From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D2B3A1426B for ; Mon, 31 Jul 2023 10:09:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 980B5C433A9; Mon, 31 Jul 2023 10:09:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690798162; bh=ZlHoVLczUUX2/4R2QTveMknDNAnFLWJAugFEj5kWwcQ=; h=Date:Cc:Subject:From:To:References:In-Reply-To:From; b=Ewi1LL6+Z+N4keF+Gb+OqvXLGtxRn1gpGNJcRUFmnYYv11rIP/RwWw9gt8ThOcJHV GA4728xkyCUS03PUtz902LQm9aFreU/SlbATyT9KLzoQz8iOJIPZQlS9tOa7o0AgZC QdRR6L+swDi6cqhBFHIYeuWnwlXRx1erhk29sKm+3x4oabNkVBVFl4Baf1JjQmbDs9 hGX/rN2fni/bQGfrON07CHtMN6FgcCo+J24ySwWRvXsz+NpowDSV2tTzJt2LFqehsg uA741eRjUaCbT+0cIb0b1hYDeocIaJDmieBe57j/Lik6+KgM4XKDlZiwUS0wjvhSN4 52pZpaQrnR16g== Precedence: bulk X-Mailing-List: linux-coco@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Mon, 31 Jul 2023 10:09:17 +0000 Message-Id: Cc: "Brijesh Singh" , "Kuppuswamy Sathyanarayanan" , "Peter Zijlstra" , "Tom Lendacky" , "Dionna Amalie Glaze" , "Borislav Petkov" , "Samuel Ortiz" , "Greg Kroah-Hartman" , "Andrew Morton" , , , , Subject: Re: [PATCH 0/4] keys: Introduce a keys frontend for attestation reports From: "Jarkko Sakkinen" To: "Dan Williams" , X-Mailer: aerc 0.14.0 References: <169057265210.180586.7950140104251236598.stgit@dwillia2-xfh.jf.intel.com> <64c41aa5ba9ac_a88b29494@dwillia2-xfh.jf.intel.com.notmuch> In-Reply-To: <64c41aa5ba9ac_a88b29494@dwillia2-xfh.jf.intel.com.notmuch> On Fri Jul 28, 2023 at 7:44 PM UTC, Dan Williams wrote: > Jarkko Sakkinen wrote: > > On Fri Jul 28, 2023 at 7:30 PM UTC, Dan Williams wrote: > > > The bulk of the justification for this patch kit is in "[PATCH 1/4] > >=20 > > /patch kit/patch set/ > >=20 > > > keys: Introduce tsm keys". The short summary is that the current > > > approach of adding new char devs and new ioctls, for what amounts to = the > > > same functionality with minor formatting differences across vendors, = is > > > untenable. Common concepts and the community benefit from common > > > infrastructure. > > > > > > Use Keys to build common infrastructure for confidential computing > >=20 > > /Keys/Linux keyring/ > >=20 > > > attestation report blobs, convert sevguest to use it (leaving the > > > deprecation question alone for now), and pave the way for tdx-guest a= nd > > > the eventual risc-v equivalent to use it in lieu of new ioctls. > > > > > > The sevguest conversion is only compile-tested. > > > > > > This submission is To:David since he needs to sign-off on the idea of= a > > > new Keys type, the rest is up to the confidential-computing driver > > > maintainers to adopt. > > > > > > Changes from / credit for internal review: > > > - highlight copy_{to,from}_sockptr() as a common way to mix > > > copy_user() and memcpy() paths (Andy) > > > - add MODULE_DESCRIPTION() (Andy) > > > - clarify how the user-defined portion blob might be used (Elena) > > > - clarify the key instantiation options (Sathya) > > > - drop usage of a list for registering providers (Sathya) > > > - drop list.h include from tsm.h (Andy) > > > - add a comment for how TSM_DATA_MAX was derived (Andy) > > > - stop open coding kmemdup_nul() (Andy) > > > - add types.h to tsm.h (Andy) > > > - fix punctuation in comment (Andy) > > > - reorder security/keys/Makefile (Andy) > > > - add some missing includes to tsm.c (Andy) > > > - undo an 81 column clang-format line break (Andy) > > > - manually reflow tsm_token indentation (Andy) > > > - move allocations after input validation in tsm_instantiate() (Andy) > > > - switch to bin2hex() in tsm_read() (Andy) > > > - move init/exit declarations next to their functions (Andy) > > > > > > > > > --- > > > > > > Dan Williams (4): > > > keys: Introduce tsm keys > > > virt: sevguest: Prep for kernel internal {get,get_ext}_report() > > > mm/slab: Add __free() support for kvfree > > > virt: sevguest: Add TSM key support for SNP_{GET,GET_EXT}_REPOR= T > > > > > > > > > drivers/virt/coco/sev-guest/Kconfig | 2=20 > > > drivers/virt/coco/sev-guest/sev-guest.c | 135 ++++++++++++++- > > > include/keys/tsm.h | 71 ++++++++ > > > include/linux/slab.h | 2=20 > > > security/keys/Kconfig | 12 + > > > security/keys/Makefile | 1=20 > > > security/keys/tsm.c | 282 +++++++++++++++++++++= ++++++++++ > > > 7 files changed, 494 insertions(+), 11 deletions(-) > > > create mode 100644 include/keys/tsm.h > > > create mode 100644 security/keys/tsm.c > > > > > > base-commit: 06c2afb862f9da8dc5efa4b6076a0e48c3fbaaa5 > >=20 > > So how does this scale? Does it scale to TDX, SGX, TPM's or even TEE's > > (ARM SM, RISC-V Keystone etc.). I'm not sure about the scope but we wan= t > > of course something that adapts to multiple use cases, right? > > TPMs and TEEs are covered by trusted-keys. I do think a "TSM" flavor of > trusted-keys is in scope for where some of these implementations are > headed, but that comes later. I talk about that in the changelog that > functionality like SNP_GET_DERIVED_KEY likely wants to have a > trusted-keys frontend and not isolated behind a vendor-specific ioctl > interface. TEE's and TPM's are not the exact same thing. Are we sure that any future ARM SMC like TEE interface what you say will hold? Why do we need a new key type, when we have already trusted keys? This whole territory should be better defined so that everything will fit together. > This facility is different, it is just aiming to unify this attestation > report flow. It scales to any driver that can provide the ->auth_new() > operation. I have the sev-guest conversion in this set, and Sathya has > tested this with tdx-guest. I am hoping Samuel can evaluate it for > cove-guest or whatever that driver ends up being called. What about SGX without TDX? BR, Jarkko