From: Lukas Wunner <lukas@wunner.de>
To: Bjorn Helgaas <helgaas@kernel.org>
Cc: Jonathan Cameron <Jonathan.Cameron@huawei.com>,
linux-pci@vger.kernel.org, linux-cxl@vger.kernel.org,
linuxarm@huawei.com, Dan Williams <dan.j.williams@intel.com>,
Adam Manzanares <a.manzanares@samsung.com>,
Ira Weiny <ira.weiny@intel.com>,
Christoph Hellwig <hch@infradead.org>, Ben W <ben@bwidawsk.net>,
Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>,
David E Box <david.e.box@intel.com>,
Chuck Lever <chuck.lever@oracle.com>,
kw@linux.com, Bjorn Helgaas <bhelgaas@google.com>,
Joerg Roedel <joro@8bytes.org>,
Eric Biggers <ebiggers@google.com>
Subject: Re: [RFC PATCH v3 3/4] PCI/CMA: Initial support for Component Measurement and Authentication ECN
Date: Sat, 24 Sep 2022 07:39:53 +0200 [thread overview]
Message-ID: <20220924053953.GA13820@wunner.de> (raw)
In-Reply-To: <20220923213634.GA1420285@bhelgaas>
On Fri, Sep 23, 2022 at 04:36:34PM -0500, Bjorn Helgaas wrote:
> On Tue, Sep 06, 2022 at 12:15:55PM +0100, Jonathan Cameron wrote:
> > --- /dev/null
> > +++ b/drivers/pci/cma.c
> > @@ -0,0 +1,117 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/*
> > + * Component Measurement and Authentication was added as an ECN to the
> > + * PCIe r5.0 spec.
>
> It looks like PCIe r6.0, sec 6.31? (Oh, I see that's what you mention
> above in the Kconfig text :)) I have absolutely no idea what CMA is
> about or how it works. Other than pci_doe_submit_task(), nothing here
> is recognizable to me as PCI-related and I can't tell what else, if
> anything, is connected to something in the PCIe spec.
CMA is an adaption of the SPDM spec to PCIe.
Basically this is about authenticating PCI devices:
The device presents a certificate chain to the host;
The host needs to trust the root of that certificate chain;
The host sends a nonce to the device;
The device signs the nonce with its private key, sends it back;
The host verifies the signature matches the certificate (= public key).
The protocol to perform this authentication is called SPDM:
https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.2.1.pdf
Various other specs besides PCIe have adopted SPDM (e.g. CXL).
One transport over which the SPDM message exchanges are sent is PCI DOE,
which appears in v6.0.
So-called measurements can be retrieved after authentication was
completed successfully: E.g. a signed hash of the firmware.
Thereby, the host can verify the device is in a trusted state.
"Attestation" appears to be a fancy terminus technicus which encompasses
authentication and validation of measurements.
Authentication forms the basis for IDE (PCI TLP encryption,
PCIe r6.0 sec 6.33). Encryption is useless without authentication
because it's otherwise susceptible to man-in-the-middle attacks.
Authentication also forms the basis for TDISP (Trusted I/O virtualization,
recently accepted as an ECN).
There was an SPDM BoF at Plumbers last week:
https://lpc.events/event/16/contributions/1304/attachments/1029/1974/LPC2022-SPDM-BoF-v4.pdf
https://lpc.events/event/16/abstracts/1301/
The outcome is that we'll be working towards a minimal CMA implementation
which is capable of authenticating PCI devices and presenting the result in
sysfs. There might be a global policy knob in sysfs to control handling
of devices for which authentication failed (e.g. forbid binding to
drivers). Features such as a per-device policy can later be added on top
if need be. We'll need to rework DOE handling such that the PCI core
scans all DOE mailboxes on device enumeration to look for one capable
of SPDM and perform authentication. We'll seek to upstream this though
the PCI tree. That's my summary in brief, Jonathan or Dan may have
amendments or corrections to make. :)
Thanks,
Lukas
next prev parent reply other threads:[~2022-09-24 5:40 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-06 11:15 [RFC PATCH v3 0/4] PCI/CMA and SPDM Library - Device attestation etc Jonathan Cameron
2022-09-06 11:15 ` [RFC PATCH v3 1/4] lib/asn1_encoder: Add a function to encode many byte integer values Jonathan Cameron
2022-09-06 11:15 ` [RFC PATCH v3 2/4] spdm: Introduce a library for DMTF SPDM Jonathan Cameron
2022-09-06 11:15 ` [RFC PATCH v3 3/4] PCI/CMA: Initial support for Component Measurement and Authentication ECN Jonathan Cameron
2022-09-23 21:36 ` Bjorn Helgaas
2022-09-24 5:39 ` Lukas Wunner [this message]
2022-09-24 23:19 ` Dan Williams
2022-09-06 11:15 ` [RFC PATCH v3 4/4] cxl/pci: Add really basic CMA authentication support Jonathan Cameron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220924053953.GA13820@wunner.de \
--to=lukas@wunner.de \
--cc=Jonathan.Cameron@huawei.com \
--cc=a.manzanares@samsung.com \
--cc=ben@bwidawsk.net \
--cc=bhelgaas@google.com \
--cc=chuck.lever@oracle.com \
--cc=dan.j.williams@intel.com \
--cc=david.e.box@intel.com \
--cc=ebiggers@google.com \
--cc=hch@infradead.org \
--cc=helgaas@kernel.org \
--cc=ira.weiny@intel.com \
--cc=joro@8bytes.org \
--cc=kw@linux.com \
--cc=linux-cxl@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=linuxarm@huawei.com \
--cc=lorenzo.pieralisi@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox