| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <683902e2e98df_218f10017@dwillia2-mobl4.notmuch>
Date: Thu, 29 May 2025 17:59:14 -0700
From: <dan.j.williams@...el.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
CC: <linux-coco@...ts.linux.dev>, <linux-kernel@...r.kernel.org>
Subject: [GIT PULL] Trusted Security Manager (TSM) updates for 6.16
Hi Linus, please pull from:
git://git.kernel.org/pub/scm/linux/kernel/git/devsec/tsm tags/tsm-for-6.16
...to receive shared infrastructure updates for confidential computing.
The last time you pulled from tsm.git was back in v6.7 for the
configfs-tsm-report mechanism (5e2cb28dd7e1 ("Merge tag
'tsm-for-6.7'...")). The tree has now moved to a shared devsec/tsm.git
repo. Going forward additional shared infrastructure is anticipated for
the assignment of PCI devices to confidential guests, "PCI Device
Security (devsec)".
This has all appeared in linux-next for a couple weeks and identified
some issues in my merge commit over the rename. All resolved now, with
no new reports to my knowledge.
---
The following changes since commit 92a09c47464d040866cf2b4cd052bc60555185fb:
Linux 6.15-rc5 (2025-05-04 13:55:04 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/devsec/tsm tags/tsm-for-6.16
for you to fetch changes up to 9d948b8804096d940022b1a3c483a5beb8b46574:
Merge branch 'for-6.16/tsm-mr' into tsm-next (2025-05-13 11:28:25 -0700)
----------------------------------------------------------------
tsm for 6.16
- Add a general sysfs scheme for publishing "Measurement" values
provided by the architecture's TEE Security Manager. Use it to publish
TDX "Runtime Measurement Registers" ("RTMRs") that either maintain a
hash of stored values (similar to a TPM PCR) or provide statically
provisioned data. These measurements are validated by a relying party.
- Reorganize the drivers/virt/coco/ directory for "host" and "guest"
shared infrastructure.
- Fix a configfs-tsm-report unregister bug
- With CONFIG_TSM_MEASUREMENTS joining CONFIG_TSM_REPORTS and in
anticipation of more shared "TSM" infrastructure arriving, rename the
maintainer entry to "TRUSTED SECURITY MODULE (TSM) INFRASTRUCTURE".
----------------------------------------------------------------
Cedric Xing (9):
tsm-mr: Add TVM Measurement Register support
tsm-mr: Add tsm-mr sample code
x86/tdx: Add tdx_mcall_extend_rtmr() interface
x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error
virt: tdx-guest: Expose TDX MRs as sysfs attributes
virt: tdx-guest: Refactor and streamline TDREPORT generation
virt: tdx-guest: Transition to scoped_cond_guard for mutex operations
sample/tsm-mr: Fix missing static for sample_report
tsm-mr: Fix init breakage after bin_attrs constification by scoping non-const pointers to init phase
Dan Williams (6):
configfs-tsm: Namespace TSM report symbols
coco/guest: Move shared guest CC infrastructure to drivers/virt/coco/guest/
configfs-tsm-report: Fix NULL dereference of tsm_ops
Merge branch 'for-6.16/tsm' into tsm-next
Merge branch 'for-6.16/tsm-mr' into tsm-next
Merge branch 'for-6.16/tsm-mr' into tsm-next
.../testing/{configfs-tsm => configfs-tsm-report} | 0
.../testing/sysfs-devices-virtual-misc-tdx_guest | 63 +++++
Documentation/driver-api/coco/index.rst | 12 +
.../driver-api/coco/measurement-registers.rst | 12 +
Documentation/driver-api/index.rst | 1 +
MAINTAINERS | 11 +-
arch/x86/coco/tdx/tdx.c | 50 +++-
arch/x86/include/asm/shared/tdx.h | 1 +
arch/x86/include/asm/tdx.h | 2 +
drivers/virt/coco/Kconfig | 6 +-
drivers/virt/coco/Makefile | 2 +-
drivers/virt/coco/arm-cca-guest/arm-cca-guest.c | 8 +-
drivers/virt/coco/guest/Kconfig | 17 ++
drivers/virt/coco/guest/Makefile | 4 +
drivers/virt/coco/{tsm.c => guest/report.c} | 63 +++--
drivers/virt/coco/guest/tsm-mr.c | 251 ++++++++++++++++++++
drivers/virt/coco/sev-guest/sev-guest.c | 12 +-
drivers/virt/coco/tdx-guest/Kconfig | 1 +
drivers/virt/coco/tdx-guest/tdx-guest.c | 259 ++++++++++++++-------
include/linux/tsm-mr.h | 89 +++++++
include/linux/tsm.h | 22 +-
include/trace/events/tsm_mr.h | 80 +++++++
samples/Kconfig | 11 +
samples/Makefile | 1 +
samples/tsm-mr/Makefile | 2 +
samples/tsm-mr/tsm_mr_sample.c | 131 +++++++++++
26 files changed, 974 insertions(+), 137 deletions(-)
rename Documentation/ABI/testing/{configfs-tsm => configfs-tsm-report} (100%)
create mode 100644 Documentation/ABI/testing/sysfs-devices-virtual-misc-tdx_guest
create mode 100644 Documentation/driver-api/coco/index.rst
create mode 100644 Documentation/driver-api/coco/measurement-registers.rst
create mode 100644 drivers/virt/coco/guest/Kconfig
create mode 100644 drivers/virt/coco/guest/Makefile
rename drivers/virt/coco/{tsm.c => guest/report.c} (89%)
create mode 100644 drivers/virt/coco/guest/tsm-mr.c
create mode 100644 include/linux/tsm-mr.h
create mode 100644 include/trace/events/tsm_mr.h
create mode 100644 samples/tsm-mr/Makefile
create mode 100644 samples/tsm-mr/tsm_mr_sample.c
Powered by blists - more mailing lists