lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAMGD6P2ewVZyZU26QRbhjn1ZEMHGnFhgCHq9dZyWw91R9jixnw@mail.gmail.com>
Date: Thu, 27 Feb 2025 14:06:18 -0800
From: Jianxiong Gao <jxgao@...gle.com>
To: Cedric Xing <cedric.xing@...el.com>
Cc: Dan Williams <dan.j.williams@...el.com>, 
	"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>, Dave Hansen <dave.hansen@...ux.intel.com>, 
	Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, x86@...nel.org, 
	"H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org, linux-coco@...ts.linux.dev, 
	Dionna Amalie Glaze <dionnaglaze@...gle.com>, 
	James Bottomley <James.Bottomley@...senpartnership.com>, 
	Dan Middleton <dan.middleton@...ux.intel.com>, Mikko Ylinen <mikko.ylinen@...ux.intel.com>, 
	Sathyanarayanan Kuppuswamy <sathyanarayanan.kuppuswamy@...ux.intel.com>
Subject: Re: [PATCH v2 0/4] tsm: Unified Measurement Register ABI for TVMs

On Sun, Feb 23, 2025 at 7:23 PM Cedric Xing <cedric.xing@...el.com> wrote:
>
> NOTE: This patch series introduces the Measurement Register (MR) ABI, and
> is a continuation of the RFC series on the same topic [1].
>
> This patch series adds a unified interface to the TSM core, allowing TVM
> (TEE VM) guest drivers to expose measurement registers (MRs) as attributes
> (files) in sysfs. With this interface, applications can read and write
> (extend) MRs like regular files, enabling usages like configuration
> verification (e.g., verifying a TVM's configuration against digests stored
> in static/immutable MRs like MRCONFIGID on TDX or HOSTDATA on SEV) and
> runtime measurements (e.g., extending the measurement of a container image
> to an RTMR before running it).
>
> Patches included in this series:
>
> - Patch 1 adds TSM APIs for TVM guest drivers to register/expose MRs
>   through sysfs.
> - Patch 2 provides a sample module demonstrating the usage of the new TSM
>   APIs.
> - The remaining patches update the TDX guest driver to expose TDX MRs
>   through the new TSM APIs.
>
> [1]: https://lore.kernel.org/linux-coco/20241210-tsm-rtmr-v3-0-5997d4dbda73@intel.com/
>
> Signed-off-by: Cedric Xing <cedric.xing@...el.com>
> ---
> Changes in v2:
> - Added TSM_MR_MAXBANKS Kconfig option
> - Updated Kconfig dependency for TSM_REPORTS
> - Updated comments in include/linux/tsm.h
> - Updated drivers/virt/coco/tsm-mr.c to use `IS_BUILTIN()` for determining
>   if static buffer addresses can be converted to GPAs by `virt_to_phys()`
> - Renamed function `tdx_mcall_rtmr_extend()` -> `tdx_mcall_extend_rtmr()`
> - Link to v1: https://lore.kernel.org/r/20250212-tdx-rtmr-v1-0-9795dc49e132@intel.com
>
> ---
> Cedric Xing (4):
>       tsm: Add TVM Measurement Register support
>       tsm: Add TSM measurement sample code
>       x86/tdx: Add tdx_mcall_extend_rtmr() interface
>       x86/tdx: Expose TDX MRs through TSM sysfs interface
>
>  Documentation/ABI/testing/sysfs-kernel-tsm |  20 ++
>  MAINTAINERS                                |   3 +-
>  arch/x86/coco/tdx/tdx.c                    |  36 +++
>  arch/x86/include/asm/shared/tdx.h          |   1 +
>  arch/x86/include/asm/tdx.h                 |   2 +
>  drivers/virt/coco/Kconfig                  |  17 +-
>  drivers/virt/coco/Makefile                 |   2 +
>  drivers/virt/coco/tdx-guest/Kconfig        |  24 +-
>  drivers/virt/coco/tdx-guest/tdx-guest.c    | 115 +++++++++
>  drivers/virt/coco/{tsm.c => tsm-core.c}    |   6 +-
>  drivers/virt/coco/tsm-mr.c                 | 383 +++++++++++++++++++++++++++++
>  include/linux/tsm.h                        |  65 +++++
>  samples/Kconfig                            |  13 +
>  samples/Makefile                           |   1 +
>  samples/tsm/Makefile                       |   2 +
>  samples/tsm/tsm_mr_sample.c                | 107 ++++++++
>  16 files changed, 789 insertions(+), 8 deletions(-)
> ---
> base-commit: d082ecbc71e9e0bf49883ee4afd435a77a5101b6
> change-id: 20250209-tdx-rtmr-255479667146
>
> Best regards,
> --
> Cedric Xing <cedric.xing@...el.com>
>
>
Tested-by: Jianxiong Gao <jxgao@...gle.com>
I have verified that the patchset works on Google Cloud.

-- 
Jianxiong Gao

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ