From: Donald Hunter <donald.hunter@gmail.com>
To: Dan Williams <djbw@kernel.org>
Cc: linux-coco@lists.linux.dev, linux-pci@vger.kernel.org,
driver-core@lists.linux.dev, ankita@nvidia.com,
Alistair Francis <alistair.francis@wdc.com>,
Lukas Wunner <lukas@wunner.de>,
Jakub Kicinski <kuba@kernel.org>,
Bjorn Helgaas <bhelgaas@google.com>,
Xu Yilun <yilun.xu@linux.intel.com>,
"Aneesh Kumar K.V (Arm)" <aneesh.kumar@kernel.org>,
Alexey Kardashevskiy <aik@amd.com>
Subject: Re: [PATCH 04/15] device core: Introduce "device evidence" over netlink
Date: Wed, 08 Jul 2026 14:22:06 +0100 [thread overview]
Message-ID: <m2tsq9boqp.fsf@gmail.com> (raw)
In-Reply-To: <20260705220819.2472765-5-djbw@kernel.org>
Dan Williams <djbw@kernel.org> writes:
> Multiple device security mechanisms are built on top of the SPDM protocol
> from the DMTF. The protocol arranges for devices to verify their identity
> and establish secure sessions between requesters and responders. In turn,
> device security protocols like PCIe IDE use SPDM sessions to program link
> encryption keys, and protocols like PCIe TDISP use exclusive secure
> sessions for managing the device's security state.
>
> All of these uses share a need to retrieve the device's installed
> certificates, its measurements, and other protocol specific objects like
> interface reports. Unify all of those object retrieval and regeneration
> cases into a device-scoped ABI that buses can leverage.
>
> When PCI CMA was presented at Linux Plumbers the consensus reaction was
> that it was not suitable to be driven via sysfs. Given the varied use
> cases of the same fundamental objects the consensus converged on
> netlink. With the new 'blob' extensions to netlink, it can support up to
> the 16MB signed transcripts that SPDM generates.
>
> A bus opts in to evidence gathering via device_evidence_register() and
> passing device_evidence_ops. The ops resolve a device handle to its
> corresponding 'struct device_evidence' context.
>
> See inline documentation in
> Documentation/netlink/specs/device-evidence.yaml for the object types and
> options. This includes objects like TDISP interface reports and options
> like digests instead of full blobs.
Can you include sample pyynl output; it helps immensely during review.
>
> Cc: Alistair Francis <alistair.francis@wdc.com>
> Cc: Lukas Wunner <lukas@wunner.de>
> Cc: Donald Hunter <donald.hunter@gmail.com>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: Bjorn Helgaas <bhelgaas@google.com>
> Cc: Xu Yilun <yilun.xu@linux.intel.com>
> Cc: "Aneesh Kumar K.V (Arm)" <aneesh.kumar@kernel.org>
> Cc: Alexey Kardashevskiy <aik@amd.com>
> Signed-off-by: Dan Williams <djbw@kernel.org>
You probably need to cc the netdev list so that the series gets picked
up by patchwork.
> ---
> drivers/base/Kconfig | 4 +
> drivers/base/Makefile | 1 +
> .../netlink/specs/device-evidence.yaml | 186 +++++++
> drivers/base/device-evidence-netlink.h | 23 +
> include/linux/device/evidence.h | 85 ++++
> include/uapi/linux/device-evidence.h | 110 +++++
> drivers/base/device-evidence-netlink.c | 44 ++
> drivers/base/evidence.c | 453 ++++++++++++++++++
> MAINTAINERS | 4 +
> 9 files changed, 910 insertions(+)
> create mode 100644 Documentation/netlink/specs/device-evidence.yaml
> create mode 100644 drivers/base/device-evidence-netlink.h
> create mode 100644 include/linux/device/evidence.h
> create mode 100644 include/uapi/linux/device-evidence.h
> create mode 100644 drivers/base/device-evidence-netlink.c
> create mode 100644 drivers/base/evidence.c
>
> diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig
> index f7d385cbd3ba..e3929fe6b240 100644
> --- a/drivers/base/Kconfig
> +++ b/drivers/base/Kconfig
> @@ -190,6 +190,10 @@ config HMEM_REPORTING
> Enable reporting for heterogeneous memory access attributes under
> their non-uniform memory nodes.
>
> +config DEVICE_EVIDENCE
> + bool
> + depends on NET
> +
> source "drivers/base/test/Kconfig"
>
> config SYS_HYPERVISOR
> diff --git a/drivers/base/Makefile b/drivers/base/Makefile
> index 8074a10183dc..02bdc4f74019 100644
> --- a/drivers/base/Makefile
> +++ b/drivers/base/Makefile
> @@ -26,6 +26,7 @@ obj-$(CONFIG_DEV_COREDUMP) += devcoredump.o
> obj-$(CONFIG_GENERIC_MSI_IRQ) += platform-msi.o
> obj-$(CONFIG_GENERIC_ARCH_TOPOLOGY) += arch_topology.o
> obj-$(CONFIG_GENERIC_ARCH_NUMA) += arch_numa.o
> +obj-$(CONFIG_DEVICE_EVIDENCE) += evidence.o device-evidence-netlink.o
> obj-$(CONFIG_ACPI) += physical_location.o
>
> obj-y += test/
> diff --git a/Documentation/netlink/specs/device-evidence.yaml b/Documentation/netlink/specs/device-evidence.yaml
> new file mode 100644
> index 000000000000..44b278bc20e1
> --- /dev/null
> +++ b/Documentation/netlink/specs/device-evidence.yaml
> @@ -0,0 +1,186 @@
> +# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
> +#
> +---
> +name: device-evidence
The naming seems to be too narrow - if the scope expands at all then the
name would need to change. A subsystem name like spdm, tsm or tsm-device
seems better?
> +protocol: genetlink
> +uapi-header: linux/device-evidence.h
> +doc: Device evidence retrieval over generic netlink
> +
> +definitions:
> + -
> + type: const
> + name: max-object-size
> + value: 0x01000000
> + -
> + type: const
> + name: max-nonce-size
> + value: 32
> + -
> + name: type
> + type: enum
> + doc: Device security evidence objects
> + render-max: true
> + entries:
> + -
> + name: cert0
> + doc: SPDM certificate chain from device slot0
> + -
> + name: cert1
> + doc: SPDM certificate chain from device slot1
> + -
> + name: cert2
> + doc: SPDM certificate chain from device slot2
> + -
> + name: cert3
> + doc: SPDM certificate chain from device slot3
> + -
> + name: cert4
> + doc: SPDM certificate chain from device slot4
> + -
> + name: cert5
> + doc: SPDM certificate chain from device slot5
> + -
> + name: cert6
> + doc: SPDM certificate chain from device slot6
> + -
> + name: cert7
> + doc: SPDM certificate chain from device slot7
> + -
> + name: vca
> + doc: |
> + SPDM version, capabilities, and algorithms transcript
> + negotiated at session establishment. An implementation may not
> + provide this separately and instead include it in the
> + measurements transcript.
> + -
> + name: measurements
> + doc: SPDM GET_MEASUREMENTS response
> + -
> + name: report
> + doc: |
> + A bus that implements a device interface security protocol
> + like TDISP may convey an interface report that details
> + interface settings and capabilities.
> + -
> + name: type-flag
> + type: flags
> + doc: Device security evidence request flags
> + render-max: true
> + # NOTE! these values must match the type enum name and order
> + entries:
> + -
> + name: cert0
> + -
> + name: cert1
> + -
> + name: cert2
> + -
> + name: cert3
> + -
> + name: cert4
> + -
> + name: cert5
> + -
> + name: cert6
> + -
> + name: cert7
> + -
> + name: vca
> + -
> + name: measurements
> + -
> + name: report
> + -
> + name: flag
> + type: flags
> + render-max: true
> + doc: Flags to control evidence retrieval
> + entries:
> + -
> + name: digest
> + doc: |
> + Request a secure hash of objects like vca and measurements.
> + The expectation is that this digest is produced by a responder
> + within the TCB like a platform TSM. It validates a blob that
> + may have traversed a transport without integrity protections.
> +
> +attribute-sets:
> + -
> + name: object
> + attributes:
> + -
> + name: type
> + type: u32
Is this an instance of the type enum? If so then:
enum: type
> + doc: evidence type-id
> + -
> + name: type-mask
> + type: u32
Likewise:
enum: type-flag
> + doc: evidence types as a flag mask
> + -
> + name: flags
> + type: u32
And:
enum: flags
> + doc: evidence modifier flags like 'request object digest'
> + -
> + name: subsys
> + type: string
> + doc: device subsystem name (e.g. bus or class name)
> + -
> + name: dev-name
> + type: string
> + doc: device name
> + -
> + name: nonce
> + type: binary
> + checks:
> + max-len: max-nonce-size
> + -
> + name: generation
> + type: u32
> + doc: detect local threads racing evidence refresh
> + -
> + name: count
> + type: u64
> + doc: TSM, if present, observed count of evidence refresh events
> + -
> + name: length
> + type: u32
> + checks:
> + max: max-object-size
> + doc: |
> + Final size of 'val' blob after all messages received.
> + -
> + name: val
Any reason for the abbreviated name?
> + type: binary
> + multi-attr: true
> + bloblen: length
> + doc: |
> + Ordered evidence object value chunk. Large evidence objects
> + may be split over several dump reply messages up to 'length'.
> + 'length' is transmitted before the first chunk.
> +
> +operations:
> + list:
> + -
> + name: read
> + doc: |
> + Read device evidence objects of a given type mask. The dump reply
> + reports the total value length before val attributes fill the evidence
> + object, possibly across multiple messages.
> + attribute-set: object
> + flags: [admin-perm]
> + dump:
> + pre: device-evidence-nl-read-pre
> + post: device-evidence-nl-read-post
> + request:
> + attributes:
> + - type-mask
> + - flags
> + - subsys
> + - dev-name
> + - nonce
> + reply:
> + attributes:
> + - type
> + - generation
> + - length
> + - val
Is the intention that the dump filter must narrow to a single device? Is
the user expected to enumerate the devices in subsystem then read device
evidence for each in turn?
next prev parent reply other threads:[~2026-07-08 13:48 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-05 22:08 [PATCH 00/15] Device Evidence and Trust for PCI Security Protocol (TDISP) Dan Williams
2026-07-05 22:08 ` [PATCH 01/15] netlink: specs: Introduce multi-message blobs for SPDM Dan Williams
2026-07-08 11:13 ` Donald Hunter
2026-07-11 1:43 ` Dan Williams (nvidia)
2026-07-08 13:23 ` Donald Hunter
2026-07-05 22:08 ` [PATCH 02/15] tools: ynl: Teach pyynl to handle blobs Dan Williams
2026-07-08 13:48 ` Donald Hunter
2026-07-05 22:08 ` [PATCH 03/15] tools: ynl: Teach ynl_gen_c to validate and dump 'blob' attributes Dan Williams
2026-07-05 22:08 ` [PATCH 04/15] device core: Introduce "device evidence" over netlink Dan Williams
2026-07-08 13:22 ` Donald Hunter [this message]
2026-07-05 22:08 ` [PATCH 05/15] device core: Add "device evidence" 'validate' command Dan Williams
2026-07-05 22:08 ` [PATCH 06/15] PCI/TSM: Add device evidence support Dan Williams
2026-07-08 5:00 ` Alexey Kardashevskiy
2026-07-08 18:25 ` Dan Williams (nvidia)
2026-07-05 22:08 ` [PATCH 07/15] modules: Document the global async_probe parameter Dan Williams
2026-07-05 22:08 ` [PATCH 08/15] device core: Initial device trust infrastructure Dan Williams
2026-07-06 13:45 ` Jason Gunthorpe
2026-07-05 22:08 ` [PATCH 09/15] PCI, device core: Move "untrusted" concept to DEVICE_TRUST_ADVERSARY Dan Williams
2026-07-06 13:49 ` Jason Gunthorpe
2026-07-07 13:04 ` Robin Murphy
2026-07-05 22:08 ` [PATCH 10/15] PCI/TSM: Add device interface security LOCKED support Dan Williams
2026-07-05 22:08 ` [PATCH 11/15] PCI/TSM: Add device interface security RUN support Dan Williams
2026-07-05 22:08 ` [PATCH 12/15] PCI/TSM: Add device interface security DMA enable/disable Dan Williams
2026-07-05 22:08 ` [PATCH 13/15] PCI, device core: Add private memory access for DEVICE_TRUST_TCB Dan Williams
2026-07-06 12:42 ` Aneesh Kumar K.V
2026-07-08 18:06 ` Dan Williams (nvidia)
2026-07-08 18:10 ` Aneesh Kumar K.V
2026-07-09 6:32 ` Alexey Kardashevskiy
2026-07-09 7:38 ` Alexey Kardashevskiy
2026-07-05 22:08 ` [PATCH 14/15] PCI/TSM: Create MMIO descriptors via TDISP Report Dan Williams
2026-07-08 9:49 ` Alexey Kardashevskiy
2026-07-05 22:08 ` [PATCH 15/15] PCI/TSM: Add relative MMIO offset support? Dan Williams
2026-07-08 2:25 ` Alexey Kardashevskiy
2026-07-08 18:05 ` Dan Williams (nvidia)
2026-07-06 12:51 ` [PATCH 00/15] Device Evidence and Trust for PCI Security Protocol (TDISP) Jason Gunthorpe
2026-07-06 20:55 ` Dan Williams (nvidia)
2026-07-07 12:43 ` Jason Gunthorpe
2026-07-08 0:12 ` Dan Williams (nvidia)
2026-07-08 14:31 ` Jason Gunthorpe
2026-07-09 2:45 ` Dan Williams (nvidia)
2026-07-09 13:36 ` Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m2tsq9boqp.fsf@gmail.com \
--to=donald.hunter@gmail.com \
--cc=aik@amd.com \
--cc=alistair.francis@wdc.com \
--cc=aneesh.kumar@kernel.org \
--cc=ankita@nvidia.com \
--cc=bhelgaas@google.com \
--cc=djbw@kernel.org \
--cc=driver-core@lists.linux.dev \
--cc=kuba@kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-pci@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=yilun.xu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox