From: Dan Williams <dan.j.williams@intel.com>
To: Zhi Wang <zhiw@nvidia.com>, Dan Williams <dan.j.williams@intel.com>
Cc: <linux-coco@lists.linux.dev>, Wu Hao <hao.wu@intel.com>,
Yilun Xu <yilun.xu@intel.com>, Lukas Wunner <lukas@wunner.de>,
Samuel Ortiz <sameo@rivosinc.com>,
Alexey Kardashevskiy <aik@amd.com>,
Bjorn Helgaas <bhelgaas@google.com>, <linux-pci@vger.kernel.org>,
<gregkh@linuxfoundation.org>, <zhiwang@kernel.org>,
<gdhanuskodi@nvidia.com>, <cjia@nvidia.com>, <acurrid@nvidia.com>
Subject: Re: [RFC PATCH 5/5] PCI/TSM: Authenticate devices via platform TSM
Date: Mon, 26 Feb 2024 22:34:54 -0800 [thread overview]
Message-ID: <65dd828e928d5_1138c7294b2@dwillia2-xfh.jf.intel.com.notmuch> (raw)
In-Reply-To: <20240226133708.00005e8e.zhiw@nvidia.com>
Zhi Wang wrote:
[..]
> Hey Dan,
>
> 1) What is the expectation of using the device connect and disconnect
> in the guest-driven secure I/O enlightenment?
"Connect" is state of the link that can be automatically maintained over
events like reset and error recovery. The guest is responsible for Bind
/ Unbind.
Now, the host can optionally "Connect" in response to a "Bind" event,
but it is not clear that such a mechanism is needed. It likely is going
to depend on how error handling is implemented, and whether an event
that causes disconnect can be recovered. We may get there, but likely
not in the initial phases of the implementation.
> In the last device security meeting, you said the sysfs interface was
> mostly for higher level software stacks, like virt-manager. I was
> wondering what would be the picture looks like when coping these
> statement with the guest-driven model. Are we expecting the device
> connect triggered by QEMU when extracting the guest request from the
> secure channel in this case?
I think it is simplest for now if "Connect" is a pre-requisite for
guest-triggered "Bind".
> 2) How does the device-specific logic fit into the new TSM
> services? E.g. when the TDISP connect is triggered by userspace, a
> device needs to perform quirks before/after/inside the verbs, or a
> device needs an interface to tell TSM service when it is able to
> response to some verbs. Do you think we needs to have a set of
> callbacks from the device side for the PCI TSM service to call?
True "quirks" would be driven by bug reports. Outside of that likely the
attestation information needs to have multiple validation entry points
for userspace, PCI core, and endpoint drivers to each have a chance to
deploy some attestation policy. Some of these questions will need have
common answers developed between the native CMA implementation and the
TSM implementation since CMA needs to solve some of ABI issues of making
measurements available to attestation agents.
At Plumbers I had been thinking "golden measurements" injected into the
kernel ahead of interface validation gives the kernel the most autonomy,
but questions about measurement nonce and other concerns tempered my
thinking there. Plenty to still talk about and navigate.
next prev parent reply other threads:[~2024-02-27 6:35 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-30 9:23 [RFC PATCH 0/5] Towards a shared TSM sysfs-ABI for Confidential Computing Dan Williams
2024-01-30 9:23 ` [RFC PATCH 1/5] PCI/CMA: Prepare to interoperate with TSM authentication Dan Williams
2024-02-08 22:09 ` Bjorn Helgaas
2024-01-30 9:23 ` [RFC PATCH 2/5] coco/tsm: Establish a new coco/tsm subdirectory Dan Williams
2024-02-09 2:24 ` Kuppuswamy Sathyanarayanan
2024-02-27 1:39 ` Dan Williams
2024-01-30 9:24 ` [RFC PATCH 3/5] coco/tsm: Introduce a shared class device for TSMs Dan Williams
2024-02-16 11:29 ` Alexey Kardashevskiy
2024-02-27 1:47 ` Dan Williams
2024-03-07 16:41 ` Jonathan Cameron
2024-03-07 19:33 ` Dan Williams
2024-01-30 9:24 ` [RFC PATCH 4/5] sysfs: Introduce a mechanism to hide static attribute_groups Dan Williams
2024-01-30 16:44 ` Greg KH
2024-01-30 16:48 ` Dan Williams
2024-01-30 17:31 ` Greg KH
2024-02-19 8:57 ` Greg KH
2024-02-22 13:22 ` Greg KH
2024-01-30 9:24 ` [RFC PATCH 5/5] PCI/TSM: Authenticate devices via platform TSM Dan Williams
2024-02-08 22:13 ` Bjorn Helgaas
2024-02-09 5:51 ` Dan Williams
2024-02-16 11:29 ` Alexey Kardashevskiy
2024-02-27 5:52 ` Dan Williams
2024-02-16 21:38 ` Alexey Kardashevskiy
2024-02-27 5:59 ` Dan Williams
2024-02-26 11:37 ` Zhi Wang
2024-02-27 6:34 ` Dan Williams [this message]
2024-02-27 19:53 ` Zhi Wang
2024-03-01 0:32 ` Dan Williams
2024-03-07 17:18 ` Jonathan Cameron
2024-03-07 19:51 ` Dan Williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=65dd828e928d5_1138c7294b2@dwillia2-xfh.jf.intel.com.notmuch \
--to=dan.j.williams@intel.com \
--cc=acurrid@nvidia.com \
--cc=aik@amd.com \
--cc=bhelgaas@google.com \
--cc=cjia@nvidia.com \
--cc=gdhanuskodi@nvidia.com \
--cc=gregkh@linuxfoundation.org \
--cc=hao.wu@intel.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-pci@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=sameo@rivosinc.com \
--cc=yilun.xu@intel.com \
--cc=zhiw@nvidia.com \
--cc=zhiwang@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).