| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <169057265210.180586.7950140104251236598.stgit@dwillia2-xfh.jf.intel.com>
Date: Fri, 28 Jul 2023 12:30:52 -0700
From: Dan Williams <dan.j.williams@...el.com>
To: dhowells@...hat.com
Cc: Brijesh Singh <brijesh.singh@....com>,
Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@...ux.intel.com>,
Peter Zijlstra <peterz@...radead.org>,
Tom Lendacky <thomas.lendacky@....com>,
Dionna Amalie Glaze <dionnaglaze@...gle.com>,
Borislav Petkov <bp@...en8.de>,
Jarkko Sakkinen <jarkko@...nel.org>,
Samuel Ortiz <sameo@...osinc.com>,
Dionna Glaze <dionnaglaze@...gle.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Andrew Morton <akpm@...ux-foundation.org>,
linux-coco@...ts.linux.dev, keyrings@...r.kernel.org,
x86@...nel.org, linux-kernel@...r.kernel.org
Subject: [PATCH 0/4] keys: Introduce a keys frontend for attestation reports
The bulk of the justification for this patch kit is in "[PATCH 1/4]
keys: Introduce tsm keys". The short summary is that the current
approach of adding new char devs and new ioctls, for what amounts to the
same functionality with minor formatting differences across vendors, is
untenable. Common concepts and the community benefit from common
infrastructure.
Use Keys to build common infrastructure for confidential computing
attestation report blobs, convert sevguest to use it (leaving the
deprecation question alone for now), and pave the way for tdx-guest and
the eventual risc-v equivalent to use it in lieu of new ioctls.
The sevguest conversion is only compile-tested.
This submission is To:David since he needs to sign-off on the idea of a
new Keys type, the rest is up to the confidential-computing driver
maintainers to adopt.
Changes from / credit for internal review:
- highlight copy_{to,from}_sockptr() as a common way to mix
copy_user() and memcpy() paths (Andy)
- add MODULE_DESCRIPTION() (Andy)
- clarify how the user-defined portion blob might be used (Elena)
- clarify the key instantiation options (Sathya)
- drop usage of a list for registering providers (Sathya)
- drop list.h include from tsm.h (Andy)
- add a comment for how TSM_DATA_MAX was derived (Andy)
- stop open coding kmemdup_nul() (Andy)
- add types.h to tsm.h (Andy)
- fix punctuation in comment (Andy)
- reorder security/keys/Makefile (Andy)
- add some missing includes to tsm.c (Andy)
- undo an 81 column clang-format line break (Andy)
- manually reflow tsm_token indentation (Andy)
- move allocations after input validation in tsm_instantiate() (Andy)
- switch to bin2hex() in tsm_read() (Andy)
- move init/exit declarations next to their functions (Andy)
---
Dan Williams (4):
keys: Introduce tsm keys
virt: sevguest: Prep for kernel internal {get,get_ext}_report()
mm/slab: Add __free() support for kvfree
virt: sevguest: Add TSM key support for SNP_{GET,GET_EXT}_REPORT
drivers/virt/coco/sev-guest/Kconfig | 2
drivers/virt/coco/sev-guest/sev-guest.c | 135 ++++++++++++++-
include/keys/tsm.h | 71 ++++++++
include/linux/slab.h | 2
security/keys/Kconfig | 12 +
security/keys/Makefile | 1
security/keys/tsm.c | 282 +++++++++++++++++++++++++++++++
7 files changed, 494 insertions(+), 11 deletions(-)
create mode 100644 include/keys/tsm.h
create mode 100644 security/keys/tsm.c
base-commit: 06c2afb862f9da8dc5efa4b6076a0e48c3fbaaa5
Powered by blists - more mailing lists