From: Alexander Graf <graf@amazon.com>
To: <linux-kernel@vger.kernel.org>
Cc: <linux-crypto@vger.kernel.org>, Arnd Bergmann <arnd@arndb.de>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Olivia Mackall <olivia@selenic.com>,
"Petre Eftime" <petre.eftime@gmail.com>,
Erdem Meydanlli <meydanli@amazon.nl>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
David Woodhouse <dwmw@amazon.co.uk>,
"Michael S . Tsirkin" <mst@redhat.com>,
Jason Wang <jasowang@redhat.com>,
Xuan Zhuo <xuanzhuo@linux.alibaba.com>,
Kyunghwan Kwon <k@mononn.com>
Subject: [PATCH v4 0/2] Add Nitro Secure Module support
Date: Mon, 9 Oct 2023 21:20:51 +0000 [thread overview]
Message-ID: <20231009212053.2007-1-graf@amazon.com> (raw)
Nitro Enclaves run Linux inside as well as outside the Enclave. Outside
the Enclave, we already have the nitro_enclaves driver in upstream Linux
which controls a Nitro Enclave's lifecycle.
Inside the Enclave, the environment looks like a typical Firecracker
microvm. In addition to standard virtio devices, an Enclave also has an
additional "Nitro Secure Module" (NSM) virtio device which so far was
missing an upstream Linux driver. The NSM provides access to PCRs, an
attestation document as well as entropy.
To support the NSM communication protocol, Linux needs to learn to
generate and parse the Concise Binary Object Representation (CBOR)
format. The first patch adds support for a CBOR library. The second adds
the actual NSM driver.
With these patches in place, upstream Linux has everything that's needed
to run inside a Nitro Enclave.
Alex
v1 -> v2:
- Remove boilerplate
- Add uapi header
v2 -> v3:
- Move globals to device struct
- Add compat handling
- Simplify some naming
- Remove debug prints
- Use module_virtio_driver
- Ensure remove only happens on target device
- Drop use of uio.h
v3 -> v4:
- Add CBOR library
- Merge hwrng into the misc driver
- Add dependency on CBOR library
- Add internal and ioctl logic for all current NSM actions
- Use in-struct arrays instead of kvecs
- Add sysfs entries for NSM metadata
- Use dev_ print and devm_ allocation helpers
Alexander Graf (2):
Import CBOR library
misc: Add Nitro Secure Module driver
MAINTAINERS | 17 +
drivers/misc/Kconfig | 13 +
drivers/misc/Makefile | 1 +
drivers/misc/nsm.c | 1466 ++++++++++++++++++++++++++++++++++
include/linux/cbor/base.h | 94 +++
include/linux/cbor/cbor.h | 22 +
include/linux/cbor/decoder.h | 42 +
include/linux/cbor/encoder.h | 48 ++
include/linux/cbor/helper.h | 41 +
include/linux/cbor/ieee754.h | 52 ++
include/linux/cbor/parser.h | 32 +
include/uapi/linux/nsm.h | 188 +++++
lib/Kconfig | 3 +
lib/Makefile | 2 +
lib/cbor/Makefile | 12 +
lib/cbor/common.c | 105 +++
lib/cbor/decoder.c | 170 ++++
lib/cbor/encoder.c | 218 +++++
lib/cbor/helper.c | 175 ++++
lib/cbor/ieee754.c | 205 +++++
lib/cbor/parser.c | 243 ++++++
21 files changed, 3149 insertions(+)
create mode 100644 drivers/misc/nsm.c
create mode 100644 include/linux/cbor/base.h
create mode 100644 include/linux/cbor/cbor.h
create mode 100644 include/linux/cbor/decoder.h
create mode 100644 include/linux/cbor/encoder.h
create mode 100644 include/linux/cbor/helper.h
create mode 100644 include/linux/cbor/ieee754.h
create mode 100644 include/linux/cbor/parser.h
create mode 100644 include/uapi/linux/nsm.h
create mode 100644 lib/cbor/Makefile
create mode 100644 lib/cbor/common.c
create mode 100644 lib/cbor/decoder.c
create mode 100644 lib/cbor/encoder.c
create mode 100644 lib/cbor/helper.c
create mode 100644 lib/cbor/ieee754.c
create mode 100644 lib/cbor/parser.c
--
2.40.1
Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879
next reply other threads:[~2023-10-09 21:22 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-09 21:20 Alexander Graf [this message]
2023-10-09 21:20 ` [PATCH v4 1/2] Import CBOR library Alexander Graf
2023-10-10 6:13 ` Greg Kroah-Hartman
2023-10-10 7:55 ` Alexander Graf
2023-10-10 8:03 ` Greg Kroah-Hartman
2023-10-10 8:08 ` Alexander Graf
2023-10-10 8:27 ` Greg Kroah-Hartman
2023-10-11 12:24 ` Arnd Bergmann
2023-10-11 17:46 ` Greg Kroah-Hartman
2023-10-11 19:01 ` Alexander Graf
2023-10-11 20:48 ` Petre Eftime
2023-10-11 20:56 ` Greg Kroah-Hartman
2023-10-09 21:20 ` [PATCH v4 2/2] misc: Add Nitro Secure Module driver Alexander Graf
2023-10-10 6:15 ` Greg Kroah-Hartman
2023-10-13 15:43 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231009212053.2007-1-graf@amazon.com \
--to=graf@amazon.com \
--cc=arnd@arndb.de \
--cc=benh@kernel.crashing.org \
--cc=dwmw@amazon.co.uk \
--cc=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=jasowang@redhat.com \
--cc=k@mononn.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=meydanli@amazon.nl \
--cc=mst@redhat.com \
--cc=olivia@selenic.com \
--cc=petre.eftime@gmail.com \
--cc=xuanzhuo@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox