From: Dan Williams <dan.j.williams@intel.com>
To: Jonathan Cameron <Jonathan.Cameron@huawei.com>,
Dan Williams <dan.j.williams@intel.com>
Cc: <linux-coco@lists.linux.dev>, Lukas Wunner <lukas@wunner.de>,
Samuel Ortiz <sameo@rivosinc.com>,
Alexey Kardashevskiy <aik@amd.com>,
Bjorn Helgaas <bhelgaas@google.com>,
Xu Yilun <yilun.xu@linux.intel.com>, <linux-pci@vger.kernel.org>,
<gregkh@linuxfoundation.org>
Subject: Re: [PATCH 05/11] PCI/TSM: Authenticate devices via platform TSM
Date: Tue, 25 Feb 2025 16:50:15 -0800 [thread overview]
Message-ID: <67be65478bb3e_1a77294e8@dwillia2-xfh.jf.intel.com.notmuch> (raw)
In-Reply-To: <20250130114554.0000033d@huawei.com>
Jonathan Cameron wrote:
> On Thu, 05 Dec 2024 14:23:45 -0800
> Dan Williams <dan.j.williams@intel.com> wrote:
>
> > The PCIe 6.1 specification, section 11, introduces the Trusted Execution
> > Environment (TEE) Device Interface Security Protocol (TDISP). This
> > interface definition builds upon Component Measurement and
> > Authentication (CMA), and link Integrity and Data Encryption (IDE). It
> > adds support for assigning devices (PCI physical or virtual function) to
> > a confidential VM such that the assigned device is enabled to access
> > guest private memory protected by technologies like Intel TDX, AMD
> > SEV-SNP, RISCV COVE, or ARM CCA.
> >
> > The "TSM" (TEE Security Manager) is a concept in the TDISP specification
> > of an agent that mediates between a "DSM" (Device Security Manager) and
> > system software in both a VMM and a confidential VM. A VMM uses TSM ABIs
> > to setup link security and assign devices. A confidential VM uses TSM
> > ABIs to transition an assigned device into the TDISP "RUN" state and
> > validate its configuration. From a Linux perspective the TSM abstracts
> > many of the details of TDISP, IDE, and CMA. Some of those details leak
> > through at times, but for the most part TDISP is an internal
> > implementation detail of the TSM.
> >
> > CONFIG_PCI_TSM adds an "authenticated" attribute and "tsm/" subdirectory
> > to pci-sysfs. The work in progress CONFIG_PCI_CMA (software
> > kernel-native PCI authentication) that can depend on a local to the PCI
> > core implementation, CONFIG_PCI_TSM needs to be prepared for late
> > loading of the platform TSM driver.
>
> I don't follow the previous sentence. Perhaps consider a rewrite?
I will just drop it for now as the entanglements with native PCI CMA are
not relevant in this changelog especially as is not clear which series
will land first.
The rewrite would have been:
--
CONFIG_PCI_TSM adds an "authenticated" attribute and "tsm/" subdirectory
to pci-sysfs. If native authentication is enabled then the existing
"authenticated" attribute is replaced. The presence of the "tsm/"
directory indicates what device authentication method is in effect.
--
>
> > Consider that the TSM driver may
> > itself be a PCI driver. Userspace can watch /sys/class/tsm/tsm0/uevent
> > to know when the PCI core has TSM services enabled.
> >
> > The common verbs that the low-level TSM drivers implement are defined by
> > 'struct pci_tsm_ops'. For now only 'connect' and 'disconnect' are
> > defined for secure session and IDE establishment. The 'probe' and
> > 'remove' operations setup per-device context representing the device's
> > security manager (DSM). Note that there is only one DSM expected per
> > physical PCI function, and that coordinates a variable number of
> > assignable interfaces to CVMs.
> >
> > The locking allows for multiple devices to be executing commands
> > simultaneously, one outstanding command per-device and an rwsem flushes
> > all in-flight commands when a TSM low-level driver/device is removed.
> >
> > Thanks to Wu Hao for his work on an early draft of this support.
> >
> > Cc: Lukas Wunner <lukas@wunner.de>
> > Cc: Samuel Ortiz <sameo@rivosinc.com>
> > Cc: Alexey Kardashevskiy <aik@amd.com>
> > Acked-by: Bjorn Helgaas <bhelgaas@google.com>
> > Co-developed-by: Xu Yilun <yilun.xu@linux.intel.com>
> > Signed-off-by: Xu Yilun <yilun.xu@linux.intel.com>
> > Signed-off-by: Dan Williams <dan.j.williams@intel.com>
> A few minor things inline.
>
> Jonathan
[..]
> > diff --git a/drivers/pci/tsm.c b/drivers/pci/tsm.c
> > new file mode 100644
> > index 000000000000..04e9257a6e41
> > --- /dev/null
> > +++ b/drivers/pci/tsm.c
> > @@ -0,0 +1,293 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/*
> > + * TEE Security Manager for the TEE Device Interface Security Protocol
> > + * (TDISP, PCIe r6.1 sec 11)
> > + *
> > + * Copyright(c) 2024 Intel Corporation. All rights reserved.
> > + */
> > +
> > +#define dev_fmt(fmt) "TSM: " fmt
> > +
> > +#include <linux/pci.h>
> > +#include <linux/pci-doe.h>
> > +#include <linux/sysfs.h>
> > +#include <linux/xarray.h>
> > +#include <linux/pci-tsm.h>
> > +#include <linux/bitfield.h>
>
> Odd header ordering. Anything consistent is fine by me but
> this just feels random.
Grouped the PCI ones together and X-mas-treed it.
> > +#include "pci.h"
> > +
> > +/*
> > + * Provide a read/write lock against the init / exit of pdev tsm
> > + * capabilities and arrival/departure of a tsm instance
> > + */
> > +static DECLARE_RWSEM(pci_tsm_rwsem);
> > +static const struct pci_tsm_ops *tsm_ops;
> > +
> > +/* supplemental attributes to surface when pci_tsm_attr_group is active */
> > +static const struct attribute_group *pci_tsm_owner_attr_group;
> > +
> > +static int pci_tsm_disconnect(struct pci_dev *pdev)
> > +{
> > + struct pci_tsm *pci_tsm = pdev->tsm;
> > +
> > + lockdep_assert_held(&pci_tsm_rwsem)
> > + if_not_guard(mutex_intr, &pci_tsm->lock)
>
> Sadly that got dropped.
RIP.
>
> > + return -EINTR;
> > +
> > + if (pci_tsm->state < PCI_TSM_CONNECT)
> > + return 0;
> > + if (pci_tsm->state < PCI_TSM_INIT)
> > + return -ENXIO;
> > +
> > + tsm_ops->disconnect(pdev);
> > + pci_tsm->state = PCI_TSM_INIT;
> > +
> > + return 0;
> > +}
> > +
>
> > +static struct attribute *pci_tsm_attrs[] = {
> > + &dev_attr_connect.attr,
> > + NULL,
>
> Trivia but no comma given it's a terminator and nothing will
> ever come after it.
Ok.
>
>
> > +};
> > +
> > +const struct attribute_group pci_tsm_attr_group = {
> > + .name = "tsm",
> > + .attrs = pci_tsm_attrs,
> > + .is_visible = SYSFS_GROUP_VISIBLE(pci_tsm),
> > +};
> > +
> > +static ssize_t authenticated_show(struct device *dev,
> > + struct device_attribute *attr, char *buf)
> > +{
> > + /*
> > + * When device authentication is TSM owned, 'authenticated' is
> > + * identical to the connect state.
> > + */
> > + return connect_show(dev, attr, buf);
> > +}
> > +static DEVICE_ATTR_RO(authenticated);
> > +
> > +static struct attribute *pci_tsm_auth_attrs[] = {
> > + &dev_attr_authenticated.attr,
> > + NULL,
> no comma
Ok.
>
> > +};
>
>
> > +void pci_tsm_destroy(struct pci_dev *pdev)
> > +{
> > + guard(rwsem_write)(&pci_tsm_rwsem);
> > + __pci_tsm_destroy(pdev);
> > +}
> > +
> > +void pci_tsm_unregister(const struct pci_tsm_ops *ops)
>
> I'd try to name things so it is clearer when a function
> is about the TSM coming and going vs a particular PCI
> device coming and going after the TSM is loaded.
I will add "core" to the ones that are registering ops from the TSM core
to the PCI core.
> At least that's what I'm assuming is the difference between
> pci_tsm_unregister() tsm going vs
> pci_tsm_destroy() particular PCI device driver being unbound
> (which I don't think gets called, so maybe drop for now?)
pci_destroy_dev() calls it.
next prev parent reply other threads:[~2025-02-26 0:50 UTC|newest]
Thread overview: 125+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-05 22:23 [PATCH 00/11] PCI/TSM: Core infrastructure for PCI device security (TDISP) Dan Williams
2024-12-05 22:23 ` [PATCH 01/11] configfs-tsm: Namespace TSM report symbols Dan Williams
2024-12-10 6:08 ` Alexey Kardashevskiy
2024-12-11 13:55 ` Suzuki K Poulose
2024-12-05 22:23 ` [PATCH 02/11] coco/guest: Move shared guest CC infrastructure to drivers/virt/coco/guest/ Dan Williams
2024-12-10 6:09 ` Alexey Kardashevskiy
2024-12-05 22:23 ` [PATCH 03/11] coco/tsm: Introduce a class device for TEE Security Managers Dan Williams
2025-01-28 12:17 ` Jonathan Cameron
2025-02-25 21:08 ` Dan Williams
2024-12-05 22:23 ` [PATCH 04/11] PCI/IDE: Selective Stream IDE enumeration Dan Williams
2024-12-10 3:08 ` Aneesh Kumar K.V
2024-12-12 6:32 ` Xu Yilun
2025-02-22 0:42 ` Dan Williams
2025-02-20 3:17 ` Dan Williams
2024-12-10 6:18 ` Alexey Kardashevskiy
2025-02-20 3:59 ` Dan Williams
2024-12-10 7:05 ` Alexey Kardashevskiy
2024-12-12 6:06 ` Xu Yilun
2024-12-18 10:35 ` Alexey Kardashevskiy
2025-02-22 0:30 ` Dan Williams
2025-02-20 18:07 ` Dan Williams
2025-02-21 0:53 ` Alexey Kardashevskiy
2025-02-27 23:46 ` Dan Williams
2024-12-10 19:24 ` Bjorn Helgaas
2025-02-22 0:13 ` Dan Williams
2025-01-30 10:45 ` Jonathan Cameron
2025-02-26 0:21 ` Dan Williams
2024-12-05 22:23 ` [PATCH 05/11] PCI/TSM: Authenticate devices via platform TSM Dan Williams
2024-12-10 10:18 ` Alexey Kardashevskiy
2025-02-21 8:13 ` Aneesh Kumar K.V
2025-02-25 7:17 ` Xu Yilun
2025-02-26 12:10 ` Aneesh Kumar K.V
2025-02-26 12:13 ` [RFC PATCH 1/7] tsm: Select PCI_DOE which is required for PCI_TSM Aneesh Kumar K.V (Arm)
2025-02-26 12:13 ` [RFC PATCH 2/7] tsm: Move tsm core outside the host directory Aneesh Kumar K.V (Arm)
2025-02-26 12:13 ` [RFC PATCH 3/7] tsm: vfio: Add tsm bind/unbind support Aneesh Kumar K.V (Arm)
2025-02-26 12:13 ` [RFC PATCH 4/7] tsm: Allow tsm ops function to be called for multi-function devices Aneesh Kumar K.V (Arm)
2025-02-26 12:13 ` [RFC PATCH 5/7] tsm: Don't error out for doe mailbox failure Aneesh Kumar K.V (Arm)
2025-02-26 12:13 ` [RFC PATCH 6/7] tsm: Allow tsm connect ops to be used for multiple operations Aneesh Kumar K.V (Arm)
2025-02-26 12:13 ` [RFC PATCH 7/7] tsm: Add secure SPDM support Aneesh Kumar K.V (Arm)
2025-02-27 6:50 ` Xu Yilun
2025-02-27 6:35 ` [PATCH 05/11] PCI/TSM: Authenticate devices via platform TSM Xu Yilun
2025-02-27 13:57 ` Aneesh Kumar K.V
2025-02-28 1:26 ` Xu Yilun
2025-02-28 9:48 ` Aneesh Kumar K.V
2025-03-01 7:50 ` Xu Yilun
2025-03-07 3:07 ` Alexey Kardashevskiy
2025-02-27 19:53 ` Dan Williams
2025-02-28 10:06 ` Aneesh Kumar K.V
2025-02-21 20:42 ` Dan Williams
2025-02-25 4:45 ` Alexey Kardashevskiy
2025-02-28 3:09 ` Dan Williams
2024-12-10 18:52 ` Bjorn Helgaas
2025-02-21 22:32 ` Dan Williams
2024-12-12 9:50 ` Xu Yilun
2025-02-22 1:15 ` Dan Williams
2025-02-24 11:02 ` Xu Yilun
2025-02-28 0:15 ` Dan Williams
2025-02-28 9:39 ` Xu Yilun
2025-01-30 11:45 ` Jonathan Cameron
2025-02-26 0:50 ` Dan Williams [this message]
2024-12-05 22:23 ` [PATCH 06/11] samples/devsec: PCI device-security bus / endpoint sample Dan Williams
2024-12-06 4:23 ` kernel test robot
2024-12-09 3:40 ` kernel test robot
2025-01-30 13:21 ` Jonathan Cameron
2025-02-26 2:00 ` Dan Williams
2024-12-05 22:23 ` [PATCH 07/11] PCI: Add PCIe Device 3 Extended Capability enumeration Dan Williams
2024-12-09 13:17 ` Ilpo Järvinen
2025-02-20 3:05 ` Dan Williams
2025-02-20 3:09 ` Dan Williams
2024-12-10 19:21 ` Bjorn Helgaas
2024-12-11 13:22 ` Ilpo Järvinen
2025-02-22 0:15 ` Dan Williams
2025-02-24 15:09 ` Ilpo Järvinen
2025-02-28 0:29 ` Dan Williams
2025-02-21 23:34 ` Dan Williams
2025-02-25 2:25 ` Alexey Kardashevskiy
2024-12-05 22:24 ` [PATCH 08/11] PCI/IDE: Add IDE establishment helpers Dan Williams
2024-12-10 3:19 ` Aneesh Kumar K.V
2024-12-10 3:37 ` Aneesh Kumar K.V
2025-02-20 3:39 ` Dan Williams
2025-02-21 15:53 ` Aneesh Kumar K.V
2025-02-25 0:46 ` Dan Williams
2025-01-07 20:19 ` Xu Yilun
2025-01-10 13:25 ` Aneesh Kumar K.V
2025-02-24 22:31 ` Dan Williams
2025-02-25 2:29 ` Alexey Kardashevskiy
2025-02-20 3:28 ` Dan Williams
2024-12-10 7:07 ` Alexey Kardashevskiy
2025-02-20 21:44 ` Dan Williams
2024-12-10 18:47 ` Bjorn Helgaas
2025-02-21 22:02 ` Dan Williams
2024-12-12 10:50 ` Xu Yilun
2024-12-19 7:25 ` Alexey Kardashevskiy
2024-12-19 10:05 ` Alexey Kardashevskiy
2025-01-07 20:00 ` Xu Yilun
2025-01-09 2:35 ` Alexey Kardashevskiy
2025-01-09 21:28 ` Xu Yilun
2025-01-15 0:20 ` Alexey Kardashevskiy
2025-02-25 0:06 ` Dan Williams
2025-02-25 3:39 ` Alexey Kardashevskiy
2025-02-28 2:26 ` Dan Williams
2025-03-04 0:03 ` Alexey Kardashevskiy
2025-03-04 0:57 ` Dan Williams
2025-03-04 1:31 ` Alexey Kardashevskiy
2025-03-04 17:59 ` Dan Williams
2025-02-20 4:19 ` Alexey Kardashevskiy
2025-02-24 22:24 ` Dan Williams
2025-02-25 2:45 ` Xu Yilun
2025-02-24 20:28 ` Dan Williams
2025-02-26 1:54 ` Alexey Kardashevskiy
2025-02-24 20:24 ` Dan Williams
2025-02-25 5:01 ` Xu Yilun
2024-12-05 22:24 ` [PATCH 09/11] PCI/IDE: Report available IDE streams Dan Williams
2024-12-06 0:12 ` kernel test robot
2024-12-06 0:43 ` kernel test robot
2025-02-11 6:10 ` Alexey Kardashevskiy
2025-02-27 23:35 ` Dan Williams
2024-12-05 22:24 ` [PATCH 10/11] PCI/TSM: Report active " Dan Williams
2024-12-10 18:49 ` Bjorn Helgaas
2025-02-21 22:28 ` Dan Williams
2024-12-05 22:24 ` [PATCH 11/11] samples/devsec: Add sample IDE establishment Dan Williams
2025-01-30 13:39 ` Jonathan Cameron
2025-02-27 23:27 ` Dan Williams
2024-12-06 6:05 ` [PATCH 00/11] PCI/TSM: Core infrastructure for PCI device security (TDISP) Greg KH
2024-12-06 8:44 ` Dan Williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=67be65478bb3e_1a77294e8@dwillia2-xfh.jf.intel.com.notmuch \
--to=dan.j.williams@intel.com \
--cc=Jonathan.Cameron@huawei.com \
--cc=aik@amd.com \
--cc=bhelgaas@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-pci@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=sameo@rivosinc.com \
--cc=yilun.xu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox