From: <dan.j.williams@intel.com>
To: Alexey Kardashevskiy <aik@amd.com>,
Dan Williams <dan.j.williams@intel.com>,
<linux-pci@vger.kernel.org>, <linux-coco@lists.linux.dev>
Cc: <gregkh@linuxfoundation.org>, <bhelgaas@google.com>,
<lukas@wunner.de>, Samuel Ortiz <sameo@rivosinc.com>,
Xu Yilun <yilun.xu@linux.intel.com>
Subject: Re: [PATCH resend v6 04/10] PCI/TSM: Authenticate devices via platform TSM
Date: Fri, 19 Sep 2025 13:15:46 -0700 [thread overview]
Message-ID: <68cdb9f271b46_2dc01001e@dwillia2-mobl4.notmuch> (raw)
In-Reply-To: <22cbe028-c1ad-456f-a046-12b4559394b4@amd.com>
Alexey Kardashevskiy wrote:
>
>
> On 12/9/25 09:56, Dan Williams wrote:
> > The PCIe 7.0 specification, section 11, defines the Trusted Execution
> > Environment (TEE) Device Interface Security Protocol (TDISP). This
> > protocol definition builds upon Component Measurement and Authentication
> > (CMA), and link Integrity and Data Encryption (IDE). It adds support for
> > assigning devices (PCI physical or virtual function) to a confidential VM
> > such that the assigned device is enabled to access guest private memory
> > protected by technologies like Intel TDX, AMD SEV-SNP, RISCV COVE, or ARM
> > CCA.
> >
> > The "TSM" (TEE Security Manager) is a concept in the TDISP specification
> > of an agent that mediates between a "DSM" (Device Security Manager) and
> > system software in both a VMM and a confidential VM. A VMM uses TSM ABIs
> > to setup link security and assign devices. A confidential VM uses TSM
> > ABIs to transition an assigned device into the TDISP "RUN" state and
> > validate its configuration. From a Linux perspective the TSM abstracts
> > many of the details of TDISP, IDE, and CMA. Some of those details leak
> > through at times, but for the most part TDISP is an internal
> > implementation detail of the TSM.
> >
> > CONFIG_PCI_TSM adds an "authenticated" attribute and "tsm/" subdirectory
> > to pci-sysfs. Consider that the TSM driver may itself be a PCI driver.
> > Userspace can watch for the arrival of a "TSM" device,
> > /sys/class/tsm/tsm0/uevent KOBJ_CHANGE, to know when the PCI core has
> > initialized TSM services.
> >
> > The operations that can be executed against a PCI device are split into
> > two mutually exclusive operation sets, "Link" and "Security" (struct
> > pci_tsm_{link,security}_ops). The "Link" operations manage physical link
> > security properties and communication with the device's Device Security
> > Manager firmware. These are the host side operations in TDISP. The
> > "Security" operations coordinate the security state of the assigned
> > virtual device (TDI). These are the guest side operations in TDISP. Only
> > link management operations are defined at this stage and placeholders
> > provided for the security operations.
> >
> > The locking allows for multiple devices to be executing commands
> > simultaneously, one outstanding command per-device and an rwsem
> > synchronizes the implementation relative to TSM
> > registration/unregistration events.
> >
> > Thanks to Wu Hao for his work on an early draft of this support.
> >
> > Cc: Lukas Wunner <lukas@wunner.de>
> > Cc: Samuel Ortiz <sameo@rivosinc.com>
> > Cc: Alexey Kardashevskiy <aik@amd.com>
> > Acked-by: Bjorn Helgaas <bhelgaas@google.com>
> > Co-developed-by: Xu Yilun <yilun.xu@linux.intel.com>
> > Signed-off-by: Xu Yilun <yilun.xu@linux.intel.com>
> > Signed-off-by: Dan Williams <dan.j.williams@intel.com>
> > ---
> > Documentation/ABI/testing/sysfs-bus-pci | 51 ++
> > Documentation/driver-api/pci/index.rst | 1 +
> > Documentation/driver-api/pci/tsm.rst | 12 +
> > MAINTAINERS | 4 +-
> > drivers/pci/Kconfig | 15 +
> > drivers/pci/Makefile | 1 +
> > drivers/pci/doe.c | 2 -
> > drivers/pci/pci-sysfs.c | 4 +
> > drivers/pci/pci.h | 10 +
> > drivers/pci/probe.c | 3 +
> > drivers/pci/remove.c | 6 +
> > drivers/pci/tsm.c | 627 ++++++++++++++++++++++++
> > drivers/virt/coco/tsm-core.c | 40 +-
> > include/linux/pci-doe.h | 4 +
> > include/linux/pci-tsm.h | 159 ++++++
> > include/linux/pci.h | 3 +
> > include/linux/tsm.h | 11 +-
> > include/uapi/linux/pci_regs.h | 1 +
>
>
> A suggestion: "git format-patch -O ~/orderfile ..." produces
> nicer-to-review order of files especially where there are new
> interfaces being added.
Not the first time I have heard this recommendation, finally
implementing in my flow.
> ===
> *.txt
> configure
> Kconfig*
> *Makefile*
> *.json
> *.h
> *.c
> ===
Went with this ordering instead:
Kconfig
*/Kconfig
*/Kconfig.*
Makefile
*/Makefile
*/Makefile.*
scripts/*
Documentation/*
*.h
*.S
*.c
tools/testing/*
...stolen from Kees:
https://github.com/kees/kernel-tools/commit/909db155
[ .. scrolls past pages of uncommented context .. ]
> It is still a rather global thing. May I suggest this?
I am not too keen on this.
Yes, it is global, but less often used compared to @ops, and I do not
want both @ops and @tsm_dev in @pci_tsm. So the options are lookup @ops
from @tsm_dev or lookup @tsm_dev from @ops. Given @ops is used more
often that is how I came up with the current arrangement.
next prev parent reply other threads:[~2025-09-19 20:15 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-11 23:56 [PATCH resend v6 00/10] PCI/TSM: Core infrastructure for PCI device security (TDISP) Dan Williams
2025-09-11 23:56 ` [PATCH resend v6 01/10] coco/tsm: Introduce a core device for TEE Security Managers Dan Williams
2025-09-11 23:56 ` [PATCH resend v6 02/10] PCI/IDE: Enumerate Selective Stream IDE capabilities Dan Williams
2025-09-15 16:32 ` Jonathan Cameron
2025-09-11 23:56 ` [PATCH resend v6 03/10] PCI: Introduce pci_walk_bus_reverse(), for_each_pci_dev_reverse() Dan Williams
2025-09-11 23:56 ` [PATCH resend v6 04/10] PCI/TSM: Authenticate devices via platform TSM Dan Williams
2025-09-15 11:27 ` Alexey Kardashevskiy
2025-09-19 20:15 ` dan.j.williams [this message]
2025-09-22 12:26 ` Alexey Kardashevskiy
2025-09-25 23:00 ` dan.j.williams
2025-09-26 1:14 ` Alexey Kardashevskiy
2025-09-15 11:37 ` Alexey Kardashevskiy
2025-09-19 20:29 ` dan.j.williams
2025-09-11 23:56 ` [PATCH resend v6 05/10] samples/devsec: Introduce a PCI device-security bus + endpoint sample Dan Williams
2025-09-11 23:56 ` [PATCH resend v6 06/10] PCI: Add PCIe Device 3 Extended Capability enumeration Dan Williams
2025-09-11 23:56 ` [PATCH resend v6 07/10] PCI/IDE: Add IDE establishment helpers Dan Williams
2025-09-16 0:14 ` Alexey Kardashevskiy
2025-09-25 19:54 ` dan.j.williams
2025-09-11 23:56 ` [PATCH resend v6 08/10] PCI/IDE: Report available IDE streams Dan Williams
2025-09-11 23:56 ` [PATCH resend v6 09/10] PCI/TSM: Report active " Dan Williams
2025-09-11 23:56 ` [PATCH resend v6 10/10] samples/devsec: Add sample IDE establishment Dan Williams
2025-09-16 12:18 ` [PATCH resend v6 00/10] PCI/TSM: Core infrastructure for PCI device security (TDISP) Aneesh Kumar K.V
2025-09-19 4:17 ` Alexey Kardashevskiy
2025-09-19 12:17 ` Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=68cdb9f271b46_2dc01001e@dwillia2-mobl4.notmuch \
--to=dan.j.williams@intel.com \
--cc=aik@amd.com \
--cc=bhelgaas@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-pci@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=sameo@rivosinc.com \
--cc=yilun.xu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).