From: Dan Williams <dan.j.williams@intel.com>
To: Alexey Kardashevskiy <aik@amd.com>,
Dan Williams <dan.j.williams@intel.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
"Aneesh Kumar K.V" <aneesh.kumar@kernel.org>,
Xu Yilun <yilun.xu@linux.intel.com>
Cc: <linux-coco@lists.linux.dev>, <linux-pci@vger.kernel.org>,
<gregkh@linuxfoundation.org>, <lukas@wunner.de>,
<sameo@rivosinc.com>, <jgg@nvidia.com>, <zhiw@nvidia.com>
Subject: Re: [PATCH v3 12/13] PCI/TSM: support TDI related operations for host TSM driver
Date: Thu, 12 Jun 2025 20:06:30 -0700 [thread overview]
Message-ID: <684b95b6cfe92_2491100d4@dwillia2-xfh.jf.intel.com.notmuch> (raw)
In-Reply-To: <dcd28de4-010d-4919-8db0-64e807726ad1@amd.com>
Alexey Kardashevskiy wrote:
>
>
> On 7/6/25 11:56, Dan Williams wrote:
> > Alexey Kardashevskiy wrote:
> > [..]
> >>> but the point is still that we
> >>> have not even got one implementation of a bus Device Security protocol
> >>> upstream, let alone multiple.
> >>
> >> And my point is that TSM does not actually do anything with PCI except
> >> SPDM/DOE which can happily live in a library or DOE (and called from
> >> CCP or TDX drivers) and the rest can be just "device", not "pci_dev".
> >> I wonder if+how nailing TSM to PCI makes your life somehow easier, it
> >> is not going to help my case. Thanks,
> >
> > The goal is not to solve Alexey's case, the goal is to solve the TDISP
> > enabling problem in a way that all impacted subsystem owners (PCI,
> > Device core, DMA, IOMMU, VFIO/IOMMUFD, KVM, CPU arch/...), and all TSM
> > platform vendors are willing to accept.
>
> Right, so I need to understand how this TSM makes your life easier.
The goal is make other subsystem owner's lives easier.
I read Bjorn's ack as "oh hey, you added new PCI/TSM functionality in
the same way all other new PCI device capabilities get added with
lifetime bounded by pci_init_capabilities() and pci_destroy_dev(), and
the sysfs attributes follow normal PCI device rules too". I also expect
I have an implied ack from Lukas who also does the same lifetime for
native authentication.
Now, they are free to change their mind if new information makes them
rethink this, but I have been operating under the assumption this
question is settled. I read ARM folks as tentatively on board as well.
Greg did not balk yet either.
I expect other subsystem maintainers want to see vendor consensus before
weighing. "Ongoing debate" almost always == "wait".
> I did show my complete solution, still waiting to see yours or any
> other really.
This is a fair criticism and I hope to share more soon in the meantime
Yilun and I have been working on the skeleton pieces and samples/devsec/
to unit test the proposals.
> For example, DOE bouncing.
The tsm operations and bind have been taking up all of the focus. What
are the specific concerns around DOE bouncing proposal? The only
criteria I currently have in mind is:
* if there is common boilerplate lets make that a library helper
* a TDISP operation / state change should be atomic regardless of how
many DOE messages are involved.
> > "TSM" is literally a PCI-introduced term. It comes with a full
> > device-model and state machine for a protocol that we, OS practitioners,
> > have a chance to agree what it means. If another bus wants to do "Device
> > Security" ideally it would map as a strict subset of the TDISP model. If
> > / when that happens it is easy enough for userspace to see "oh hey, bus
> > $foo now has tsm/connect and tsm/accept mechanisms too".
>
> Quite a chunk of it is in the SPDM specs which have all sorts of bindings. No strict PCI.
Agree, but most of the interesting potential for shared code there is
buried within the TSM implementations with TDISP we mostly sit behind
TSM calls.
I note that Lukas has spdm common code in lib/spdm/, but all of protocol
work there is not usable for TDISP since TSMs run that protocol.
> VFIO started as PCI and look at it now with all these platform and mediated devices.
Yes, and VFIO still has specific support for PCI semantics... but the
meat of your concern is below.
> > Just like the evolution of the "new_id / remove_id, and authorized" bus
> > attributes, other buses add workalike functionality as a matter of
> > course. Other buses can add "TSM" mechanisms to their device model,
> > "TSM" is not a device model unto itself. Similarly, nothing stops
> > 'struct pci_dev' properties to be promoted to 'struct device' when
> > needed.
> >
> > I note IOMMMUFD has the bulk of all the interesting cross-bus shared
> > work to do here and it already has a generic device object model for
> > that purpose. It is another example of "extend existing objects with
> > 'Device Security' properties", not "add a new tdi_dev object to manage".
> >
> > I am frustrated that we are still spinning in this philosophical debate.
>
> That's because I did not do very good job explaining my TSM, my bad,
> I'll do better, it is too bloated now, and violates sysfs, and should
> integrate with Lukas'es work, my bad.
No need to apologize, this stuff is complicated and I needed significant
changes from v1 to v2, getting better for v3, but v4 still needed.
> But having this all in a single built-in (1) with PCI nailed down (2),
> globals (3), one tsm_ops struct for both host and guest - this
> frustrates me.
These are good review comments, and need to be addressed.
> (1) means annoyingly many reboots vs rmmod+modprobe
Once you buy the idea that a PCI device capability should have lifetime
bounded by pci_init_capabilities()/pci_destroy_dev() and attributes
defined by pci_dev_attr_groups() then the built-in design comes along
for the ride.
I do not agree that this near term developer ergonomics issue, for this
core infrastructure piece that will eventually settle and be slow moving
thereafter, should affect the long term design.
That was also another motivation for samples/devsec/, i.e. stand up an
environment that can quickly target different corners of the TSM stack
by restarting QEMU.
> (2) TSM does not IDE (the platform calls the IDE library) and does not
> do DOE (the DOE library should, called by the platform)
The rationale for this organization is that IDE is not required. TSM may
have knowledge that the link is secure by other means.
> (3) bites every time when there are development bugs
I take this as par for the course for PCI capability development. I also
expect the bulk of the development complexity to live in the low-level
TSM driver, not the TSM skeleton.
> (4) leads to ugly "if (tvm_mode())" checks and bugs (when missed), been there, done that with my first TSM, did not like it.
Fair enough. I will take a look at replacing tvm_mode() with guest
specific ops structure. It likely still ends up being the same ops
signature though.
> 1/2/3/5 are not necessary, do not really make anything simpler and
> most likely will requite untangling later.
>
>
> Say, there are assumptions already made for IDE which I believe we do
> not have to make (like, same number association blocks in all streams)
> but it is internal IDE detail, can be changed later if needed, but the
> API is sane so I am ok with the limitations (thanks btw!). But the TSM
> just is not there yet imho. Hope it all makes sense. Trying now to
> move to v6.16-rc1 + dmabuf + this series as we speak
Which dmabuf series are you trying to integrate? There is yours,
Yilun's, and Aneesh was looking to publish a third.
> so you'll hear from me soon :) Thanks,
Sounds good, the whole goal of this is get to the point where 2 vendors
agree and they can drag the 3rd vendor along.
next prev parent reply other threads:[~2025-06-13 3:06 UTC|newest]
Thread overview: 173+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-16 5:47 [PATCH v3 00/13] PCI/TSM: Core infrastructure for PCI device security (TDISP) Dan Williams
2025-05-16 5:47 ` [PATCH v3 01/13] coco/tsm: Introduce a core device for TEE Security Managers Dan Williams
2025-06-02 13:18 ` Jason Gunthorpe
2025-06-04 0:42 ` Dan Williams
2025-06-04 1:15 ` Dan Williams
2025-06-04 12:15 ` Jason Gunthorpe
2025-06-04 12:14 ` Jason Gunthorpe
2025-06-06 3:33 ` Alexey Kardashevskiy
2025-06-06 2:09 ` Alexey Kardashevskiy
2025-05-16 5:47 ` [PATCH v3 02/13] PCI/IDE: Enumerate Selective Stream IDE capabilities Dan Williams
2025-06-17 12:16 ` Jonathan Cameron
2025-07-12 22:31 ` dan.j.williams
2025-05-16 5:47 ` [PATCH v3 03/13] PCI/TSM: Authenticate devices via platform TSM Dan Williams
2025-05-21 15:32 ` Aneesh Kumar K.V
2025-06-03 19:53 ` Dan Williams
2025-06-04 8:04 ` Aneesh Kumar K.V
2025-06-17 12:51 ` Jonathan Cameron
2025-07-12 22:07 ` dan.j.williams
2025-08-26 1:31 ` Alexey Kardashevskiy
2025-08-26 23:54 ` dan.j.williams
2025-08-27 4:44 ` Alexey Kardashevskiy
2025-08-28 19:27 ` dan.j.williams
2025-08-26 3:08 ` Alexey Kardashevskiy
2025-08-26 23:58 ` dan.j.williams
2025-08-27 5:06 ` Alexey Kardashevskiy
2025-08-26 10:22 ` Alexey Kardashevskiy
2025-08-27 0:15 ` dan.j.williams
2025-08-27 5:02 ` Alexey Kardashevskiy
2025-08-28 19:32 ` dan.j.williams
2025-05-16 5:47 ` [PATCH v3 04/13] PCI: Enable host-bridge emulation for PCI_DOMAINS_GENERIC platforms Dan Williams
2025-05-16 5:47 ` [PATCH v3 05/13] PCI: vmd: Switch to pci_bus_find_emul_domain_nr() Dan Williams
2025-05-16 5:47 ` [PATCH v3 06/13] samples/devsec: Introduce a PCI device-security bus + endpoint sample Dan Williams
2025-06-17 13:30 ` Jonathan Cameron
2025-07-13 1:58 ` dan.j.williams
2025-05-16 5:47 ` [PATCH v3 07/13] PCI: Add PCIe Device 3 Extended Capability enumeration Dan Williams
2025-06-17 13:36 ` Jonathan Cameron
2025-05-16 5:47 ` [PATCH v3 08/13] PCI/IDE: Add IDE establishment helpers Dan Williams
2025-06-17 14:04 ` Jonathan Cameron
2025-07-14 18:25 ` dan.j.williams
2025-07-03 2:59 ` Alexey Kardashevskiy
2025-05-16 5:47 ` [PATCH v3 09/13] PCI/IDE: Report available IDE streams Dan Williams
2025-05-18 12:48 ` kernel test robot
2025-06-17 14:16 ` Jonathan Cameron
2025-07-14 20:16 ` dan.j.williams
2025-05-16 5:47 ` [PATCH v3 10/13] PCI/TSM: Report active " Dan Williams
2025-06-17 14:21 ` Jonathan Cameron
2025-07-14 20:49 ` dan.j.williams
2025-05-16 5:47 ` [PATCH v3 11/13] samples/devsec: Add sample IDE establishment Dan Williams
2025-06-17 14:26 ` Jonathan Cameron
2025-07-14 20:59 ` dan.j.williams
2025-05-16 5:47 ` [PATCH v3 12/13] PCI/TSM: support TDI related operations for host TSM driver Dan Williams
2025-05-16 6:52 ` Xu Yilun
2025-05-20 7:17 ` Aneesh Kumar K.V
2025-05-21 9:35 ` Xu Yilun
2025-05-26 5:05 ` Aneesh Kumar K.V
2025-05-26 7:52 ` Alexey Kardashevskiy
2025-05-26 15:44 ` Aneesh Kumar K.V
2025-05-27 1:01 ` Alexey Kardashevskiy
2025-05-27 11:48 ` Aneesh Kumar K.V
2025-05-27 13:06 ` Jason Gunthorpe
2025-05-27 14:26 ` Aneesh Kumar K.V
2025-05-27 14:45 ` Jason Gunthorpe
2025-05-28 12:17 ` Aneesh Kumar K.V
2025-05-28 16:42 ` Jason Gunthorpe
2025-05-28 16:52 ` Jason Gunthorpe
2025-05-29 9:30 ` Xu Yilun
2025-05-29 13:43 ` Aneesh Kumar K.V
2025-05-29 14:09 ` Jason Gunthorpe
2025-05-30 3:00 ` Alexey Kardashevskiy
2025-05-30 13:21 ` Jason Gunthorpe
2025-05-29 13:49 ` Xu Yilun
2025-05-29 14:05 ` Jason Gunthorpe
2025-05-29 3:03 ` Alexey Kardashevskiy
2025-05-29 13:34 ` Aneesh Kumar K.V
2025-05-29 13:37 ` [RFC PATCH 1/3] coco: tsm: Add tsm_bind/unbind helpers Aneesh Kumar K.V (Arm)
2025-05-29 13:37 ` [RFC PATCH 2/3] iommufd/viommu: Add support to associate viommu with kvm instance Aneesh Kumar K.V (Arm)
2025-05-29 14:13 ` Jason Gunthorpe
2025-05-29 13:37 ` [RFC PATCH 3/3] iommufd/tsm: Add tsm_bind/unbind iommufd ioctls Aneesh Kumar K.V (Arm)
2025-05-29 14:32 ` Jason Gunthorpe
2025-05-30 8:33 ` Aneesh Kumar K.V
2025-05-30 18:18 ` Jason Gunthorpe
2025-05-31 16:25 ` Xu Yilun
2025-06-02 4:52 ` Alexey Kardashevskiy
2025-06-02 17:17 ` Xu Yilun
2025-06-04 1:47 ` Alexey Kardashevskiy
2025-06-04 5:02 ` Xu Yilun
2025-06-04 12:37 ` Jason Gunthorpe
2025-06-06 15:40 ` Xu Yilun
2025-06-06 16:34 ` Jason Gunthorpe
2025-06-09 4:47 ` Xu Yilun
2025-06-02 11:08 ` Aneesh Kumar K.V
2025-06-02 16:25 ` Xu Yilun
2025-06-02 16:48 ` Jason Gunthorpe
2025-06-03 4:05 ` Xu Yilun
2025-06-03 12:11 ` Jason Gunthorpe
2025-06-04 5:58 ` Xu Yilun
2025-06-04 12:36 ` Jason Gunthorpe
2025-06-05 3:05 ` Xu Yilun
2025-06-10 7:05 ` Alexey Kardashevskiy
2025-06-10 18:19 ` Jason Gunthorpe
2025-06-11 1:26 ` Alexey Kardashevskiy
2025-06-10 4:47 ` Alexey Kardashevskiy
2025-06-10 18:21 ` Jason Gunthorpe
2025-06-12 4:15 ` Xu Yilun
2025-06-03 5:00 ` Aneesh Kumar K.V
2025-06-03 10:50 ` Xu Yilun
2025-06-03 12:14 ` Jason Gunthorpe
2025-06-04 5:31 ` Xu Yilun
2025-06-04 12:31 ` Jason Gunthorpe
2025-06-05 3:25 ` Xu Yilun
2025-06-05 14:54 ` Jason Gunthorpe
2025-06-09 6:10 ` Xu Yilun
2025-06-09 16:42 ` Suzuki K Poulose
2025-06-09 18:07 ` Jason Gunthorpe
2025-06-10 7:31 ` Alexey Kardashevskiy
2025-06-12 5:44 ` Xu Yilun
2025-06-03 12:18 ` Jason Gunthorpe
2025-06-04 1:06 ` Dan Williams
2025-06-04 12:18 ` Jason Gunthorpe
2025-06-02 12:47 ` Jason Gunthorpe
2025-06-03 3:47 ` Xu Yilun
2025-06-03 12:08 ` Jason Gunthorpe
2025-06-04 6:39 ` Xu Yilun
2025-06-04 12:39 ` Jason Gunthorpe
2025-06-05 1:56 ` Xu Yilun
2025-07-15 10:29 ` Xu Yilun
2025-07-15 13:09 ` Jason Gunthorpe
2025-07-16 15:41 ` Xu Yilun
2025-07-16 16:31 ` Jason Gunthorpe
2025-07-17 8:28 ` Xu Yilun
2025-07-17 12:43 ` Jason Gunthorpe
2025-07-18 9:15 ` Xu Yilun
2025-07-18 12:26 ` Jason Gunthorpe
2025-07-20 2:37 ` Xu Yilun
2025-05-30 2:44 ` [PATCH v3 12/13] PCI/TSM: support TDI related operations for host TSM driver Alexey Kardashevskiy
2025-05-27 10:25 ` Suzuki K Poulose
2025-06-03 22:47 ` Dan Williams
2025-06-04 1:35 ` Alexey Kardashevskiy
2025-06-04 1:52 ` Dan Williams
2025-06-04 1:54 ` Dan Williams
2025-06-05 10:56 ` Alexey Kardashevskiy
2025-06-07 1:56 ` Dan Williams
2025-06-11 4:40 ` Alexey Kardashevskiy
2025-06-13 3:06 ` Dan Williams [this message]
2025-06-03 22:40 ` Dan Williams
2025-05-19 10:20 ` Alexey Kardashevskiy
2025-05-20 20:12 ` Dan Williams
2025-05-21 9:28 ` Xu Yilun
2025-05-26 8:08 ` Alexey Kardashevskiy
2025-05-29 14:20 ` Xu Yilun
2025-05-30 2:54 ` Alexey Kardashevskiy
2025-05-31 15:26 ` Xu Yilun
2025-06-02 4:51 ` Alexey Kardashevskiy
2025-06-02 18:51 ` Xu Yilun
2025-06-03 19:12 ` Dan Williams
2025-07-07 7:17 ` Aneesh Kumar K.V
2025-05-20 5:20 ` Aneesh Kumar K.V
2025-05-20 21:12 ` Dan Williams
2025-05-16 5:47 ` [PATCH v3 13/13] PCI/TSM: Add Guest TSM Support Dan Williams
2025-05-19 10:20 ` Alexey Kardashevskiy
2025-05-20 21:11 ` Dan Williams
2025-05-22 4:07 ` Alexey Kardashevskiy
2025-06-03 22:26 ` Dan Williams
2025-06-03 22:33 ` Jason Gunthorpe
2025-06-10 8:31 ` Alexey Kardashevskiy
2025-07-11 23:04 ` dan.j.williams
2025-05-20 9:25 ` Aneesh Kumar K.V
2025-05-20 21:27 ` Dan Williams
2025-05-20 11:00 ` Aneesh Kumar K.V
2025-05-20 21:31 ` Dan Williams
2025-06-03 19:07 ` Dan Williams
2025-05-21 15:03 ` Xu Yilun
2025-06-03 19:20 ` Dan Williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=684b95b6cfe92_2491100d4@dwillia2-xfh.jf.intel.com.notmuch \
--to=dan.j.williams@intel.com \
--cc=aik@amd.com \
--cc=aneesh.kumar@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=jgg@nvidia.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-pci@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=sameo@rivosinc.com \
--cc=suzuki.poulose@arm.com \
--cc=yilun.xu@linux.intel.com \
--cc=zhiw@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).