| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 May 2024 14:03:21 -0500
From: Tom Lendacky <thomas.lendacky@....com>
To: Borislav Petkov <bp@...en8.de>
Cc: linux-kernel@...r.kernel.org, x86@...nel.org, linux-coco@...ts.linux.dev,
svsm-devel@...onut-svsm.dev, Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Dave Hansen <dave.hansen@...ux.intel.com>,
"H. Peter Anvin" <hpa@...or.com>, Andy Lutomirski <luto@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Dan Williams <dan.j.williams@...el.com>, Michael Roth
<michael.roth@....com>, Ashish Kalra <ashish.kalra@....com>
Subject: Re: [PATCH v4 14/15] x86/sev: Extend the config-fs attestation
support for an SVSM
On 5/31/24 08:16, Borislav Petkov wrote:
> On Wed, Apr 24, 2024 at 10:58:10AM -0500, Tom Lendacky wrote:
>> +/*
>> + * The SVSM Attestation related structures
>> + */
>> +struct svsm_location_entry {
>
> "svsm_loc" should be enough.
Ok
>
>> + u64 pa;
>> + u32 len;
>> + u8 rsvd[4];
>> +};
>> +
>> +struct svsm_attestation_call {
>
> Can we shorten all "attestion" to "atst" or "attest"?
Will shorten to attest.
>
>> + struct svsm_location_entry report_buffer;
>> + struct svsm_location_entry nonce;
>> + struct svsm_location_entry manifest_buffer;
>> + struct svsm_location_entry certificates_buffer;
>
> report_buf;
> nonce;
> manifest_buf;
> certs_buf;
>
> Please shorten all those.
Ok.
>
>> + /* For attesting a single service */
>> + u8 service_guid[16];
>> + u32 service_manifest_version;
>
> manifest_ver;
Yep.
>
>> + u8 rsvd[4];
>> +};
>> +
>> /*
>> * SVSM protocol structure
>
> ...
>
>> +static void update_attestation_input(struct svsm_call *call, struct svsm_attestation_call *input)
>> +{
>> + /* If (new) lengths have been returned, propograte them up */
>
> "propagate"
Fixed.
>
>> + if (call->rcx_out != call->rcx)
>> + input->manifest_buffer.len = call->rcx_out;
>> +
>> + if (call->rdx_out != call->rdx)
>> + input->certificates_buffer.len = call->rdx_out;
>> +
>> + if (call->r8_out != call->r8)
>> + input->report_buffer.len = call->r8_out;
>> +}
>> +
>> +int snp_issue_svsm_attestation_request(u64 call_id, struct svsm_attestation_call *input)
>
> This looks like BIOS code. The only thing that's missing is the
> CamelCase. :-)
>
> int snp_issue_svsm_attest_req(u64 call_id, struct svsm_attest_call *input_call)
>
> Now that's more like it!
Ok.
>
>> +{
>> + struct svsm_attestation_call *attest_call;
>
> struct svsm_attest_call *atst_call;
Ok, I'll use 'ac'
>
>> + struct svsm_call call = {};
>> + unsigned long flags;
>> + u64 attest_call_pa;
>> + int ret;
>> +
>> + if (!vmpl)
>> + return -EINVAL;
>> +
>
> ...
>
>> +static int sev_svsm_report_new(struct tsm_report *report, void *data)
>> +{
>> + unsigned int report_len, manifest_len, certificates_len;
>> + void *report_blob, *manifest_blob, *certificates_blob;
>
> Prose. Shorter pls.
Ok.
Thanks,
Tom
>
>> + struct svsm_attestation_call attest_call = {};
>> + struct tsm_desc *desc = &report->desc;
>> + unsigned int retry_count;
>> + unsigned int size;
>> + bool try_again;
>> + void *buffer;
>> + u64 call_id;
>> + int ret;
>
> ...
>
Powered by blists - more mailing lists