lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <683902e2e98df_218f10017@dwillia2-mobl4.notmuch>
Date: Thu, 29 May 2025 17:59:14 -0700
From: <dan.j.williams@...el.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
CC: <linux-coco@...ts.linux.dev>, <linux-kernel@...r.kernel.org>
Subject: [GIT PULL] Trusted Security Manager (TSM) updates for 6.16

Hi Linus, please pull from:

  git://git.kernel.org/pub/scm/linux/kernel/git/devsec/tsm tags/tsm-for-6.16

...to receive shared infrastructure updates for confidential computing.
The last time you pulled from tsm.git was back in v6.7 for the
configfs-tsm-report mechanism (5e2cb28dd7e1 ("Merge tag
'tsm-for-6.7'...")). The tree has now moved to a shared devsec/tsm.git
repo. Going forward additional shared infrastructure is anticipated for
the assignment of PCI devices to confidential guests, "PCI Device
Security (devsec)".

This has all appeared in linux-next for a couple weeks and identified
some issues in my merge commit over the rename. All resolved now, with
no new reports to my knowledge.

---

The following changes since commit 92a09c47464d040866cf2b4cd052bc60555185fb:

  Linux 6.15-rc5 (2025-05-04 13:55:04 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/devsec/tsm tags/tsm-for-6.16

for you to fetch changes up to 9d948b8804096d940022b1a3c483a5beb8b46574:

  Merge branch 'for-6.16/tsm-mr' into tsm-next (2025-05-13 11:28:25 -0700)

----------------------------------------------------------------
tsm for 6.16

- Add a general sysfs scheme for publishing "Measurement" values
  provided by the architecture's TEE Security Manager. Use it to publish
  TDX "Runtime Measurement Registers" ("RTMRs") that either maintain a
  hash of stored values (similar to a TPM PCR) or provide statically
  provisioned data.  These measurements are validated by a relying party.

- Reorganize the drivers/virt/coco/ directory for "host" and "guest"
  shared infrastructure.

- Fix a configfs-tsm-report unregister bug

- With CONFIG_TSM_MEASUREMENTS joining CONFIG_TSM_REPORTS and in
  anticipation of more shared "TSM" infrastructure arriving, rename the
  maintainer entry to "TRUSTED SECURITY MODULE (TSM) INFRASTRUCTURE".

----------------------------------------------------------------
Cedric Xing (9):
      tsm-mr: Add TVM Measurement Register support
      tsm-mr: Add tsm-mr sample code
      x86/tdx: Add tdx_mcall_extend_rtmr() interface
      x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error
      virt: tdx-guest: Expose TDX MRs as sysfs attributes
      virt: tdx-guest: Refactor and streamline TDREPORT generation
      virt: tdx-guest: Transition to scoped_cond_guard for mutex operations
      sample/tsm-mr: Fix missing static for sample_report
      tsm-mr: Fix init breakage after bin_attrs constification by scoping non-const pointers to init phase

Dan Williams (6):
      configfs-tsm: Namespace TSM report symbols
      coco/guest: Move shared guest CC infrastructure to drivers/virt/coco/guest/
      configfs-tsm-report: Fix NULL dereference of tsm_ops
      Merge branch 'for-6.16/tsm' into tsm-next
      Merge branch 'for-6.16/tsm-mr' into tsm-next
      Merge branch 'for-6.16/tsm-mr' into tsm-next

 .../testing/{configfs-tsm => configfs-tsm-report}  |   0
 .../testing/sysfs-devices-virtual-misc-tdx_guest   |  63 +++++
 Documentation/driver-api/coco/index.rst            |  12 +
 .../driver-api/coco/measurement-registers.rst      |  12 +
 Documentation/driver-api/index.rst                 |   1 +
 MAINTAINERS                                        |  11 +-
 arch/x86/coco/tdx/tdx.c                            |  50 +++-
 arch/x86/include/asm/shared/tdx.h                  |   1 +
 arch/x86/include/asm/tdx.h                         |   2 +
 drivers/virt/coco/Kconfig                          |   6 +-
 drivers/virt/coco/Makefile                         |   2 +-
 drivers/virt/coco/arm-cca-guest/arm-cca-guest.c    |   8 +-
 drivers/virt/coco/guest/Kconfig                    |  17 ++
 drivers/virt/coco/guest/Makefile                   |   4 +
 drivers/virt/coco/{tsm.c => guest/report.c}        |  63 +++--
 drivers/virt/coco/guest/tsm-mr.c                   | 251 ++++++++++++++++++++
 drivers/virt/coco/sev-guest/sev-guest.c            |  12 +-
 drivers/virt/coco/tdx-guest/Kconfig                |   1 +
 drivers/virt/coco/tdx-guest/tdx-guest.c            | 259 ++++++++++++++-------
 include/linux/tsm-mr.h                             |  89 +++++++
 include/linux/tsm.h                                |  22 +-
 include/trace/events/tsm_mr.h                      |  80 +++++++
 samples/Kconfig                                    |  11 +
 samples/Makefile                                   |   1 +
 samples/tsm-mr/Makefile                            |   2 +
 samples/tsm-mr/tsm_mr_sample.c                     | 131 +++++++++++
 26 files changed, 974 insertions(+), 137 deletions(-)
 rename Documentation/ABI/testing/{configfs-tsm => configfs-tsm-report} (100%)
 create mode 100644 Documentation/ABI/testing/sysfs-devices-virtual-misc-tdx_guest
 create mode 100644 Documentation/driver-api/coco/index.rst
 create mode 100644 Documentation/driver-api/coco/measurement-registers.rst
 create mode 100644 drivers/virt/coco/guest/Kconfig
 create mode 100644 drivers/virt/coco/guest/Makefile
 rename drivers/virt/coco/{tsm.c => guest/report.c} (89%)
 create mode 100644 drivers/virt/coco/guest/tsm-mr.c
 create mode 100644 include/linux/tsm-mr.h
 create mode 100644 include/trace/events/tsm_mr.h
 create mode 100644 samples/tsm-mr/Makefile
 create mode 100644 samples/tsm-mr/tsm_mr_sample.c

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ