Re: [PATCH v13 2/3] selftests: tdx: Test TDX attestation GetReport support

["Huang, Kai" <kai.huang@intel.com>]

On Fri, 2022-09-09 at 12:27 -0700, Kuppuswamy Sathyanarayanan wrote:
> Attestation is used to verify the trustworthiness of a TDX guest.
> During the guest bring-up, Intel TDX module measures and records
> the initial contents and configuration of the guest, and at runtime,
> guest software uses runtime measurement registers (RMTRs) to measure
> and record details related to kernel image, command line params, ACPI
> tables, initrd, etc. At TDX guest runtime, Intel SGX attestation
> infrastructure is re-used to attest to these measurement data.

Similar the comment to patch 3, I don't particularly like "to attest" part as
only the verification service can truly _attest_ somthing (I suppose the "SGX
infrastructure" here you mean SGX QE to generate the Quote). 

I think you can just say something like "TDX leverages SGX Quote mechanism to
support remote attestation of TDX guests".  And you can combine this with below
paragraph.

> 
> First step in the TDX attestation process is to get the TDREPORT data.
> It is a fixed size data structure generated by the TDX module which
> includes the above mentioned measurements data, a MAC to protect the
> integerity of the TDREPORT, and a 64-Byte of user specified data passed
> during TDREPORT request which can uniquely identify the TDREPORT.
> 
> Intel's TDX guest driver exposes TDX_CMD_GET_REPORT IOCTL interface to
> get the TDREPORT from the user space.
> 
> Add a kernel selftest module to test this ABI and verify the validity
> of generated TDREPORT.
> 
> Reviewed-by: Tony Luck <tony.luck@intel.com>
> Reviewed-by: Andi Kleen <ak@linux.intel.com>
> Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>

Anyway (although still not sure all the definitions of TDX architectural data
structures are needed):

Acked-by: Kai Huang <kai.huang@intel.com>



-- 
Thanks,
-Kai