 					struct pci_dev *pdev);
 		void (*unlock)(struct pci_tsm *tsm);
 	);
+
+	int (*refresh_evidence)(struct pci_tsm *tsm, const void *nonce,
+				size_t nonce_len);
 };
 
 /**
@@ -96,6 +103,8 @@ struct pci_tdi {
  * @tsm_dev: PCI TEE Security Manager device for Link Confidentiality or Device
  *	     Function Security operations
  * @tdi: TDI context established by the @bind link operation
+ * @evidence: cached evidence from SPDM session establishment (connect), or
+ *	      TDISP bind (lock)
  *
  * This structure is wrapped by low level TSM driver data and returned by
  * probe()/lock(), it is freed by the corresponding remove()/unlock().
@@ -112,6 +121,7 @@ struct pci_tsm {
 	struct pci_dev *dsm_dev;
 	struct tsm_dev *tsm_dev;
 	struct pci_tdi *tdi;
+	struct device_evidence *evidence;
 };
 
 /**
@@ -216,6 +226,10 @@ void pci_tsm_tdi_constructor(struct pci_dev *pdev, struct pci_tdi *tdi,
 ssize_t pci_tsm_guest_req(struct pci_dev *pdev, enum pci_tsm_req_scope scope,
 			  sockptr_t req_in, size_t in_len, sockptr_t req_out,
 			  size_t out_len, u64 *tsm_code);
+static inline const struct pci_tsm_ops *to_pci_tsm_ops(struct pci_tsm *tsm)
+{
+	return tsm->tsm_dev->pci_ops;
+}
 #else
 static inline int pci_tsm_register(struct tsm_dev *tsm_dev)
 {
diff --git a/drivers/pci/tsm.c b/drivers/pci/tsm/core.c
similarity index 99%
rename from drivers/pci/tsm.c
rename to drivers/pci/tsm/core.c
index 5fdcd7f2e820..220842df42bc 100644
--- a/drivers/pci/tsm.c
+++ b/drivers/pci/tsm/core.c
@@ -15,13 +15,13 @@
 #include <linux/sysfs.h>
 #include <linux/tsm.h>
 #include <linux/xarray.h>
-#include "pci.h"
+#include "../pci.h"
 
 /*
  * Provide a read/write lock against the init / exit of pdev tsm
  * capabilities and arrival/departure of a TSM instance
  */
-static DECLARE_RWSEM(pci_tsm_rwsem);
+DECLARE_RWSEM(pci_tsm_rwsem);
 
 /*
  * Count of TSMs registered that support physical link operations vs device
@@ -30,11 +30,6 @@ static DECLARE_RWSEM(pci_tsm_rwsem);
 static int pci_tsm_link_count;
 static int pci_tsm_devsec_count;
 
-static const struct pci_tsm_ops *to_pci_tsm_ops(struct pci_tsm *tsm)
-{
-	return tsm->tsm_dev->pci_ops;
-}
-
 static inline bool is_dsm(struct pci_dev *pdev)
 {
 	return pdev->tsm && pdev->tsm->dsm_dev == pdev;
diff --git a/drivers/pci/tsm/evidence.c b/drivers/pci/tsm/evidence.c
new file mode 100644
index 000000000000..ffb08208f0c0
--- /dev/null
+++ b/drivers/pci/tsm/evidence.c
@@ -0,0 +1,110 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/* Copyright (C) 2026 NVIDIA Corporation & Affiliates */
+
+#include <linux/device/evidence.h>
+#include <linux/init.h>
+#include <linux/mutex.h>
+#include <linux/pci.h>
+#include <linux/pci-tsm.h>
+#include <linux/tsm.h>
+
+extern struct rw_semaphore pci_tsm_rwsem;
+
+static bool evidence_available(struct pci_dev *pdev)
+{
+	return pdev->tsm && pdev->tsm->evidence;
+}
+
+static struct device *pci_tsm_evidence_find_device(const char *name)
+{
+	ACQUIRE(rwsem_read_intr, lock)(&pci_tsm_rwsem);
+	if (ACQUIRE_ERR(rwsem_read_intr, &lock))
+		return NULL;
+
+	struct device *dev __free(put_device) =
+		bus_find_device_by_name(&pci_bus_type, NULL, name);
+
+	/*
+	 * Bail evidence gathering early if we know at this point that
+	 * the device has no valid evidence provider, but still need to
+	 * revalidate the same in pci_tsm_evidence_read_begin().
+	 */
+	if (!dev || !evidence_available(to_pci_dev(dev)))
+		return NULL;
+
+	return no_free_ptr(dev);
+}
+
+static struct device_evidence *pci_tsm_evidence_read_begin(struct device *dev)
+{
+	struct pci_dev *pdev = to_pci_dev(dev);
+	struct device_evidence *evidence;
+	int rc;
+
+	rc = down_read_interruptible(&pci_tsm_rwsem);
+	if (rc)
+		return ERR_PTR(rc);
+
+	if (!evidence_available(pdev))
+		goto err;
+
+	/* Hold the evidence stable against conflicting refresh updates */
+	evidence = pdev->tsm->evidence;
+	rc = down_read_interruptible(&evidence->lock);
+	if (rc)
+		goto err;
+
+	return evidence;
+err:
+	up_read(&pci_tsm_rwsem);
+	return ERR_PTR(-ENXIO);
+}
+
+static void pci_tsm_evidence_read_end(struct device_evidence *evidence)
+{
+	up_read(&evidence->lock);
+	up_read(&pci_tsm_rwsem);
+}
+
+static int pci_tsm_refresh_evidence(struct device *dev, const void *nonce,
+				    size_t nonce_len)
+{
+	struct pci_dev *pdev = to_pci_dev(dev);
+	struct device_evidence *evidence;
+	const struct pci_tsm_ops *ops;
+	int rc;
+
+	/* Sync against disconnect */
+	ACQUIRE(rwsem_read_intr, lock)(&pci_tsm_rwsem);
+	if ((rc = ACQUIRE_ERR(rwsem_read_intr, &lock)))
+		return rc;
+
+	if (!pdev->tsm)
+		return -ENXIO;
+
+	ops = to_pci_tsm_ops(pdev->tsm);
+	if (!ops->refresh_evidence)
+		return -EOPNOTSUPP;
+
+	/* Sync against pci_tsm_evidence_read_begin */
+	evidence = pdev->tsm->evidence;
+	ACQUIRE(rwsem_write_kill, elock)(&evidence->lock);
+	if ((rc = ACQUIRE_ERR(rwsem_write_kill, &elock)))
+		return rc;
+
+	return ops->refresh_evidence(pdev->tsm, nonce, nonce_len);
+}
+
+static const struct device_evidence_ops pci_tsm_evidence_ops = {
+	.subsys_name = "pci",
+	.find_device = pci_tsm_evidence_find_device,
+	.evidence_read_begin = pci_tsm_evidence_read_begin,
+	.evidence_read_end = pci_tsm_evidence_read_end,
+	.refresh_evidence = pci_tsm_refresh_evidence,
+};
+
+static int __init pci_tsm_evidence_init(void)
+{
+	return device_evidence_register(&pci_tsm_evidence_ops);
+}
+subsys_initcall(pci_tsm_evidence_init);
diff --git a/MAINTAINERS b/MAINTAINERS
index cb4f74957f69..6cefaddc1120 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -27472,7 +27472,7 @@ F:	Documentation/driver-api/coco/
 F:	Documentation/driver-api/pci/tsm.rst
 F:	Documentation/netlink/specs/device-evidence.yaml
 F:	drivers/base/*evidence*
-F:	drivers/pci/tsm.c
+F:	drivers/pci/tsm/
 F:	drivers/virt/coco/guest/
 F:	include/uapi/linux/device-evidence.h
 F:	include/linux/device/evidence.h
-- 
2.54.0


  parent reply	other threads:[~2026-07-05 22:08 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-05 22:08 [PATCH 00/15] Device Evidence and Trust for PCI Security Protocol (TDISP) Dan Williams
2026-07-05 22:08 ` [PATCH 01/15] netlink: specs: Introduce multi-message blobs for SPDM Dan Williams
2026-07-05 22:08 ` [PATCH 02/15] tools: ynl: Teach pyynl to handle blobs Dan Williams
2026-07-05 22:08 ` [PATCH 03/15] tools: ynl: Teach ynl_gen_c to validate and dump 'blob' attributes Dan Williams
2026-07-05 22:08 ` [PATCH 04/15] device core: Introduce "device evidence" over netlink Dan Williams
2026-07-05 22:08 ` [PATCH 05/15] device core: Add "device evidence" 'validate' command Dan Williams
2026-07-05 22:08 ` Dan Williams [this message]
2026-07-05 22:08 ` [PATCH 07/15] modules: Document the global async_probe parameter Dan Williams
2026-07-05 22:08 ` [PATCH 08/15] device core: Initial device trust infrastructure Dan Williams
2026-07-06 13:45   ` Jason Gunthorpe
2026-07-05 22:08 ` [PATCH 09/15] PCI, device core: Move "untrusted" concept to DEVICE_TRUST_ADVERSARY Dan Williams
2026-07-06 13:49   ` Jason Gunthorpe
2026-07-05 22:08 ` [PATCH 10/15] PCI/TSM: Add device interface security LOCKED support Dan Williams
2026-07-05 22:08 ` [PATCH 11/15] PCI/TSM: Add device interface security RUN support Dan Williams
2026-07-05 22:08 ` [PATCH 12/15] PCI/TSM: Add device interface security DMA enable/disable Dan Williams
2026-07-05 22:08 ` [PATCH 13/15] PCI, device core: Add private memory access for DEVICE_TRUST_TCB Dan Williams
2026-07-06 12:42   ` Aneesh Kumar K.V
2026-07-05 22:08 ` [PATCH 14/15] PCI/TSM: Create MMIO descriptors via TDISP Report Dan Williams
2026-07-05 22:08 ` [PATCH 15/15] PCI/TSM: Add relative MMIO offset support? Dan Williams
2026-07-06 12:51 ` [PATCH 00/15] Device Evidence and Trust for PCI Security Protocol (TDISP) Jason Gunthorpe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260705220819.2472765-7-djbw@kernel.org \
    --to=djbw@kernel.org \
    --cc=aik@amd.com \
    --cc=alistair.francis@wdc.com \
    --cc=aneesh.kumar@kernel.org \
    --cc=ankita@nvidia.com \
    --cc=bhelgaas@google.com \
    --cc=driver-core@lists.linux.dev \
    --cc=linux-coco@lists.linux.dev \
    --cc=linux-pci@vger.kernel.org \
    --cc=lukas@wunner.de \
    --cc=yilun.xu@linux.intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox