From: Dan Williams <dan.j.williams@intel.com>
To: Samuel Ortiz <sameo@rivosinc.com>, <biao.lu@intel.com>
Cc: <dan.j.williams@intel.com>, <linux-coco@lists.linux.dev>,
<linux-kernel@vger.kernel.org>
Subject: Re: [RFC PATCH v1 0/4] tsm: Runtime measurement registers ABI
Date: Sun, 21 Jan 2024 11:15:09 -0800 [thread overview]
Message-ID: <65ad6d3db040d_107423294de@dwillia2-xfh.jf.intel.com.notmuch> (raw)
In-Reply-To: <Za1eXWiKPQp//1CO@vermeer>
Samuel Ortiz wrote:
> On Thu, Jan 18, 2024 at 11:35:15AM +0800, biao.lu@intel.com wrote:
> > Samuel Ortiz wrote:
> > > Some confidential computing architectures (Intel TDX, ARM CCA, RISC-V
> > > CoVE) provide their guests with a set of measurements registers that can
> > > be extended at runtime, i.e. after the initial, host-initiated
> > > measurements of the TVM are finalized. Those runtime measurement
> > > registers (RTMR) are isolated from the host accessible ones but TSMs
> > > include them in their signed attestation reports.
> > >
> > > All architectures supporting RTMRs expose a similar interface to their
> > > TVMs: An extension command/call that takes a measurement value and an
> > > RTMR index to extend it with, and a readback command for reading an RTMR
> > > value back (taking an RTMR index as an argument as well). This patch series
> > > builds an architecture agnostic, configfs-based ABI for userspace to extend
> > > and read RTMR values back. It extends the current TSM ops structure and
> > > each confidential computing architecture can implement this extension to
> > > provide RTMR support.
> >
> > Hi, Samuel
> > The ABI does not include eventlog, but eventlog is usually used with RTMR.
> > What do you think about how to implement eventlog?
>
> Since the event log is typically maintained in the firmware and not in
> the TSM itself, I don't think we should expose e.g. an event log
> extension ABI through the config-tsm one.
> We could decide to check for an EFI CC protocol availability and extend
> the event log when any RTMR gets extended, and that would be an
> internal, not userspace visible operation. I'm not sure that this
> would scale well with e.g. IMA (a lot more events than pre-OS boot
> afaik).
Another observation after chatting with my colleague Cedric is that the
TPM layer that builds on RTMR can maintain an event log that forks from
the RTMR log. I.e. instead of the TPM event log containig pre-OS events
starting from 0, it would start from a golden point in the RTMR
measurements.
next prev parent reply other threads:[~2024-01-21 19:15 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-14 22:35 [RFC PATCH v1 0/4] tsm: Runtime measurement registers ABI Samuel Ortiz
2024-01-14 22:35 ` [RFC PATCH v1 1/4] tsm: Runtime measurement register support Samuel Ortiz
2024-01-14 22:35 ` [RFC PATCH v1 2/4] tsm: Add RTMRs to the configfs-tsm hierarchy Samuel Ortiz
2024-01-14 22:35 ` [RFC PATCH v1 3/4] tsm: Allow for mapping RTMRs to TCG TPM PCRs Samuel Ortiz
2024-01-16 22:28 ` Kuppuswamy Sathyanarayanan
2024-01-17 1:24 ` Dan Williams
2024-01-17 3:35 ` Kuppuswamy Sathyanarayanan
2024-01-21 16:31 ` Samuel Ortiz
2024-01-22 2:13 ` Qinkun Bao
2024-01-22 2:23 ` Yao, Jiewen
2024-01-22 7:49 ` Samuel Ortiz
2024-01-22 20:10 ` Dan Williams
2024-01-22 21:58 ` Xing, Cedric
2024-01-22 22:32 ` Dan Williams
2024-01-23 18:48 ` Xing, Cedric
2024-01-23 19:14 ` Dan Williams
2024-01-23 20:59 ` Kuppuswamy Sathyanarayanan
2024-01-26 16:55 ` Dionna Amalie Glaze
2024-01-23 1:22 ` Yao, Jiewen
[not found] ` <90EDEF2B-DB43-413F-840E-3268977FDBD0@google.com>
2024-01-22 7:46 ` Samuel Ortiz
2024-01-22 15:04 ` Kuppuswamy Sathyanarayanan
2024-01-22 22:12 ` Kuppuswamy Sathyanarayanan
2024-01-14 22:35 ` [RFC PATCH v1 4/4] tsm: Allow for extending and reading configured RTMRs Samuel Ortiz
2024-01-16 20:44 ` [RFC PATCH v1 0/4] tsm: Runtime measurement registers ABI Dan Williams
2024-01-18 3:35 ` biao.lu
2024-01-18 17:42 ` Dionna Amalie Glaze
2024-01-18 19:20 ` Dan Williams
2024-01-21 18:11 ` Samuel Ortiz
2024-01-21 19:15 ` Dan Williams [this message]
2024-01-22 22:12 ` Xing, Cedric
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=65ad6d3db040d_107423294de@dwillia2-xfh.jf.intel.com.notmuch \
--to=dan.j.williams@intel.com \
--cc=biao.lu@intel.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=sameo@rivosinc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).