From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F37E3C00140 for ; Wed, 24 Aug 2022 17:10:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239897AbiHXRKg (ORCPT ); Wed, 24 Aug 2022 13:10:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41734 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238177AbiHXRKV (ORCPT ); Wed, 24 Aug 2022 13:10:21 -0400 Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 399A76EF02 for ; Wed, 24 Aug 2022 10:10:19 -0700 (PDT) Received: from zn.tnic (p200300ea971b9859329c23fffea6a903.dip0.t-ipconnect.de [IPv6:2003:ea:971b:9859:329c:23ff:fea6:a903]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 713C21EC0589; Wed, 24 Aug 2022 19:10:14 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1661361014; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=uGkGQRvpWdC5b+qAsVTNWX4lG8tnFLromneBNpYOMJ4=; b=qWNv6vnKZ0BLkAcUWnMCnUvorYsKGcpsuMn8NZwvulUrKCBM06PbQgYUlPxBjEEBtQeJxT XjizTj8L+ZRsZTvQPOlIPtexL/UUjNk7ZBZxBBQalr8waU9QsrQ0syyDbDTXl16GkVo8gK 63m8nsy6haLaYKKeT+sfpOL2O1fk5Qs= Date: Wed, 24 Aug 2022 19:10:10 +0200 From: Borislav Petkov To: Kuppuswamy Sathyanarayanan Cc: Thomas Gleixner , Ingo Molnar , Dave Hansen , x86@kernel.org, "H . Peter Anvin" , "Kirill A . Shutemov" , Tony Luck , Andi Kleen , Kai Huang , Wander Lairson Costa , Isaku Yamahata , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH v10 1/2] x86/tdx: Add TDX Guest attestation interface driver Message-ID: References: <20220804003323.1441376-1-sathyanarayanan.kuppuswamy@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20220804003323.1441376-1-sathyanarayanan.kuppuswamy@linux.intel.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 03, 2022 at 05:33:22PM -0700, Kuppuswamy Sathyanarayanan wrote: > In TDX guest, attestation is used to verify the trustworthiness of a TD > to other entities before provisioning secrets to the TD. Such attestation > process is required by 3rd party servers before sending sensitive > information to TD guests. One usage example is to get encryption keys > from the key server for mounting the encrypted rootfs or secondary drive. Just a reminder to fix this up wrt TDX and TD. I know Intel documentation wants to talk about trust domains and the guest being one but then if you wanna formulate it that way, you need to define the nomenclature you're using and then stick with it. Otherwise, confusion. Example: "In TDX guest, ... Such attestation... before sending information to TD guests." And here I go: What, there's a TDX guest and TD guest? Just simplify it. I'll review our v11 properly after you've addressed comments from v9 too. Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette