From: Greg KH <gregkh@linuxfoundation.org>
To: Dan Williams <dan.j.williams@intel.com>
Cc: linux-coco@lists.linux.dev,
"Isaku Yamahata" <isaku.yamahata@intel.com>,
"Tom Lendacky" <thomas.lendacky@amd.com>,
"Bjorn Helgaas" <bhelgaas@google.com>,
"Suzuki K Poulose" <suzuki.poulose@arm.com>,
"Xu Yilun" <yilun.xu@linux.intel.com>,
"Wu Hao" <hao.wu@intel.com>, "Samuel Ortiz" <sameo@rivosinc.com>,
"Lukas Wunner" <lukas@wunner.de>,
"Sami Mujawar" <sami.mujawar@arm.com>,
"Steven Price" <steven.price@arm.com>,
"Xiaoyao Li" <xiaoyao.li@intel.com>,
"Yilun Xu" <yilun.xu@intel.com>,
"Alexey Kardashevskiy" <aik@amd.com>,
"John Allen" <john.allen@amd.com>,
"Ilpo Järvinen" <ilpo.jarvinen@linux.intel.com>,
linux-pci@vger.kernel.org
Subject: Re: [PATCH 00/11] PCI/TSM: Core infrastructure for PCI device security (TDISP)
Date: Fri, 6 Dec 2024 07:05:14 +0100 [thread overview]
Message-ID: <2024120625-baggage-balancing-48c5@gregkh> (raw)
In-Reply-To: <173343739517.1074769.13134786548545925484.stgit@dwillia2-xfh.jf.intel.com>
On Thu, Dec 05, 2024 at 02:23:15PM -0800, Dan Williams wrote:
> Changes since the RFC [1]:
> - Wording changes and cleanups in "PCI/TSM: Authenticate devices via
> platform TSM" (Bjorn)
> - Document /sys/class/tsm/tsm0 (Bjorn)
> - Replace the single ->exec(@op_code) operation with named operations
> (Alexey, Yilun)
> - Locking fixup in drivers/pci/tsm.c (Yilun)
> - Drop pci_tsm_devs xarray (Alexey, Yilun)
> - Finish the host bridge stream id allocator implementation (Alexey)
> - Clarify pci_tsm_init() relative to IDE && !TEE devices (Alexey)
> - Add the IDE core helpers
> - Add devsec_tsm and devsec_bus sample driver and emulation
>
> [1]: http://lore.kernel.org/171291190324.3532867.13480405752065082171.stgit@dwillia2-xfh.jf.intel.com
>
> ---
>
> Trusted execution environment (TEE) Device Interface Security Protocol
> (TDISP) is a chapter name in the PCI specification. It describes an
> alphabet soup of mechanisms, SPDM, CMA, IDE, TSM/DSM, that system
> software uses to establish trust in a device and assign it to a
> confidential virtual machine (CVM). It is protocol for dynamically
> extending the trusted computing boundary (TCB) of a CVM with a PCI
> device interface that can issue DMA to CVM private memory.
>
> The acronym soup problem is enhanced by every major platform vendor
> having distinct TEE Security Manager (TSM) API implementations /
> capabilities, and to a lesser extent, every potential endpoint Device
> Security Manager (DSM) having its own idiosyncratic behaviors around
> TDISP state transitions.
Wow, you aren't kidding about the acronym soup problem, this is a mess.
And does any of this relate to the existing drivers/tee/ subsystem in
any way?
Anyhow, this patch series looks sane, nice work.
> Note that devsec_tsm is for near term staging of vendor TSM
> implementations. The expectation is that every piece of new core
> infrastructure that devsec_tsm consumes must also have a vendor TSM
> driver consumer within 1 to 2 kernel development cycles.
How are you going to enforce this? By removing infrastructure?
Normally we can't add infrastructure unless there's a real user, and
when you add a real user then you see all the things that need to be
chagned.
So are you ok with the apis and interfaces moving around over time here?
I think I only see sysfs files being exported so hopefully this
shouldn't be that big of a deal for userspace to deal with, but I don't
know what userspace is supposed to do with any of this, is there
external tools to talk to / set up, these devices?
thanks,
greg k-h
next prev parent reply other threads:[~2024-12-06 6:05 UTC|newest]
Thread overview: 125+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-05 22:23 [PATCH 00/11] PCI/TSM: Core infrastructure for PCI device security (TDISP) Dan Williams
2024-12-05 22:23 ` [PATCH 01/11] configfs-tsm: Namespace TSM report symbols Dan Williams
2024-12-10 6:08 ` Alexey Kardashevskiy
2024-12-11 13:55 ` Suzuki K Poulose
2024-12-05 22:23 ` [PATCH 02/11] coco/guest: Move shared guest CC infrastructure to drivers/virt/coco/guest/ Dan Williams
2024-12-10 6:09 ` Alexey Kardashevskiy
2024-12-05 22:23 ` [PATCH 03/11] coco/tsm: Introduce a class device for TEE Security Managers Dan Williams
2025-01-28 12:17 ` Jonathan Cameron
2025-02-25 21:08 ` Dan Williams
2024-12-05 22:23 ` [PATCH 04/11] PCI/IDE: Selective Stream IDE enumeration Dan Williams
2024-12-10 3:08 ` Aneesh Kumar K.V
2024-12-12 6:32 ` Xu Yilun
2025-02-22 0:42 ` Dan Williams
2025-02-20 3:17 ` Dan Williams
2024-12-10 6:18 ` Alexey Kardashevskiy
2025-02-20 3:59 ` Dan Williams
2024-12-10 7:05 ` Alexey Kardashevskiy
2024-12-12 6:06 ` Xu Yilun
2024-12-18 10:35 ` Alexey Kardashevskiy
2025-02-22 0:30 ` Dan Williams
2025-02-20 18:07 ` Dan Williams
2025-02-21 0:53 ` Alexey Kardashevskiy
2025-02-27 23:46 ` Dan Williams
2024-12-10 19:24 ` Bjorn Helgaas
2025-02-22 0:13 ` Dan Williams
2025-01-30 10:45 ` Jonathan Cameron
2025-02-26 0:21 ` Dan Williams
2024-12-05 22:23 ` [PATCH 05/11] PCI/TSM: Authenticate devices via platform TSM Dan Williams
2024-12-10 10:18 ` Alexey Kardashevskiy
2025-02-21 8:13 ` Aneesh Kumar K.V
2025-02-25 7:17 ` Xu Yilun
2025-02-26 12:10 ` Aneesh Kumar K.V
2025-02-26 12:13 ` [RFC PATCH 1/7] tsm: Select PCI_DOE which is required for PCI_TSM Aneesh Kumar K.V (Arm)
2025-02-26 12:13 ` [RFC PATCH 2/7] tsm: Move tsm core outside the host directory Aneesh Kumar K.V (Arm)
2025-02-26 12:13 ` [RFC PATCH 3/7] tsm: vfio: Add tsm bind/unbind support Aneesh Kumar K.V (Arm)
2025-02-26 12:13 ` [RFC PATCH 4/7] tsm: Allow tsm ops function to be called for multi-function devices Aneesh Kumar K.V (Arm)
2025-02-26 12:13 ` [RFC PATCH 5/7] tsm: Don't error out for doe mailbox failure Aneesh Kumar K.V (Arm)
2025-02-26 12:13 ` [RFC PATCH 6/7] tsm: Allow tsm connect ops to be used for multiple operations Aneesh Kumar K.V (Arm)
2025-02-26 12:13 ` [RFC PATCH 7/7] tsm: Add secure SPDM support Aneesh Kumar K.V (Arm)
2025-02-27 6:50 ` Xu Yilun
2025-02-27 6:35 ` [PATCH 05/11] PCI/TSM: Authenticate devices via platform TSM Xu Yilun
2025-02-27 13:57 ` Aneesh Kumar K.V
2025-02-28 1:26 ` Xu Yilun
2025-02-28 9:48 ` Aneesh Kumar K.V
2025-03-01 7:50 ` Xu Yilun
2025-03-07 3:07 ` Alexey Kardashevskiy
2025-02-27 19:53 ` Dan Williams
2025-02-28 10:06 ` Aneesh Kumar K.V
2025-02-21 20:42 ` Dan Williams
2025-02-25 4:45 ` Alexey Kardashevskiy
2025-02-28 3:09 ` Dan Williams
2024-12-10 18:52 ` Bjorn Helgaas
2025-02-21 22:32 ` Dan Williams
2024-12-12 9:50 ` Xu Yilun
2025-02-22 1:15 ` Dan Williams
2025-02-24 11:02 ` Xu Yilun
2025-02-28 0:15 ` Dan Williams
2025-02-28 9:39 ` Xu Yilun
2025-01-30 11:45 ` Jonathan Cameron
2025-02-26 0:50 ` Dan Williams
2024-12-05 22:23 ` [PATCH 06/11] samples/devsec: PCI device-security bus / endpoint sample Dan Williams
2024-12-06 4:23 ` kernel test robot
2024-12-09 3:40 ` kernel test robot
2025-01-30 13:21 ` Jonathan Cameron
2025-02-26 2:00 ` Dan Williams
2024-12-05 22:23 ` [PATCH 07/11] PCI: Add PCIe Device 3 Extended Capability enumeration Dan Williams
2024-12-09 13:17 ` Ilpo Järvinen
2025-02-20 3:05 ` Dan Williams
2025-02-20 3:09 ` Dan Williams
2024-12-10 19:21 ` Bjorn Helgaas
2024-12-11 13:22 ` Ilpo Järvinen
2025-02-22 0:15 ` Dan Williams
2025-02-24 15:09 ` Ilpo Järvinen
2025-02-28 0:29 ` Dan Williams
2025-02-21 23:34 ` Dan Williams
2025-02-25 2:25 ` Alexey Kardashevskiy
2024-12-05 22:24 ` [PATCH 08/11] PCI/IDE: Add IDE establishment helpers Dan Williams
2024-12-10 3:19 ` Aneesh Kumar K.V
2024-12-10 3:37 ` Aneesh Kumar K.V
2025-02-20 3:39 ` Dan Williams
2025-02-21 15:53 ` Aneesh Kumar K.V
2025-02-25 0:46 ` Dan Williams
2025-01-07 20:19 ` Xu Yilun
2025-01-10 13:25 ` Aneesh Kumar K.V
2025-02-24 22:31 ` Dan Williams
2025-02-25 2:29 ` Alexey Kardashevskiy
2025-02-20 3:28 ` Dan Williams
2024-12-10 7:07 ` Alexey Kardashevskiy
2025-02-20 21:44 ` Dan Williams
2024-12-10 18:47 ` Bjorn Helgaas
2025-02-21 22:02 ` Dan Williams
2024-12-12 10:50 ` Xu Yilun
2024-12-19 7:25 ` Alexey Kardashevskiy
2024-12-19 10:05 ` Alexey Kardashevskiy
2025-01-07 20:00 ` Xu Yilun
2025-01-09 2:35 ` Alexey Kardashevskiy
2025-01-09 21:28 ` Xu Yilun
2025-01-15 0:20 ` Alexey Kardashevskiy
2025-02-25 0:06 ` Dan Williams
2025-02-25 3:39 ` Alexey Kardashevskiy
2025-02-28 2:26 ` Dan Williams
2025-03-04 0:03 ` Alexey Kardashevskiy
2025-03-04 0:57 ` Dan Williams
2025-03-04 1:31 ` Alexey Kardashevskiy
2025-03-04 17:59 ` Dan Williams
2025-02-20 4:19 ` Alexey Kardashevskiy
2025-02-24 22:24 ` Dan Williams
2025-02-25 2:45 ` Xu Yilun
2025-02-24 20:28 ` Dan Williams
2025-02-26 1:54 ` Alexey Kardashevskiy
2025-02-24 20:24 ` Dan Williams
2025-02-25 5:01 ` Xu Yilun
2024-12-05 22:24 ` [PATCH 09/11] PCI/IDE: Report available IDE streams Dan Williams
2024-12-06 0:12 ` kernel test robot
2024-12-06 0:43 ` kernel test robot
2025-02-11 6:10 ` Alexey Kardashevskiy
2025-02-27 23:35 ` Dan Williams
2024-12-05 22:24 ` [PATCH 10/11] PCI/TSM: Report active " Dan Williams
2024-12-10 18:49 ` Bjorn Helgaas
2025-02-21 22:28 ` Dan Williams
2024-12-05 22:24 ` [PATCH 11/11] samples/devsec: Add sample IDE establishment Dan Williams
2025-01-30 13:39 ` Jonathan Cameron
2025-02-27 23:27 ` Dan Williams
2024-12-06 6:05 ` Greg KH [this message]
2024-12-06 8:44 ` [PATCH 00/11] PCI/TSM: Core infrastructure for PCI device security (TDISP) Dan Williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024120625-baggage-balancing-48c5@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=aik@amd.com \
--cc=bhelgaas@google.com \
--cc=dan.j.williams@intel.com \
--cc=hao.wu@intel.com \
--cc=ilpo.jarvinen@linux.intel.com \
--cc=isaku.yamahata@intel.com \
--cc=john.allen@amd.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-pci@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=sameo@rivosinc.com \
--cc=sami.mujawar@arm.com \
--cc=steven.price@arm.com \
--cc=suzuki.poulose@arm.com \
--cc=thomas.lendacky@amd.com \
--cc=xiaoyao.li@intel.com \
--cc=yilun.xu@intel.com \
--cc=yilun.xu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox