lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <yq5ah5z922d4.fsf@kernel.org>
Date: Fri, 18 Jul 2025 16:27:11 +0530
From: Aneesh Kumar K.V <aneesh.kumar@...nel.org>
To: Dan Williams <dan.j.williams@...el.com>, linux-coco@...ts.linux.dev,
	linux-pci@...r.kernel.org
Cc: linux-kernel@...r.kernel.org, bhelgaas@...gle.com, aik@....com,
	lukas@...ner.de,
	Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>,
	Isaku Yamahata <isaku.yamahata@...el.com>,
	John Allen <john.allen@....com>,
	Jonathan Cameron <Jonathan.Cameron@...wei.com>,
	Samuel Ortiz <sameo@...osinc.com>,
	Suzuki K Poulose <suzuki.poulose@....com>,
	Tom Lendacky <thomas.lendacky@....com>,
	Xiaoyao Li <xiaoyao.li@...el.com>,
	Xu Yi lun <yilun.xu@...ux.intel.com>,
	Yilun Xu <yilun.xu@...el.com>
Subject: Re: [PATCH v4 00/10] PCI/TSM: Core infrastructure for PCI device
 security (TDISP)

Dan Williams <dan.j.williams@...el.com> writes:

> Changes since v3 [1]:
> - Move the TSM core out of the host/ subdirectory since it is shared
>   with the guest (Aneesh)
> - Support multiple simultaneous TSM providers (Jason, Alexey)
> - Do not reuse the "connect" operation for both Link and Security state
>   management (Aneesh, Alexey)
> - Derive the pci_tsm instance type from details in the @pdev or @dsm
>   properties (Aneesh)
> - Delay TSM association until ->connect(), results in removing the need
>   for the @state attribute
> - Introduce reverse iterators for all PCI bus and function walking.
> - Move all per-device context setup/teardown to
>   pci_tsm_(constructor,destructor)
> - Add pci_ide_stream_release() for scope-based cleanup of IDE setup
> - Shorten the name of the "stream" sysfs link (Jonathan)
> - misc fixups (Jonathan)
> - Note creation of pci_host_bridge_type in changelog (Jonathan)
> - Drop now unused PREP_PCI_IDE_SEL_ADDR1() and related macros (Jonathan)
> - Open code PREP_PCI_IDE_SEL_RID_2 in its only caller (Jonathan)
> - Clarify the specification Stream term from a Linux "stream" object
>   (Jonathan)
> - Convert samples/devsec/ to faux device (Jonathan)
> - Drop Date: from ABI entries
> - Add basic driver-api documentation to build kdoc
> - Switch to ACQUIRE()
> - Add an explicit 'disconnect' attribute
> - Clarify the PCI_IDE_STREAM_MAX Kconfig help (Jonathan)
> - Use unsigned variables from sel_ide_offset (Jonathan)
>
> [1]: http://lore.kernel.org/20250516054732.2055093-1-dan.j.williams@intel.com
>
> This set is available at tsm.git#staging (rebasing branch) or
> tsm.git#devsec-20250717 (immutable tag). It passes a basic that
> exercises load/unload of the samples/devsec/ modules and
> connect/disconnect of the emulated device.
>
> Status (complexity reductions):
> -------------------------------
>
> Between the support for multiple TSMs, the split of "Link" and
> "Security" operations and inferring the type of 'struct pci_tsm' context
> from its properties, the implementation shed complexity.
>
> Now, ->probe() is only called in the sysfs::connect_store() path which
> means that there is no need to track the PCI_TSM_INIT and
> PCI_TSM_CONNECT states. Simply, when a Device Security Manager (DSM) is
> connected, at that point all potential TDIs (assignable functions where
> the DSM can manage its security state) are probed.
>
> Now, initial determination of when the "tsm/" sysfs group appears
> follows typical expectations. If at least one TSM device has been
> registered prior to a DSM device being scanned, its "tsm/" attribute
> group will appear. No more need for a pci_tsm_init() call via
> pci_init_capabilities().
>
> The pci_tsm_destroy() path is now simply arranging for
> pci_tsm_disconnect() of all DSMs after all TDIs have gone through
> ->remove() callback. This is accomplished with new "reverse" iterators
> for all PCI bus walks.
>
> Next steps:
> -----------
> The campaign to graduate this out of tsm.git#staging and into mainline
> starts in earnest when samples/devsec/ + 1 vendor implementation, or 2
> vendor implementations can demonstrate the end-to-end flow (minus
> attestation). That is the "consensus" event horizon where prior to that
> it seems reasonable for impacted subsystem maintainers to opt-out of
> reviewing all the fine details under debate. Suffice to say there are a
> lot of fine details flying around.
>
> To that end I expect it would help to have a tracking document in
> tsm.git#staging that catalogs the open debates and the current leanings
> of the staging tree. That is next in the hopper.
>
> Original Cover letter:
> ----------------------
>
> Trusted execution environment (TEE) Device Interface Security Protocol
> (TDISP) is a chapter name in the PCI specification. It describes an
> alphabet soup of mechanisms, SPDM, CMA, IDE, TSM/DSM, that system
> software uses to establish trust in a device and assign it to a
> confidential virtual machine (CVM). It is protocol for dynamically
> extending the trusted computing boundary (TCB) of a CVM with a PCI
> device interface that can issue DMA to CVM private memory.
>
> The acronym soup problem is enhanced by every major platform vendor
> having distinct TEE Security Manager (TSM) API implementations /
> capabilities, and to a lesser extent, every potential endpoint Device
> Security Manager (DSM) having its own idiosyncratic behaviors around
> TDISP state transitions.
>
> Despite all that opportunity for differentiation, there is a significant
> portion of the implementation that is cross-vendor common. However, it
> is difficult to develop, debate, test and settle all those pieces absent
> a low level TSM driver implementation to pull it all together.
>
> The proposal, of which this set is the first phase, is incrementally
> develop the shared infrastructure on top of a sample TSM driver
> implementation to enable clean vendor agnostic discussions about the
> commons. "samples/devsec/" is meant to be: just enough emulation to
> exercise all the core infrastructure, a reference implementation, and a
> simple unit test. The sample also enables coordination with the native
> PCI device security effort [2].
>
> [2]: http://lore.kernel.org/cover.1719771133.git.lukas@wunner.de
>
> Dan Williams (10):
>   coco/tsm: Introduce a core device for TEE Security Managers
>   PCI/IDE: Enumerate Selective Stream IDE capabilities
>   PCI: Introduce pci_walk_bus_reverse(), for_each_pci_dev_reverse()
>   PCI/TSM: Authenticate devices via platform TSM
>   samples/devsec: Introduce a PCI device-security bus + endpoint sample
>   PCI: Add PCIe Device 3 Extended Capability enumeration
>   PCI/IDE: Add IDE establishment helpers
>   PCI/IDE: Report available IDE streams
>   PCI/TSM: Report active IDE streams
>   samples/devsec: Add sample IDE establishment
>
>  Documentation/ABI/testing/sysfs-bus-pci       |  51 ++
>  Documentation/ABI/testing/sysfs-class-tsm     |  19 +
>  .../ABI/testing/sysfs-devices-pci-host-bridge |  29 +
>  Documentation/driver-api/pci/index.rst        |   1 +
>  Documentation/driver-api/pci/tsm.rst          |  12 +
>  MAINTAINERS                                   |   7 +-
>  drivers/base/bus.c                            |  38 +
>  drivers/pci/Kconfig                           |  28 +
>  drivers/pci/Makefile                          |   2 +
>  drivers/pci/bus.c                             |  37 +
>  drivers/pci/ide.c                             | 578 ++++++++++++++
>  drivers/pci/pci-sysfs.c                       |   4 +
>  drivers/pci/pci.h                             |  17 +
>  drivers/pci/probe.c                           |  25 +-
>  drivers/pci/remove.c                          |   3 +
>  drivers/pci/search.c                          |  63 +-
>  drivers/pci/tsm.c                             | 554 ++++++++++++++
>  drivers/virt/coco/Kconfig                     |   3 +
>  drivers/virt/coco/Makefile                    |   2 +
>  drivers/virt/coco/tsm-core.c                  | 198 +++++
>  include/linux/device/bus.h                    |   3 +
>  include/linux/pci-ide.h                       |  72 ++
>  include/linux/pci-tsm.h                       | 158 ++++
>  include/linux/pci.h                           |  36 +
>  include/linux/tsm.h                           |  15 +
>  include/uapi/linux/pci_regs.h                 |  89 +++
>  samples/Kconfig                               |  16 +
>  samples/Makefile                              |   1 +
>  samples/devsec/Makefile                       |  10 +
>  samples/devsec/bus.c                          | 711 ++++++++++++++++++
>  samples/devsec/common.c                       |  26 +
>  samples/devsec/devsec.h                       |  40 +
>  samples/devsec/tsm.c                          | 241 ++++++
>  33 files changed, 3078 insertions(+), 11 deletions(-)
>  create mode 100644 Documentation/ABI/testing/sysfs-class-tsm
>  create mode 100644 Documentation/driver-api/pci/tsm.rst
>  create mode 100644 drivers/pci/ide.c
>  create mode 100644 drivers/pci/tsm.c
>  create mode 100644 drivers/virt/coco/tsm-core.c
>  create mode 100644 include/linux/pci-ide.h
>  create mode 100644 include/linux/pci-tsm.h
>  create mode 100644 samples/devsec/Makefile
>  create mode 100644 samples/devsec/bus.c
>  create mode 100644 samples/devsec/common.c
>  create mode 100644 samples/devsec/devsec.h
>  create mode 100644 samples/devsec/tsm.c
>
>
> base-commit: df877487cac3509cbae2625181e7ad6748afed24

This series currently doesn’t include the TDI bind equivalent.
Incorporating some of the changes from patch [1] would help lay the
groundwork for submitting the remaining POC patches.

Also, could you clarify the purpose of sec_probe and sec_remove? How are
they being used?

[1] https://lore.kernel.org/all/20250516054732.2055093-13-dan.j.williams@intel.com

-aneesh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ