From: Peter Gonda <pgonda@google.com>
To: Dan Williams <dan.j.williams@intel.com>
Cc: "Huang, Kai" <kai.huang@intel.com>,
"dionnaglaze@google.com" <dionnaglaze@google.com>,
"sameo@rivosinc.com" <sameo@rivosinc.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"jarkko@kernel.org" <jarkko@kernel.org>,
"bp@alien8.de" <bp@alien8.de>,
"dhowells@redhat.com" <dhowells@redhat.com>,
"peterz@infradead.org" <peterz@infradead.org>,
"gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
"sathyanarayanan.kuppuswamy@linux.intel.com"
<sathyanarayanan.kuppuswamy@linux.intel.com>,
"thomas.lendacky@amd.com" <thomas.lendacky@amd.com>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
"brijesh.singh@amd.com" <brijesh.singh@amd.com>,
"James.Bottomley@hansenpartnership.com"
<James.Bottomley@hansenpartnership.com>,
"x86@kernel.org" <x86@kernel.org>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>
Subject: Re: [PATCH 0/4] keys: Introduce a keys frontend for attestation reports
Date: Wed, 9 Aug 2023 10:14:56 -0600 [thread overview]
Message-ID: <CAMkAt6oTnjcpLch7DQmWyM+JOobhRMVNSQFrBxKV4Z4eB51oXA@mail.gmail.com> (raw)
In-Reply-To: <64d307b94bd9_2138e29488@dwillia2-xfh.jf.intel.com.notmuch>
On Tue, Aug 8, 2023 at 9:28 PM Dan Williams <dan.j.williams@intel.com> wrote:
>
> Huang, Kai wrote:
> > On Tue, 2023-08-08 at 11:17 -0700, Dan Williams wrote:
> > > Dionna Amalie Glaze wrote:
> > > > >
> > > > > I do not see sysfs precluding a use case like that. If the kernel can
> > > > > call out to userspace for TLS connection setup [1], then advanced user
> > > > > can call out to a daemon for workload provenance setup. Recall that TDX
> > > > > will round trip through the quoting enclave for these reports and,
> > > > > without measuring, that seems to have the potential to dominate the
> > > > > setup time vs the communication to ask a daemon to convey a report.
> > > > >
> > > >
> > > > It's rather hard to get new daemons approved for container
> > > > distributions since they end up as resource hogs.
> > > > I really don't think it's appropriate to delegate to a daemon to
> > > > single-thread use of a kernel interface when the interface could
> > > > provide functional semantics to begin with.
> > >
> > > That's fair, it's also not without precedence for the kernel to await a
> > > strong motivation of a use case before taking on a higher maintenance
> > > burden. Unifying kernel interfaces is important for maintainability and
> > > difficult / needs care. sysfs simplifies maintainability (but exports
> > > complexity to userspace), keyring simplifies that (but there is a valid
> > > argument that this is not a key), ioctl complicates that (it is not as
> > > amenable to transport unification as the above options).
> > >
> >
> > I don't quite follow why ioctl() is not amenable to transport unification as the
> > /sysfs? IIUC both are new ABI(s) to the userspace thus userspace needs to adopt
> > anyway.
>
> Recall that the concern here is kernel maintainability, the kernel can
> decide to export complexity to userspace. In that light, ioctl() code is
> grotty sysfs is not. sysfs attributes (tsm blob options) are easy to
> reason about and audit, ioctl() is not. sysfs is easy to extend with
> local attributes to augment the core, ioctl() forces all the optionality
> to be planned up front.
>
> Basically, if you hand me a choice between maintaining a cross vendor
> ioctl() ABI vs a sysfs ABI, I am picking sysfs every time.
Thanks for the explanation. My pushback isn't because I really want an
IOCTL, rather I want the user to have the ability to get the exact
attestation report they want. This interface shown here was too
restrictive. If this can be accomplished with another ABI that sounds
fine to me.
next prev parent reply other threads:[~2023-08-09 16:15 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-28 19:30 [PATCH 0/4] keys: Introduce a keys frontend for attestation reports Dan Williams
2023-07-28 19:30 ` [PATCH 1/4] keys: Introduce tsm keys Dan Williams
2023-07-28 19:40 ` Jarkko Sakkinen
2023-07-31 16:33 ` Peter Gonda
2023-07-31 17:48 ` Dan Williams
2023-07-31 18:14 ` Peter Gonda
2023-07-31 18:41 ` Dan Williams
2023-07-31 19:09 ` Dionna Amalie Glaze
2023-07-31 20:10 ` Dan Williams
2023-08-04 16:34 ` Peter Gonda
2023-08-04 22:24 ` Dan Williams
2023-08-05 5:11 ` Dan Williams
2023-08-01 18:01 ` Jarkko Sakkinen
2023-08-04 2:40 ` Dan Williams
2023-08-04 16:37 ` Dionna Amalie Glaze
2023-08-04 16:46 ` James Bottomley
2023-08-04 17:07 ` Dionna Amalie Glaze
2023-08-04 17:12 ` James Bottomley
2023-07-28 19:31 ` [PATCH 2/4] virt: sevguest: Prep for kernel internal {get, get_ext}_report() Dan Williams
2023-07-28 19:31 ` [PATCH 3/4] mm/slab: Add __free() support for kvfree Dan Williams
2023-07-28 19:31 ` [PATCH 4/4] virt: sevguest: Add TSM key support for SNP_{GET, GET_EXT}_REPORT Dan Williams
2023-07-31 16:45 ` Peter Gonda
2023-07-31 18:05 ` Dan Williams
2023-07-31 18:28 ` Peter Gonda
2023-07-28 19:34 ` [PATCH 0/4] keys: Introduce a keys frontend for attestation reports Jarkko Sakkinen
2023-07-28 19:44 ` Dan Williams
2023-07-31 10:09 ` Jarkko Sakkinen
2023-07-31 17:33 ` Dan Williams
2023-07-31 22:41 ` Huang, Kai
2023-08-01 18:48 ` Jarkko Sakkinen
2023-07-29 18:17 ` James Bottomley
2023-07-30 4:56 ` Dan Williams
2023-07-30 12:59 ` James Bottomley
2023-07-31 17:24 ` Dan Williams
2023-08-01 11:45 ` Huang, Kai
2023-08-01 12:03 ` James Bottomley
2023-08-01 12:30 ` James Bottomley
2023-08-02 0:10 ` Huang, Kai
2023-08-02 12:41 ` James Bottomley
2023-08-02 23:13 ` Huang, Kai
2023-08-04 3:53 ` Dan Williams
2023-08-04 2:22 ` Dan Williams
2023-08-04 16:19 ` Daniel P. Berrangé
2023-08-04 21:49 ` Huang, Kai
2023-08-05 11:05 ` James Bottomley
2023-08-05 2:37 ` Dan Williams
2023-08-05 13:30 ` James Bottomley
2023-08-07 23:33 ` Dan Williams
2023-08-08 14:19 ` James Bottomley
2023-08-08 14:53 ` Peter Gonda
2023-08-08 14:54 ` Sathyanarayanan Kuppuswamy
2023-08-08 15:48 ` Dan Williams
2023-08-08 16:07 ` Dionna Amalie Glaze
2023-08-08 16:43 ` Dan Williams
2023-08-08 17:21 ` Dionna Amalie Glaze
2023-08-08 18:17 ` Dan Williams
2023-08-08 23:32 ` Huang, Kai
2023-08-09 3:27 ` Dan Williams
2023-08-09 16:14 ` Peter Gonda [this message]
2023-08-08 18:16 ` James Bottomley
2023-08-08 18:48 ` Dionna Amalie Glaze
2023-08-08 19:37 ` James Bottomley
2023-08-08 20:04 ` Dionna Amalie Glaze
2023-08-08 21:46 ` James Bottomley
2023-08-08 22:33 ` Dionna Amalie Glaze
2023-08-08 15:14 ` Dan Williams
2023-08-10 14:50 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMkAt6oTnjcpLch7DQmWyM+JOobhRMVNSQFrBxKV4Z4eB51oXA@mail.gmail.com \
--to=pgonda@google.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=akpm@linux-foundation.org \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=dan.j.williams@intel.com \
--cc=dhowells@redhat.com \
--cc=dionnaglaze@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=jarkko@kernel.org \
--cc=kai.huang@intel.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=sameo@rivosinc.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).