From: <dan.j.williams@intel.com>
To: Aneesh Kumar K.V <aneesh.kumar@kernel.org>,
Dan Williams <dan.j.williams@intel.com>,
<linux-coco@lists.linux.dev>, <linux-pci@vger.kernel.org>
Cc: <gregkh@linuxfoundation.org>, <bhelgaas@google.com>,
<yilun.xu@linux.intel.com>, <aik@amd.com>
Subject: Re: [PATCH 2/7] PCI/TSM: Add pci_tsm_guest_req() for managing TDIs
Date: Thu, 28 Aug 2025 15:14:06 -0700 [thread overview]
Message-ID: <68b0d4aea5bcb_75db100ea@dwillia2-mobl4.notmuch> (raw)
In-Reply-To: <yq5awm6nppj0.fsf@kernel.org>
Aneesh Kumar K.V wrote:
> Dan Williams <dan.j.williams@intel.com> writes:
>
> > +/**
> > + * enum pci_tsm_req_scope - Scope of guest requests to be validated by TSM
> > + *
> > + * Guest requests are a transport for a TVM to communicate with a TSM + DSM for
> > + * a given TDI. A TSM driver is responsible for maintaining the kernel security
> > + * model and limit commands that may affect the host, or are otherwise outside
> > + * the typical TDISP operational model.
> > + */
> > +enum pci_tsm_req_scope {
> > + /**
> > + * @PCI_TSM_REQ_INFO: Read-only, without side effects, request for
> > + * typical TDISP collateral information like Device Interface Reports.
> > + * No device secrets are permitted, and no device state is changed.
> > + */
> > + PCI_TSM_REQ_INFO = 0,
> > + /**
> > + * @PCI_TSM_REQ_STATE_CHANGE: Request to change the TDISP state from
> > + * UNLOCKED->LOCKED, LOCKED->RUN. No any other device state,
> > + * configuration, or data change is permitted.
> > + */
> > + PCI_TSM_REQ_STATE_CHANGE = 1,
> > + /**
> > + * @PCI_TSM_REQ_DEBUG_READ: Read-only request for debug information
> > + *
> > + * A method to facilitate TVM information retrieval outside of typical
> > + * TDISP operational requirements. No device secrets are permitted.
> > + */
> > + PCI_TSM_REQ_DEBUG_READ = 2,
> > + /**
> > + * @PCI_TSM_REQ_DEBUG_WRITE: Device state changes for debug purposes
> > + *
> > + * The request may affect the operational state of the device outside of
> > + * the TDISP operational model. If allowed, requires CAP_SYS_RAW_IO, and
> > + * will taint the kernel.
> > + */
> > + PCI_TSM_REQ_DEBUG_WRITE = 3,
> > +};
> > +
>
> Will all architectures need to support all the above pci_tsm_req_scope
> values?
Are you confusing this new "enum pci_tsm_req_scope" proposal with the
previous "struct pci_tsm_guest_req_info" proposal.
>
> For example, on ARM, I’ve implemented a simpler approach [1] by using an
> architecture-specific pci_tsm_req_scope / type. This simplifies
> the implementation, as I can access `info->req` and `info->resp`
> directly within the same callback, without needing an additional
> structure to carry arch-specific request types like
> `ARM_CCA_DA_OBJECT_SIZE` or `ARM_CCA_DA_OBJECT_READ`.
So both of those are both PCI_TSM_REQ_INFO scope.
The observation is that Linux already has an opaque blob passing
mechanism wrapped by a security model, fwctl. The proposal is just
reuse those mechanics, skip a wrapper struct for the arguments, and let
the low level handler be responsible for response buffer allocation.
next prev parent reply other threads:[~2025-08-28 22:14 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-27 3:52 [PATCH 0/7] PCI/TSM: TEE I/O infrastructure Dan Williams
2025-08-27 3:52 ` [PATCH 1/7] PCI/TSM: Add pci_tsm_{bind,unbind}() methods for instantiating TDIs Dan Williams
2025-09-02 0:12 ` Alexey Kardashevskiy
2025-09-02 15:04 ` Aneesh Kumar K.V
2025-09-02 15:05 ` Aneesh Kumar K.V
2025-09-03 15:17 ` Aneesh Kumar K.V
2025-09-04 10:38 ` Alexey Kardashevskiy
2025-09-04 12:56 ` Aneesh Kumar K.V
2025-09-05 2:32 ` Alexey Kardashevskiy
2025-08-27 3:52 ` [PATCH 2/7] PCI/TSM: Add pci_tsm_guest_req() for managing TDIs Dan Williams
2025-08-28 9:53 ` Alexey Kardashevskiy
2025-08-28 22:07 ` dan.j.williams
2025-08-29 2:21 ` Alexey Kardashevskiy
2025-08-30 2:37 ` dan.j.williams
2025-09-01 23:49 ` Alexey Kardashevskiy
2025-08-28 13:02 ` Aneesh Kumar K.V
2025-08-28 22:14 ` dan.j.williams [this message]
2025-08-27 3:52 ` [PATCH 3/7] device core: Introduce confidential device acceptance Dan Williams
2025-08-27 6:14 ` Greg KH
2025-08-28 20:07 ` dan.j.williams
2025-08-27 3:52 ` [PATCH 4/7] x86/ioremap, resource: Introduce IORES_DESC_ENCRYPTED for encrypted PCI MMIO Dan Williams
2025-08-27 3:52 ` [PATCH 5/7] PCI/TSM: Add Device Security (TVM Guest) operations support Dan Williams
2025-09-03 15:22 ` Aneesh Kumar K.V
2025-09-04 15:02 ` Aneesh Kumar K.V
2025-08-27 3:52 ` [PATCH 6/7] samples/devsec: Introduce a "Device Security TSM" sample driver Dan Williams
2025-08-27 12:39 ` Jason Gunthorpe
2025-08-27 23:47 ` Alexey Kardashevskiy
2025-08-28 21:38 ` dan.j.williams
2025-08-29 16:02 ` Jason Gunthorpe
2025-08-29 20:00 ` dan.j.williams
2025-08-29 23:34 ` Jason Gunthorpe
2025-08-27 3:52 ` [PATCH 7/7] tools/testing/devsec: Add a script to exercise samples/devsec/ Dan Williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=68b0d4aea5bcb_75db100ea@dwillia2-mobl4.notmuch \
--to=dan.j.williams@intel.com \
--cc=aik@amd.com \
--cc=aneesh.kumar@kernel.org \
--cc=bhelgaas@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-pci@vger.kernel.org \
--cc=yilun.xu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).