From: Sathyanarayanan Kuppuswamy <sathyanarayanan.kuppuswamy@linux.intel.com>
To: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org
Cc: "H . Peter Anvin" <hpa@zytor.com>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
Tony Luck <tony.luck@intel.com>, Andi Kleen <ak@linux.intel.com>,
Kai Huang <kai.huang@intel.com>,
Wander Lairson Costa <wander@redhat.com>,
Isaku Yamahata <isaku.yamahata@gmail.com>,
marcelo.cerri@canonical.com, tim.gardner@canonical.com,
khalid.elmously@canonical.com, philip.cox@canonical.com,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v7 0/5] Add TDX Guest Attestation support
Date: Sun, 19 Jun 2022 17:36:37 -0700 [thread overview]
Message-ID: <d0931a48-ac87-c83e-1241-64819b87cf3c@linux.intel.com> (raw)
In-Reply-To: <20220524040517.703581-1-sathyanarayanan.kuppuswamy@linux.intel.com>
Hi Dave/Boris/Thomas,
On 5/23/22 9:05 PM, Kuppuswamy Sathyanarayanan wrote:
> Hi All,
Gentle ping!
Can you please let me know your comments on this patch set? This series
is so far reviewed by Kai, Wander, and Isaku. I have addressed all the
comments raised by them. So to progress further, your comments would be
appreciated.
>
> Intel's Trust Domain Extensions (TDX) protect guest VMs from malicious
> hosts and some physical attacks. VM guest with TDX support is called
> as TD Guest.
>
> In TD Guest, the attestation process is used to verify the
> trustworthiness of TD guest to the 3rd party servers. Such attestation
> process is required by 3rd party servers before sending sensitive
> information to TD guests. One usage example is to get encryption keys
> from the key server for mounting the encrypted rootfs or secondary drive.
>
> Following patches add the attestation support to TDX guest which
> includes attestation user interface driver and related hypercall support.
>
> Any distribution enabling TDX is also expected to need attestation. So
> enable it by default with TDX guest support. The compiled size is
> quite small (~500 bytes).
>
> Changes since v6:
> * Fixed race between wait_for_completion_*() and
> quote_callback_handler() in tdx_get_quote() when user terminates the
> request.
> * Fixed commit log and comments.
>
> Changes since v5:
> * Added support for parallel GetQuote requests.
> * Add noalias variants of set_memory_*crypted() functions to
> changes page attribute without touching direct map.
> * Made set_memory_*crypted() functions vmalloc address compatible.
> * Use vmap()/set_memory_*crypted() functions to share/unshare
> memory without touching the direct map.
> * Add support to let driver handle the memory cleanup for the
> early termination of user requests.
> * Removed unused headers in attest.c
> * Fixed commit log and comments as per review comments.
>
> Changes since v4:
> * Removed platform driver model in attestation driver and used
> miscdevice and initcall approach.
> * Since dma_alloc*() APIs require a valid device reference,
> replaced it with __get_free_pages() and set_memory_decrypted()
> for quote memory allocation.
> * Removed tdx_mcall_tdreport() and moved TDG.MR.REPORT TDCALL code
> to tdx_get_report().
> * Used kmalloc() for TDREPORT memory allocation instead of
> get_zeroed_page().
> * Returned -EINVAL in default case of tdx_attest_ioctl().
> * Added struct tdx_report_req to explicitly mention the
> TDX_CMD_GET_REPORT IOCTL argument.
> * Removed tdx_get_quote_hypercall() and moved hypercall code to
> attestation driver itself.
> * Removed GetQuote timeout support (since it is not defined in
> spec)
> * Added support to check for spurious callback interrupt in GetQuote
> request.
> * Fixed commit log and comments as per review suggestions.
>
>
> Changes since v3:
> * Moved the attestation driver from platform/x86 to arch/x86/coco/tdx/ and
> renamed intel_tdx_attest.c to attest.c.
> * Dropped CONFIG_INTEL_TDX_ATTESTATION and added support to compile
> attestation changes with CONFIG_INTEL_TDX_GUEST option.
> * Merged patch titled "x86/tdx: Add tdx_mcall_tdreport() API support" and
> "platform/x86: intel_tdx_attest: Add TDX Guest attestation interface" into
> a single patch.
> * Moved GetQuote IOCTL support changes from patch titled "platform/x86:
> intel_tdx_attest: Add TDX Guest attestation interface driver" to a
> separate patch.
> * Removed 8K size restriction when requesting quote, and added support
> to let userspace decide the quote size.
> * Added support to allow attestation agent configure quote generation
> timeout value.
> * Fixed commit log and comments as per review comments.
>
> Changes since v2:
> * As per Han's suggestion, modified the attestation driver to use
> platform device driver model.
> * Modified tdx_hcall_get_quote() and tdx_mcall_tdreport() APIs to
> return TDCALL error code instead of generic error info (like -EIO).
> * Removed attestation test app patch from this series to simplify
> the patchset and review process. Test app patches will be submitted
> once attestation support patches are merged.
> * Since patches titled "x86/tdx: Add SetupEventNotifyInterrupt TDX
> hypercall support" and "x86/tdx: Add TDX Guest event notify
> interrupt vector support" are related, combining them into a
> single patch.
>
> Changes since v1:
> * Moved test driver from "tools/tdx/attest/tdx-attest-test.c" to
> "tools/arch/x86/tdx/attest/tdx-attest-test.c" as per Hans review
> suggestion.
> * Minor commit log and comment fixes in patches titled
> "x86/tdx: Add tdx_mcall_tdreport() API support" and "x86/tdx:
> Add tdx_hcall_get_quote() API support"
> * Extended tdx_hcall_get_quote() API to accept GPA length as argument
> to accomodate latest TDQUOTE TDVMCALL related specification update.
> * Added support for tdx_setup_ev_notify_handler() and
> tdx_remove_ev_notify_handler() in patch titled "x86/tdx: Add TDX
> Guest event notify interrupt vector support"
>
>
> Kuppuswamy Sathyanarayanan (5):
> x86/tdx: Add TDX Guest attestation interface driver
> x86/tdx: Add TDX Guest event notify interrupt support
> x86/mm: Make tdx_enc_status_changed() vmalloc address compatible
> x86/mm: Add noalias variants of set_memory_*crypted() functions
> x86/tdx: Add Quote generation support
>
> arch/x86/coco/tdx/Makefile | 2 +-
> arch/x86/coco/tdx/attest.c | 432 +++++++++++++++++++++++++++++
> arch/x86/coco/tdx/tdx.c | 84 +++++-
> arch/x86/include/asm/hardirq.h | 3 +
> arch/x86/include/asm/idtentry.h | 4 +
> arch/x86/include/asm/irq_vectors.h | 7 +-
> arch/x86/include/asm/set_memory.h | 2 +
> arch/x86/include/asm/tdx.h | 4 +
> arch/x86/include/uapi/asm/tdx.h | 87 ++++++
> arch/x86/kernel/irq.c | 7 +
> arch/x86/mm/pat/set_memory.c | 26 +-
> 11 files changed, 648 insertions(+), 10 deletions(-)
> create mode 100644 arch/x86/coco/tdx/attest.c
> create mode 100644 arch/x86/include/uapi/asm/tdx.h
>
--
Sathyanarayanan Kuppuswamy
Linux Kernel Developer
next prev parent reply other threads:[~2022-06-20 0:36 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-24 4:05 [PATCH v7 0/5] Add TDX Guest Attestation support Kuppuswamy Sathyanarayanan
2022-05-24 4:05 ` [PATCH v7 1/5] x86/tdx: Add TDX Guest attestation interface driver Kuppuswamy Sathyanarayanan
2022-05-26 14:37 ` Wander Lairson Costa
2022-05-27 11:45 ` Kai Huang
2022-05-24 4:05 ` [PATCH v7 2/5] x86/tdx: Add TDX Guest event notify interrupt support Kuppuswamy Sathyanarayanan
2022-05-24 6:40 ` Kai Huang
2022-05-25 15:40 ` Sathyanarayanan Kuppuswamy
2022-05-26 13:48 ` Wander Lairson Costa
2022-05-26 14:45 ` Sathyanarayanan Kuppuswamy
2022-05-24 4:05 ` [PATCH v7 3/5] x86/mm: Make tdx_enc_status_changed() vmalloc address compatible Kuppuswamy Sathyanarayanan
2022-05-26 14:38 ` Wander Lairson Costa
2022-05-30 10:47 ` Kai Huang
2022-05-30 19:54 ` Sathyanarayanan Kuppuswamy
2022-05-24 4:05 ` [PATCH v7 4/5] x86/mm: Add noalias variants of set_memory_*crypted() functions Kuppuswamy Sathyanarayanan
2022-05-26 14:38 ` Wander Lairson Costa
2022-05-24 4:05 ` [PATCH v7 5/5] x86/tdx: Add Quote generation support Kuppuswamy Sathyanarayanan
2022-05-26 15:37 ` Wander Lairson Costa
2022-06-03 17:15 ` Sathyanarayanan Kuppuswamy
2022-06-20 0:36 ` Sathyanarayanan Kuppuswamy [this message]
2022-06-20 12:46 ` [PATCH v7 0/5] Add TDX Guest Attestation support Kai Huang
2022-06-20 14:37 ` Sathyanarayanan Kuppuswamy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d0931a48-ac87-c83e-1241-64819b87cf3c@linux.intel.com \
--to=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=ak@linux.intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=isaku.yamahata@gmail.com \
--cc=kai.huang@intel.com \
--cc=khalid.elmously@canonical.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=marcelo.cerri@canonical.com \
--cc=mingo@redhat.com \
--cc=philip.cox@canonical.com \
--cc=tglx@linutronix.de \
--cc=tim.gardner@canonical.com \
--cc=tony.luck@intel.com \
--cc=wander@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox