From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 420E31465A5 for ; Thu, 31 Oct 2024 16:50:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730393450; cv=none; b=qicJ1iRQ7anbATjeWC13yjkHZ4EdoElcj+5ug6PnsemII+ppeUFnw7ndxlWRqGVxbIGGuUC4wmZXqknSS//AwovGvPQUh7Txk86STF9ReFskkYtOspSVHvuUmRtxadZnnrkmlGr8Y2w+eY3X/ysr4bQ0g/YYI3QMhpSojenEjSY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730393450; c=relaxed/simple; bh=GxiDslMxoB/b2hPqLO2xw8vPNP+oWQiDoxhqEkug5tA=; h=From:Subject:Date:Message-Id:MIME-Version:Content-Type:To:Cc; b=Rn903rAjd0WVO457fqqLXnTY2J9ifq16KnZKkW8tvmhDJbSLOT9NTuWKv4I9YiC1+YbYs/pGLvG3UZplm44YAayYyWnJIlN8zmpV98wgdWvzUsFv017BFa7tXGXtaaZl8bWiaNAbUWkTuCWKyIAxj+iyquuE2KJ3JmyriBbCs54= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=SSwPhuJU; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="SSwPhuJU" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1730393448; x=1761929448; h=from:subject:date:message-id:mime-version: content-transfer-encoding:to:cc; bh=GxiDslMxoB/b2hPqLO2xw8vPNP+oWQiDoxhqEkug5tA=; b=SSwPhuJUkdINDhEC3oA+kRiRKGDy2jJyyV2ILqUrU22d5Bvg2edevoLb CpAbrE8i5XGXWkd6nwHaktHHW4JwGzOw2ibiOE1AI16LOx+UI7MIqw4AQ Tf3PHqITkNeHBFVSVBJEkXwY0m38y7HF8EZ/38pGBfqmELryYlBX6jG0O h1S9rm49EbSW8BIueuMrMjxz1wZ2nrnQ3nYyebJN2jPVm0elYx9g80wPA GJ8IowD0r60pGu8QARH4x92QkuJvnNt2yuQ6H9r/kTIxLak1WIvMrc+w2 YA3hZrJgUFgrgolGKN/jjt2QMhHuXb6puFK/yS7t+Ork3ZlTnQMbIyTJJ A==; X-CSE-ConnectionGUID: 6TaLvvdfTG64H5GZ5UEx0Q== X-CSE-MsgGUID: +3lQWjFLQmaugpHLmOJM/Q== X-IronPort-AV: E=McAfee;i="6700,10204,11222"; a="30312359" X-IronPort-AV: E=Sophos;i="6.11,199,1725346800"; d="scan'208";a="30312359" Received: from fmviesa006.fm.intel.com ([10.60.135.146]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Oct 2024 09:50:47 -0700 X-CSE-ConnectionGUID: VVnQKS/OTEiNIDek8OIKdA== X-CSE-MsgGUID: qf2fUg6fR1ydFlpyKzcrSA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,247,1725346800"; d="scan'208";a="82217184" Received: from eschuber-mobl.amr.corp.intel.com (HELO bxing-mobl1.clients.intel.com) ([10.125.64.58]) by fmviesa006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Oct 2024 09:50:45 -0700 From: Cedric Xing Subject: [PATCH RFC v2 0/2] tsm: Unified Measurement Register ABI for TVMs Date: Thu, 31 Oct 2024 11:50:39 -0500 Message-Id: <20241031-tsm-rtmr-v2-0-1a6762795911@intel.com> Precedence: bulk X-Mailing-List: linux-coco@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit X-B4-Tracking: v=1; b=H4sIAF+1I2cC/0XM3QrCIBQH8FcZ5zrDmcu2qyDoAbqNXYx51g6kh ooUw3dPJOjy/8Fvg4CeMMDQbOAxUSBnSxC7BuZ1sg9kpEsGwYXkPZcsBsN8NJ6pSXanrtdi6o9 Q7i+PC70rdYfb9QJjKVcK0flP5VNbp5+k/lJqGWetWGap5UFLVGeyEZ/72RkYc85fHUEqR6UAA AA= To: Dan Williams , Samuel Ortiz , James Bottomley , Lukas Wunner , Dionna Amalie Glaze , Qinkun Bao , Mikko Ylinen , Kuppuswamy Sathyanarayanan Cc: linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev X-Mailer: b4 0.13.0 NOTE: This patch series introduces the Measurement Register (MR) ABI, and is largely a continuation of Samuel Ortiz’s previous work on the RTMR ABI [1]. This patch series adds a unified interface to TSM core for confidential computing (CC) guest drivers to provide access to measurement registers (MRs), which are essential for relying parties (RPs) to verify the integrity of the computing environment. The interface is structured around `struct tsm_measurement`, which holds an array of `struct tsm_measurement_register` and includes operations for reading and updating MRs. The MRs come in two varieties: static and runtime. Static MRs are determined at the TEE VM (TVM) build time and capture the initial memory image or the configuration/policy specified by the TVM's owner. In contrast, Runtime MRs (RTMRs) start with known values, such as all zeros, at TVM build time and are extended with measurements of loaded code, data, configuration, or executed actions by the TVM guest during runtime. Each `struct tsm_measurement_register` features a `mr_flags` member that indicates the MR's properties. Static MRs are typically marked as read-only with only the `TSM_MR_F_R` flag set, while RTMRs are marked as extensible with the `TSM_MR_F_X` flag. Patch 2 adds a sample module to demonstrate how to define and implement MRs. MRs are made accessible to applications through a directory tree (rooted at /sys/kernel/tsm). An MR could be presented as either a file containing its value, or a directory containing elements like `digest` and `hash_algo`. By default, an MR will be presented as a directory unless `TSM_MR_F_F` is set in `mr_flags`. [1]: https://patchwork.kernel.org/project/linux-integrity/cover/20240128212532.2754325-1-sameo@rivosinc.com/ Signed-off-by: Cedric Xing --- Changes in v2: - Separated TSM MR code in a new file: `tsm-mr.c`. - Removed RTMR event logging due to the lack of agreement on the log format. - Default presentation of each MR as a directory, with the option to request an MR as a file using `TSM_MR_F_F`. - Reduced verbosity: Renamed `struct tsm_measurement_provider` to `struct tsm_measurement`, and `tsm_(un)register_measurement_provider` to `tsm_(un)register_measurement`. - Added `MODULE_DESCRIPTION` for measurement-sample. - Fixed several compiler warnings on 32-bit builds. - Link to v1: https://lore.kernel.org/r/20240907-tsm-rtmr-v1-0-12fc4d43d4e7@intel.com --- Cedric Xing (2): tsm: Add TVM Measurement Register Support tsm: Add TVM Measurement Sample Code drivers/virt/coco/Kconfig | 3 +- drivers/virt/coco/Makefile | 2 + drivers/virt/coco/{tsm.c => tsm-core.c} | 26 ++- drivers/virt/coco/tsm-mr.c | 374 ++++++++++++++++++++++++++++++++ include/linux/tsm.h | 63 ++++++ samples/Kconfig | 4 + samples/Makefile | 1 + samples/tsm/Makefile | 2 + samples/tsm/measurement-example.c | 117 ++++++++++ 9 files changed, 581 insertions(+), 11 deletions(-) --- base-commit: 81983758430957d9a5cb3333fe324fd70cf63e7e change-id: 20240904-tsm-rtmr-7a45859d2a96 Best regards, -- Cedric Xing