[PATCH v5 00/10] PCI/TSM: Core infrastructure for PCI device security (TDISP)

[Dan Williams <dan.j.williams@intel.com>]

Changes since v4 [1]:
- Rebased on v6.17-rc2 plus a new pci_bus_find_emul_domain_nr()
  implementation after feedback from Michael
- Update all spec references to PCIe r7.0 (Bjorn)
- Alphabetize includes (Bjorn)
- Drop "_MASK" from register field definitions (Bjorn)
- Add explicit includes for used functionality (Bjorn)
- Fix some misspellings, punctuation, and capitalization (Bjorn)
- Drop whitespace out of the TDISP setup success debug print (Bjorn)
- Make the "Device 3 Extended Capability" changelog more concise (Bjorn)
- Clarify abbreviations in documentation for the IDE stream sysfs
  symlink (Bjorn)
- Drop pci_ide_domain() export (Bjorn)
- Do or do not, there is no try for pci_ide_stream_enable() (Bjorn)

- Prefix register offset definitions with 0 (Jonathan)
- Rename PCI_IDE_SEL_STS_RECVD_INTEGRITY_CHECK to
  PCI_IDE_SEL_STS_IDE_FAIL per latest spec (Jonathan)
- Replace call_cb_put() with scope-based-cleanup (Jonathan)
- Move the sample emulation devices to a known unused device-id, 0xffff
  which is the value conveyed in an error case (Jonathan)
- Reflow line breaks in tsm_ide_stream_register() (Jonathan)

- Drop @groups passed to tsm_register() and tsm_pci_group() (Alexey)
- Simplify __sel_ide_offset() (Alexey)
- Have PCI_TSM select TSM (Alexey)
- Move DOE definitions to pci-doe.h (Alexey)
- Remove pci_tsm_doe_transfer() (Alexey)
- Reorder pci_tsm_link_constructor() to skip init actions when the
  function is going to fail (Alexey)
- Rename the core 'struct pci_tsm' context as "base" (Alexey)

- Pick up Bjorn's acks
- Fix Documentation to reflect passing the name of the TSM device to
  @connect and @disconnect
- Rename pci_tsm_pf0_attr_group to pci_tsm_attr_group since it will be
  shared with the guest side
- Fix SRIOV function tsm sysfs init, add pci_tsm_init()
- Clarify why pci_tsm_destroy() occurs before device_del()
- Cleanup link_tsm vs devsec_tsm confusion, prepare for more devsec_tsm
  enabling
- Hold pci_tsm_rwsem for write over connect and disconnect flows
- Rework "tsm" group attributes to prep for devsec_tsm attributes
- Fix find_dsm_dev() to be more careful to not walk past root ports
- Drop @sec_probe and @sec_remove add @lock and @unlock in preparation
  for devsec_tsm enabling
- Require samples/devsec to be built as a module
- Fix bridge and device MMIO setup in samples/devsec/bus.c
- Move samples/devsec/bus.c to faux_device
- constify pci_ide_attr_group()

[1]: http://lore.kernel.org/20250717183358.1332417-1-dan.j.williams@intel.com

This set is available at tsm.git#staging (rebasing branch) or
tsm.git#devsec-20250826 (immutable tag). It passes a basic smoke test
that exercises load/unload of the samples/devsec/ modules and
connect/disconnect of the emulated device.

Status (further "link" vs "devsec" TSM clarity):
------------------------------------------------

The bulk of the change this round is driven by further preparation for
the "guest side" / device security state manipulation infrastructure.
I.e. the support for the PCI core within the TEE to ask the TSM to
transition a device from UNLOCKED to LOCKED, and LOCKED to RUN.

A set implementing that to be posted immediately following this with the
subject:

    "PCI/TSM: TEE I/O infrastructure"

Otherwise the feedback has appeared to complete the transition from
fundamental concerns to matters of polish.

Next steps:
-----------
With "[RFC PATCH v1 00/38] ARM CCA Device Assignment support" [2] this
effort got one step closer to the criteria of "samples/devsec/ + 1
vendor implementation, or 2 vendor implementations can demonstrate the
end-to-end flow (minus attestation)" for starting the push into
mainline.

See, and review, the "PCI/TSM: TEE I/O infrastructure" posting for the
next batch of consensus building.

[2]: http://lore.kernel.org/20250728135216.48084-1-aneesh.kumar@kernel.org

Original Cover letter:
----------------------

Trusted execution environment (TEE) Device Interface Security Protocol
(TDISP) is a chapter name in the PCI specification. It describes an
alphabet soup of mechanisms, SPDM, CMA, IDE, TSM/DSM, that system
software uses to establish trust in a device and assign it to a
confidential virtual machine (CVM). It is protocol for dynamically
extending the trusted computing boundary (TCB) of a CVM with a PCI
device interface that can issue DMA to CVM private memory.

The acronym soup problem is enhanced by every major platform vendor
having distinct TEE Security Manager (TSM) API implementations /
capabilities, and to a lesser extent, every potential endpoint Device
Security Manager (DSM) having its own idiosyncratic behaviors around
TDISP state transitions.

Despite all that opportunity for differentiation, there is a significant
portion of the implementation that is cross-vendor common. However, it
is difficult to develop, debate, test and settle all those pieces absent
a low level TSM driver implementation to pull it all together.

The proposal, of which this set is the first phase, is incrementally
develop the shared infrastructure on top of a sample TSM driver
implementation to enable clean vendor agnostic discussions about the
commons. "samples/devsec/" is meant to be: just enough emulation to
exercise all the core infrastructure, a reference implementation, and a
simple unit test. The sample also enables coordination with the native
PCI device security effort [3].

[3]: http://lore.kernel.org/cover.1719771133.git.lukas@wunner.de

Dan Williams (10):
  coco/tsm: Introduce a core device for TEE Security Managers
  PCI/IDE: Enumerate Selective Stream IDE capabilities
  PCI: Introduce pci_walk_bus_reverse(), for_each_pci_dev_reverse()
  PCI/TSM: Authenticate devices via platform TSM
  samples/devsec: Introduce a PCI device-security bus + endpoint sample
  PCI: Add PCIe Device 3 Extended Capability enumeration
  PCI/IDE: Add IDE establishment helpers
  PCI/IDE: Report available IDE streams
  PCI/TSM: Report active IDE streams
  samples/devsec: Add sample IDE establishment

 Documentation/ABI/testing/sysfs-bus-pci       |  51 ++
 Documentation/ABI/testing/sysfs-class-tsm     |  19 +
 .../ABI/testing/sysfs-devices-pci-host-bridge |  26 +
 Documentation/driver-api/pci/index.rst        |   1 +
 Documentation/driver-api/pci/tsm.rst          |  12 +
 MAINTAINERS                                   |   7 +-
 drivers/base/bus.c                            |  38 +
 drivers/pci/Kconfig                           |  29 +
 drivers/pci/Makefile                          |   2 +
 drivers/pci/bus.c                             |  38 +
 drivers/pci/doe.c                             |   2 -
 drivers/pci/ide.c                             | 582 ++++++++++++++
 drivers/pci/pci-sysfs.c                       |   4 +
 drivers/pci/pci.h                             |  19 +
 drivers/pci/probe.c                           |  28 +-
 drivers/pci/remove.c                          |   6 +
 drivers/pci/search.c                          |  62 +-
 drivers/pci/tsm.c                             | 601 ++++++++++++++
 drivers/virt/coco/Kconfig                     |   3 +
 drivers/virt/coco/Makefile                    |   1 +
 drivers/virt/coco/tsm-core.c                  | 183 +++++
 include/linux/device/bus.h                    |   3 +
 include/linux/pci-doe.h                       |   4 +
 include/linux/pci-ide.h                       |  72 ++
 include/linux/pci-tsm.h                       | 143 ++++
 include/linux/pci.h                           |  36 +
 include/linux/tsm.h                           |  11 +
 include/uapi/linux/pci_regs.h                 |  89 +++
 samples/Kconfig                               |  19 +
 samples/Makefile                              |   1 +
 samples/devsec/Makefile                       |  10 +
 samples/devsec/bus.c                          | 737 ++++++++++++++++++
 samples/devsec/common.c                       |  26 +
 samples/devsec/devsec.h                       |  40 +
 samples/devsec/link_tsm.c                     | 242 ++++++
 35 files changed, 3134 insertions(+), 13 deletions(-)
 create mode 100644 Documentation/ABI/testing/sysfs-class-tsm
 create mode 100644 Documentation/driver-api/pci/tsm.rst
 create mode 100644 drivers/pci/ide.c
 create mode 100644 drivers/pci/tsm.c
 create mode 100644 drivers/virt/coco/tsm-core.c
 create mode 100644 include/linux/pci-ide.h
 create mode 100644 include/linux/pci-tsm.h
 create mode 100644 samples/devsec/Makefile
 create mode 100644 samples/devsec/bus.c
 create mode 100644 samples/devsec/common.c
 create mode 100644 samples/devsec/devsec.h
 create mode 100644 samples/devsec/link_tsm.c


base-commit: 650d64cdd69122cc60d309f2f5fd72bbc080dbd7
-- 
2.50.1