Re: SVSM Attestation and vTPM specification additions - v0.60

[Tom Lendacky <thomas.lendacky@amd.com>]

On 1/24/23 03:35, Jörg Rödel wrote:
> Hi,
> 
> On Tue, Jan 10, 2023 at 12:54:27PM -0600, Tom Lendacky wrote:
>> Attached is an updated draft version of the SVSM specification with added
>> support for an attestation protocol and a vTPM protocol as well as other
>> miscellaneous changes (all identified by change bar). Please take a look and
>> reply with any feedback you may have.
> 
> Thanks for putting this together, Tom! I think the review comments
> which have been posted cover a good amount of improvements, but I'd like
> to propose another addition:
> 
> It would be great if we have an equivalent to EBUSY in the return codes
> to the guest. Something like SVSM_ERR_BUSY or SVSM_ERR_AGAIN, which
> tells the guest that some resources needed to fulfill the request are
> currently in-use and that the guest should try again later.
> 
> The reasoning here is that in a setup with multiple VCPUs one CPU does a
> call to the SVSM which can take some time to complete (e.g. asking vTPM
> to generate an RSA key) and then another VCPU comes along with a second
> request to the vTPM. In that case the SVSM would have to busy-wait until
> the other request is finished. I think it would be better to return to
> the guest in this situation and try again later.
> 
> Thoughts?

That certainly reasonable to add. I'll add SVSM_ERR_BUSY to the spec along 
with a statement that says the implementation of any protocol function can 
return this result code and, similar to another comment, that the function 
must be able to describe the progress made or be idempotent.

Does anyone have any concerns over this?

Thanks,
Tom

> 
> Regards,
>