lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <692613e0e0680_1981100d3@dwillia2-mobl4.notmuch>
Date: Tue, 25 Nov 2025 12:38:56 -0800
From: <dan.j.williams@...el.com>
To: Alexey Kardashevskiy <aik@....com>, <linux-kernel@...r.kernel.org>
CC: <linux-crypto@...r.kernel.org>, Tom Lendacky <thomas.lendacky@....com>,
	John Allen <john.allen@....com>, Herbert Xu <herbert@...dor.apana.org.au>,
	"David S. Miller" <davem@...emloft.net>, Ashish Kalra <ashish.kalra@....com>,
	Joerg Roedel <joro@...tes.org>, Suravee Suthikulpanit
	<suravee.suthikulpanit@....com>, Will Deacon <will@...nel.org>, Robin Murphy
	<robin.murphy@....com>, "Borislav Petkov (AMD)" <bp@...en8.de>, Kim Phillips
	<kim.phillips@....com>, Jerry Snitselaar <jsnitsel@...hat.com>, Vasant Hegde
	<vasant.hegde@....com>, Jason Gunthorpe <jgg@...pe.ca>, Gao Shiyuan
	<gaoshiyuan@...du.com>, Sean Christopherson <seanjc@...gle.com>, "Nikunj A
 Dadhania" <nikunj@....com>, Michael Roth <michael.roth@....com>, Amit Shah
	<amit.shah@....com>, Peter Gonda <pgonda@...gle.com>,
	<iommu@...ts.linux.dev>, Alexey Kardashevskiy <aik@....com>
Subject: Re: [PATCH kernel v2 0/5] PCI/TSM: Enabling core infrastructure on

Alexey Kardashevskiy wrote:
> Here are some patches to begin enabling SEV-TIO on AMD.
> 
> SEV-TIO allows guests to establish trust in a device that supports TEE
> Device Interface Security Protocol (TDISP, defined in PCIe r6.0+) and
> then interact with the device via private memory.
> 
> In order to streamline upstreaming process, a common TSM infrastructure
> is being developed in collaboration with Intel+ARM+RiscV. There is
> Documentation/driver-api/pci/tsm.rst with proposed phases:
> 1. IDE: encrypt PCI, host only
> 2. TDISP: lock + accept flow, host and guest, interface report
> 3. Enable secure MMIO + DMA: IOMMUFD, KVM changes
> 4. Device attestation: certificates, measurements
> 
> This is phase1 == IDE only.
> 
> SEV TIO spec:
> https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58271.pdf
> 
> Acronyms:
> TEE - Trusted Execution Environments, a concept of managing trust
> between the host and devices
> TSM - TEE Security Manager (TSM), an entity which ensures security on
> the host
> PSP - AMD platform secure processor (also "ASP", "AMD-SP"), acts as TSM
> on AMD.
> SEV TIO - the TIO protocol implemented by the PSP and used by the host
> GHCB - guest/host communication block - a protocol for guest-to-host
> communication via a shared page
> TDISP - TEE Device Interface Security Protocol (PCIe).
> 
> 
> Flow:
> - Boot host OS, load CCP which registers itself as a TSM
> - PCI TSM creates sysfs nodes under "tsm" subdirectory in for all
>   TDISP-capable devices
> - Enable IDE via "echo tsm0 >
>     /sys/bus/pci/devices/0000:e1:00.0/tsm/connect"
> - observe "secure" in stream states in "lspci" for the rootport and endpoint
> 
> 
> This is pushed out to
> https://github.com/AMDESE/linux-kvm/commits/tsm-staging
> 
> The full "WIP" trees and configs are here:
> https://github.com/AMDESE/AMDSEV/blob/tsm/stable-commits
> 
> 
> The previous conversation is here:
> https://lore.kernel.org/r/20251111063819.4098701-1-aik@amd.com
> https://lore.kernel.org/r/20250218111017.491719-1-aik@amd.com
> 
> This is based on sha1
> f7ae6d4ec652 Dan Williams "PCI/TSM: Add 'dsm' and 'bound' attributes for dependent functions".
> 
> Please comment. Thanks.

This looks ok to me. If the AMD IOMMU and CCP maintainers can give it an
ack I can queue this for v6.19, but let me know if the timing is too
tight and this needs to circle around for v6.20.

Note that if this is deferred then the PCI/TSM core, that has been
soaking in linux-next [1], will also be deferred as at least one
consumer needs to go in with the core infrastructure. It is already the
case that TEE I/O for CCA and TDX have dependencies that will not
resolve in time for v6.19 merge.

[1]: https://git.kernel.org/pub/scm/linux/kernel/git/devsec/tsm.git/log/?h=next

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ