[PATCH v1 0/3] Increase CoCo attestation report buffer size

[PATCH v1 0/3] Increase CoCo attestation report buffer size

[Kuppuswamy Sathyanarayanan]

Hi All,

This patch series addresses buffer size limitations in the Confidential
Computing (CoCo) attestation stack. These changes are necessary to
support emerging security requirements such as DICE-based attestation
and Post-Quantum Cryptography (PQC).

DICE relies on layered evidence collected across multiple boot stages,
where each stage contributes to a cumulative certificate chain. This
process can increase the total report size to over 100KB. Furthermore,
with PQC support enabled, evidence size can reach several MB due to
larger cryptographic signatures and certificates.

Current Intel platforms use SGX-based attestation with Quote sizes
typically under 8KB. Newer Intel platforms will support DICE-based
attestation, requiring larger buffers.

This series extends the TSM framework to support reports up to 16MB,
providing sufficient headroom for these security standards. It also
increases the TDX Quote buffer size to 128KB to accommodate DICE-based
attestation.

Patch Details:

Patch 1/3 - Documents TSM binary blob size limits.      
Patch 2/3 - Increases the generic TSM maximum output blob size from
            32KB to 16MB.
Patch 3/3 - Increases the TDX-specific GET_QUOTE_BUF_SIZE from 8KB to
            128KB to support DICE-based attestation.

Kuppuswamy Sathyanarayanan (3):
  virt: tsm: Document size limits for outblob attributes
  virt: tsm: Increase TSM_REPORT_OUTBLOB_MAX to 16MB
  virt: tdx-guest: Increase Quote buffer size to 128KB

 Documentation/ABI/testing/configfs-tsm-report | 16 ++++++++++++++++
 drivers/virt/coco/tdx-guest/tdx-guest.c       |  4 +++-
 include/linux/tsm.h                           |  2 +-
 3 files changed, 20 insertions(+), 2 deletions(-)

-- 
2.43.0

[PATCH v1 1/3] virt: tsm: Document size limits for outblob attributes

[Kuppuswamy Sathyanarayanan]

The configfs-tsm-report interface can fail with -EFBIG when the
attestation report generated by a TSM provider exceeds internal
maximums (TSM_REPORT_OUTBLOB_MAX). However, this error condition and
its handling are not currently documented in the ABI.

Userspace tools need to understand how to interpret various error
conditions when reading attestation reports.

Document that reads fail with -EFBIG when reports exceed size limits,
with guidance on how to resolve them.

Reviewed-by: Fang Peter <peter.fang@intel.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
---
 Documentation/ABI/testing/configfs-tsm-report | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/Documentation/ABI/testing/configfs-tsm-report b/Documentation/ABI/testing/configfs-tsm-report
index 534408bc1408..ca3352cfd2f1 100644
--- a/Documentation/ABI/testing/configfs-tsm-report
+++ b/Documentation/ABI/testing/configfs-tsm-report
@@ -17,6 +17,12 @@ Description:
 		where the implementation is conveyed via the @provider
 		attribute.
 
+		This interface fails reads and sets errno to EFBIG when the
+		report generated by @provider exceeds the configfs-tsm-report
+		internal maximums. Contact the platform provider for the
+		compatible security module, driver, and attestation library
+		combination.
+
 What:		/sys/kernel/config/tsm/report/$name/auxblob
 Date:		October, 2023
 KernelVersion:	v6.7
@@ -31,6 +37,9 @@ Description:
 		Standardization v2.03 Section 4.1.8.1 MSG_REPORT_REQ.
 		https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf
 
+		See "EFBIG" comment in the @outblob description for potential
+		error conditions.
+
 What:		/sys/kernel/config/tsm/report/$name/manifestblob
 Date:		January, 2024
 KernelVersion:	v6.10
@@ -43,6 +52,9 @@ Description:
 		See 'service_provider' for information on the format of the
 		manifest blob.
 
+		See "EFBIG" comment in the @outblob description for potential
+		error conditions.
+
 What:		/sys/kernel/config/tsm/report/$name/provider
 Date:		September, 2023
 KernelVersion:	v6.7
-- 
2.43.0

[PATCH v1 2/3] virt: tsm: Increase TSM_REPORT_OUTBLOB_MAX to 16MB

[Kuppuswamy Sathyanarayanan]

Confidential Computing (CoCo) attestation is evolving toward
standardized models such as DICE (Device Identifier Composition Engine)
and Post-Quantum Cryptography (PQC), which rely on layered certificate
chains and larger cryptographic signatures.

A typical PQC certificate can range from 5KB to 15KB, and DICE-based
architectures accumulate these certificates across multiple boot
stages. In such configurations, the total attestation evidence can
reach several megabytes, exceeding the current 32KB limit.

Increase TSM_REPORT_OUTBLOB_MAX to 16MB to accommodate these larger
certificate chains. This provides sufficient headroom to handle
evolving requirements without requiring frequent updates to the limit.

TSM_REPORT_OUTBLOB_MAX is used by the configfs read interface to cap
the maximum allowed binary blob size for outblob, auxblob and
manifestblob attributes. Hence, the per-open-file worst case memory
allocation increases from 32KB to 16MB. Multiple concurrent readers
multiply this cost (e.g., N readers of an M-byte blob incur NxM bytes
of vmalloc-backed memory). However, allocations are performed on demand
and remain proportional to the actual blob length, not the configured
maximum.

Reviewed-by: Fang Peter <peter.fang@intel.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
---
 include/linux/tsm.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/linux/tsm.h b/include/linux/tsm.h
index a3b7ab668eff..7f72a154b6b2 100644
--- a/include/linux/tsm.h
+++ b/include/linux/tsm.h
@@ -8,7 +8,7 @@
 #include <linux/device.h>
 
 #define TSM_REPORT_INBLOB_MAX 64
-#define TSM_REPORT_OUTBLOB_MAX SZ_32K
+#define TSM_REPORT_OUTBLOB_MAX SZ_16M
 
 /*
  * Privilege level is a nested permission concept to allow confidential
-- 
2.43.0

[PATCH v1 3/3] virt: tdx-guest: Increase Quote buffer size to 128KB

[Kuppuswamy Sathyanarayanan]

Intel platforms are transitioning from traditional SGX-based
attestation toward DICE-based attestation as part of a broader move
toward open and standardized attestation models. DICE enables layered
and extensible attestation, where evidence is accumulated across
multiple boot stages.

With SGX-based attestation, Quote sizes are typically under 8KB, as the
payload consists primarily of Quote data and a small certificate bundle.
Existing TDX guest code sizes the Quote buffer accordingly.

DICE-based attestation produces significantly larger Quotes due to the
inclusion of evidence (certificate chains) from multiple boot layers.
The cumulative Quote size can reach approximately 100KB.

Increase GET_QUOTE_BUF_SIZE to 128KB to ensure sufficient buffer
capacity for DICE-based Quote payloads.

Reviewed-by: Fang Peter <peter.fang@intel.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
---
 Documentation/ABI/testing/configfs-tsm-report | 4 ++++
 drivers/virt/coco/tdx-guest/tdx-guest.c       | 4 +++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/Documentation/ABI/testing/configfs-tsm-report b/Documentation/ABI/testing/configfs-tsm-report
index ca3352cfd2f1..7a6a5045a7d5 100644
--- a/Documentation/ABI/testing/configfs-tsm-report
+++ b/Documentation/ABI/testing/configfs-tsm-report
@@ -73,6 +73,10 @@ Description:
 		Library Revision 0.8 Appendix 4,5
 		https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf
 
+		Intel TDX platforms with DICE-based attestation use CBOR Web Token
+		(CWT) format for the Quote payload. This is indicated by the Quote
+		size exceeding 8KB.
+
 What:		/sys/kernel/config/tsm/report/$name/generation
 Date:		September, 2023
 KernelVersion:	v6.7
diff --git a/drivers/virt/coco/tdx-guest/tdx-guest.c b/drivers/virt/coco/tdx-guest/tdx-guest.c
index 4e239ec960c9..4252b147593a 100644
--- a/drivers/virt/coco/tdx-guest/tdx-guest.c
+++ b/drivers/virt/coco/tdx-guest/tdx-guest.c
@@ -160,8 +160,10 @@ static void tdx_mr_deinit(const struct attribute_group *mr_grp)
 /*
  * Intel's SGX QE implementation generally uses Quote size less
  * than 8K (2K Quote data + ~5K of certificate blob).
+ * DICE-based attestation uses layered evidence that requires
+ * larger Quote size (~100K).
  */
-#define GET_QUOTE_BUF_SIZE		SZ_8K
+#define GET_QUOTE_BUF_SIZE		SZ_128K
 
 #define GET_QUOTE_CMD_VER		1
 
-- 
2.43.0

Re: [PATCH v1 1/3] virt: tsm: Document size limits for outblob attributes

[dan.j.williams]

Kuppuswamy Sathyanarayanan wrote:
> The configfs-tsm-report interface can fail with -EFBIG when the
> attestation report generated by a TSM provider exceeds internal
> maximums (TSM_REPORT_OUTBLOB_MAX). However, this error condition and
> its handling are not currently documented in the ABI.
> 
> Userspace tools need to understand how to interpret various error
> conditions when reading attestation reports.
> 
> Document that reads fail with -EFBIG when reports exceed size limits,
> with guidance on how to resolve them.
> 
> Reviewed-by: Fang Peter <peter.fang@intel.com>
> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>

Looks good, I will change the subject to:

"configfs-tsm-report: Document size limits for outblob attributes"

Re: [PATCH v1 2/3] virt: tsm: Increase TSM_REPORT_OUTBLOB_MAX to 16MB

[dan.j.williams]

Kuppuswamy Sathyanarayanan wrote:
> Confidential Computing (CoCo) attestation is evolving toward
> standardized models such as DICE (Device Identifier Composition Engine)
> and Post-Quantum Cryptography (PQC), which rely on layered certificate
> chains and larger cryptographic signatures.
> 
> A typical PQC certificate can range from 5KB to 15KB, and DICE-based
> architectures accumulate these certificates across multiple boot
> stages. In such configurations, the total attestation evidence can
> reach several megabytes, exceeding the current 32KB limit.
> 
> Increase TSM_REPORT_OUTBLOB_MAX to 16MB to accommodate these larger
> certificate chains. This provides sufficient headroom to handle
> evolving requirements without requiring frequent updates to the limit.
> 
> TSM_REPORT_OUTBLOB_MAX is used by the configfs read interface to cap
> the maximum allowed binary blob size for outblob, auxblob and
> manifestblob attributes. Hence, the per-open-file worst case memory
> allocation increases from 32KB to 16MB. Multiple concurrent readers
> multiply this cost (e.g., N readers of an M-byte blob incur NxM bytes
> of vmalloc-backed memory). However, allocations are performed on demand
> and remain proportional to the actual blob length, not the configured
> maximum.

Looks ok, again I will change the subject to:

"configfs-tsm-report: Increase TSM_REPORT_OUTBLOB_MAX to 16MB"

Re: [PATCH v1 3/3] virt: tdx-guest: Increase Quote buffer size to 128KB

[dan.j.williams]

Kuppuswamy Sathyanarayanan wrote:
> Intel platforms are transitioning from traditional SGX-based
> attestation toward DICE-based attestation as part of a broader move
> toward open and standardized attestation models. DICE enables layered
> and extensible attestation, where evidence is accumulated across
> multiple boot stages.
> 
> With SGX-based attestation, Quote sizes are typically under 8KB, as the
> payload consists primarily of Quote data and a small certificate bundle.
> Existing TDX guest code sizes the Quote buffer accordingly.
> 
> DICE-based attestation produces significantly larger Quotes due to the
> inclusion of evidence (certificate chains) from multiple boot layers.
> The cumulative Quote size can reach approximately 100KB.
> 
> Increase GET_QUOTE_BUF_SIZE to 128KB to ensure sufficient buffer
> capacity for DICE-based Quote payloads.
> 
> Reviewed-by: Fang Peter <peter.fang@intel.com>
> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
> ---
>  Documentation/ABI/testing/configfs-tsm-report | 4 ++++
>  drivers/virt/coco/tdx-guest/tdx-guest.c       | 4 +++-
>  2 files changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/Documentation/ABI/testing/configfs-tsm-report b/Documentation/ABI/testing/configfs-tsm-report
> index ca3352cfd2f1..7a6a5045a7d5 100644
> --- a/Documentation/ABI/testing/configfs-tsm-report
> +++ b/Documentation/ABI/testing/configfs-tsm-report
> @@ -73,6 +73,10 @@ Description:
>  		Library Revision 0.8 Appendix 4,5
>  		https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf
>  
> +		Intel TDX platforms with DICE-based attestation use CBOR Web Token
> +		(CWT) format for the Quote payload. This is indicated by the Quote
> +		size exceeding 8KB.

Looks ok, please follow up with a link to the full format specification
when it is published.

I will change this subject to:

"configfs-tsm-report: tdx_guest: Increase Quote buffer size to 128KB"

Re: [PATCH v1 3/3] virt: tdx-guest: Increase Quote buffer size to 128KB

[Kiryl Shutsemau]

On Tue, Feb 10, 2026 at 04:17:12PM -0800, Kuppuswamy Sathyanarayanan wrote:
> Intel platforms are transitioning from traditional SGX-based
> attestation toward DICE-based attestation as part of a broader move
> toward open and standardized attestation models. DICE enables layered
> and extensible attestation, where evidence is accumulated across
> multiple boot stages.
> 
> With SGX-based attestation, Quote sizes are typically under 8KB, as the
> payload consists primarily of Quote data and a small certificate bundle.
> Existing TDX guest code sizes the Quote buffer accordingly.
> 
> DICE-based attestation produces significantly larger Quotes due to the
> inclusion of evidence (certificate chains) from multiple boot layers.
> The cumulative Quote size can reach approximately 100KB.
> 
> Increase GET_QUOTE_BUF_SIZE to 128KB to ensure sufficient buffer
> capacity for DICE-based Quote payloads.

It worth noting that it requires guest physically-contiguous memory.

Single order-5 allocation is not that bad as long as the driver
initialized during the boot.

-- 
  Kiryl Shutsemau / Kirill A. Shutemov

Re: [PATCH v1 1/3] virt: tsm: Document size limits for outblob attributes

[Kuppuswamy Sathyanarayanan]

Hi Dan,

On 2/10/2026 6:15 PM, dan.j.williams@intel.com wrote:
> Kuppuswamy Sathyanarayanan wrote:
>> The configfs-tsm-report interface can fail with -EFBIG when the
>> attestation report generated by a TSM provider exceeds internal
>> maximums (TSM_REPORT_OUTBLOB_MAX). However, this error condition and
>> its handling are not currently documented in the ABI.
>>
>> Userspace tools need to understand how to interpret various error
>> conditions when reading attestation reports.
>>
>> Document that reads fail with -EFBIG when reports exceed size limits,
>> with guidance on how to resolve them.
>>
>> Reviewed-by: Fang Peter <peter.fang@intel.com>
>> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
> 
> Looks good, I will change the subject to:
> 
> "configfs-tsm-report: Document size limits for outblob attributes"


Thanks for the review! Are you planning to apply this with the updated
subject line, or would you like me to send a v2 with the change?

-- 
Sathyanarayanan Kuppuswamy
Linux Kernel Developer

Re: [PATCH v1 3/3] virt: tdx-guest: Increase Quote buffer size to 128KB

[Kuppuswamy Sathyanarayanan]

Hi Kiryl,

Thanks for the review!

On 2/11/2026 3:17 AM, Kiryl Shutsemau wrote:
> On Tue, Feb 10, 2026 at 04:17:12PM -0800, Kuppuswamy Sathyanarayanan wrote:
>> Intel platforms are transitioning from traditional SGX-based
>> attestation toward DICE-based attestation as part of a broader move
>> toward open and standardized attestation models. DICE enables layered
>> and extensible attestation, where evidence is accumulated across
>> multiple boot stages.
>>
>> With SGX-based attestation, Quote sizes are typically under 8KB, as the
>> payload consists primarily of Quote data and a small certificate bundle.
>> Existing TDX guest code sizes the Quote buffer accordingly.
>>
>> DICE-based attestation produces significantly larger Quotes due to the
>> inclusion of evidence (certificate chains) from multiple boot layers.
>> The cumulative Quote size can reach approximately 100KB.
>>
>> Increase GET_QUOTE_BUF_SIZE to 128KB to ensure sufficient buffer
>> capacity for DICE-based Quote payloads.
> 
> It worth noting that it requires guest physically-contiguous memory.
> 
> Single order-5 allocation is not that bad as long as the driver
> initialized during the boot.

Good point! We can add following to the commit log:

The Quote buffer requires guest physically-contiguous memory and is
allocated once during driver initialization at boot time, where an
order-5 allocation (128KB) is expected to succeed reliably.

> 

-- 
Sathyanarayanan Kuppuswamy
Linux Kernel Developer

Re: [PATCH v1 1/3] virt: tsm: Document size limits for outblob attributes

[dan.j.williams]

Kuppuswamy Sathyanarayanan wrote:
> Hi Dan,
> 
> On 2/10/2026 6:15 PM, dan.j.williams@intel.com wrote:
> > Kuppuswamy Sathyanarayanan wrote:
> >> The configfs-tsm-report interface can fail with -EFBIG when the
> >> attestation report generated by a TSM provider exceeds internal
> >> maximums (TSM_REPORT_OUTBLOB_MAX). However, this error condition and
> >> its handling are not currently documented in the ABI.
> >>
> >> Userspace tools need to understand how to interpret various error
> >> conditions when reading attestation reports.
> >>
> >> Document that reads fail with -EFBIG when reports exceed size limits,
> >> with guidance on how to resolve them.
> >>
> >> Reviewed-by: Fang Peter <peter.fang@intel.com>
> >> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
> > 
> > Looks good, I will change the subject to:
> > 
> > "configfs-tsm-report: Document size limits for outblob attributes"
> 
> 
> Thanks for the review! Are you planning to apply this with the updated
> subject line, or would you like me to send a v2 with the change?

Given the late date I went ahead and made the change and pushed it out
to start soaking in linux-next:

https://git.kernel.org/pub/scm/linux/kernel/git/devsec/tsm.git/log/?h=next

Re: [PATCH v1 3/3] virt: tdx-guest: Increase Quote buffer size to 128KB

[dan.j.williams]

Kuppuswamy Sathyanarayanan wrote:
> Hi Kiryl,
> 
> Thanks for the review!
> 
> On 2/11/2026 3:17 AM, Kiryl Shutsemau wrote:
> > On Tue, Feb 10, 2026 at 04:17:12PM -0800, Kuppuswamy Sathyanarayanan wrote:
> >> Intel platforms are transitioning from traditional SGX-based
> >> attestation toward DICE-based attestation as part of a broader move
> >> toward open and standardized attestation models. DICE enables layered
> >> and extensible attestation, where evidence is accumulated across
> >> multiple boot stages.
> >>
> >> With SGX-based attestation, Quote sizes are typically under 8KB, as the
> >> payload consists primarily of Quote data and a small certificate bundle.
> >> Existing TDX guest code sizes the Quote buffer accordingly.
> >>
> >> DICE-based attestation produces significantly larger Quotes due to the
> >> inclusion of evidence (certificate chains) from multiple boot layers.
> >> The cumulative Quote size can reach approximately 100KB.
> >>
> >> Increase GET_QUOTE_BUF_SIZE to 128KB to ensure sufficient buffer
> >> capacity for DICE-based Quote payloads.
> > 
> > It worth noting that it requires guest physically-contiguous memory.
> > 
> > Single order-5 allocation is not that bad as long as the driver
> > initialized during the boot.
> 
> Good point! We can add following to the commit log:
> 
> The Quote buffer requires guest physically-contiguous memory and is
> allocated once during driver initialization at boot time, where an
> order-5 allocation (128KB) is expected to succeed reliably.

That is good feedback. I would rather not restart the timer on the
linux-next exposure with a rebase to add that. I think in this case it
is sufficient that the commit has a link back to this discussion:

Link: https://patch.msgid.link/20260211001712.1531955-4-sathyanarayanan.kuppuswamy@linux.intel.com

However, when the the patch to add the link to the documentation for the
CBOR Web Token schema is ready, do take the opportunity to also add a
patch commenting about the order-5 allocation risk to
GET_QUOTE_BUF_SIZE.

Later, when / if these objects start to get into order-10+ allocations
for PQC etc, a scatter-gather mechanism will need to be considered.

Re: [PATCH v1 3/3] virt: tdx-guest: Increase Quote buffer size to 128KB

[Kuppuswamy Sathyanarayanan]

Hi Dan,

On 2/11/2026 1:06 PM, dan.j.williams@intel.com wrote:
> Kuppuswamy Sathyanarayanan wrote:
>> Hi Kiryl,
>>
>> Thanks for the review!
>>
>> On 2/11/2026 3:17 AM, Kiryl Shutsemau wrote:
>>> On Tue, Feb 10, 2026 at 04:17:12PM -0800, Kuppuswamy Sathyanarayanan wrote:
>>>> Intel platforms are transitioning from traditional SGX-based
>>>> attestation toward DICE-based attestation as part of a broader move
>>>> toward open and standardized attestation models. DICE enables layered
>>>> and extensible attestation, where evidence is accumulated across
>>>> multiple boot stages.
>>>>
>>>> With SGX-based attestation, Quote sizes are typically under 8KB, as the
>>>> payload consists primarily of Quote data and a small certificate bundle.
>>>> Existing TDX guest code sizes the Quote buffer accordingly.
>>>>
>>>> DICE-based attestation produces significantly larger Quotes due to the
>>>> inclusion of evidence (certificate chains) from multiple boot layers.
>>>> The cumulative Quote size can reach approximately 100KB.
>>>>
>>>> Increase GET_QUOTE_BUF_SIZE to 128KB to ensure sufficient buffer
>>>> capacity for DICE-based Quote payloads.
>>>
>>> It worth noting that it requires guest physically-contiguous memory.
>>>
>>> Single order-5 allocation is not that bad as long as the driver
>>> initialized during the boot.
>>
>> Good point! We can add following to the commit log:
>>
>> The Quote buffer requires guest physically-contiguous memory and is
>> allocated once during driver initialization at boot time, where an
>> order-5 allocation (128KB) is expected to succeed reliably.
> 
> That is good feedback. I would rather not restart the timer on the
> linux-next exposure with a rebase to add that. I think in this case it
> is sufficient that the commit has a link back to this discussion:
> 
> Link: https://patch.msgid.link/20260211001712.1531955-4-sathyanarayanan.kuppuswamy@linux.intel.com
> 
> However, when the the patch to add the link to the documentation for the
> CBOR Web Token schema is ready, do take the opportunity to also add a
> patch commenting about the order-5 allocation risk to
> GET_QUOTE_BUF_SIZE.

Sounds good. Once the CWT documentation is ready, I will send a follow-up
patch that includes both the documentation link and the order-5 allocation
comment.

> 
> Later, when / if these objects start to get into order-10+ allocations
> for PQC etc, a scatter-gather mechanism will need to be considered.

-- 
Sathyanarayanan Kuppuswamy
Linux Kernel Developer