lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <2dcb2fba-5bcc-42ba-97db-f275fb859cf8@amd.com>
Date: Mon, 1 Dec 2025 09:27:05 -0600
From: Tom Lendacky <thomas.lendacky@....com>
To: dan.j.williams@...el.com, Alexey Kardashevskiy <aik@....com>,
 linux-kernel@...r.kernel.org
Cc: linux-crypto@...r.kernel.org, John Allen <john.allen@....com>,
 Herbert Xu <herbert@...dor.apana.org.au>,
 "David S. Miller" <davem@...emloft.net>, Ashish Kalra
 <ashish.kalra@....com>, Joerg Roedel <joro@...tes.org>,
 Suravee Suthikulpanit <suravee.suthikulpanit@....com>,
 Will Deacon <will@...nel.org>, Robin Murphy <robin.murphy@....com>,
 "Borislav Petkov (AMD)" <bp@...en8.de>, Kim Phillips <kim.phillips@....com>,
 Jerry Snitselaar <jsnitsel@...hat.com>, Vasant Hegde <vasant.hegde@....com>,
 Jason Gunthorpe <jgg@...pe.ca>, Gao Shiyuan <gaoshiyuan@...du.com>,
 Sean Christopherson <seanjc@...gle.com>, Nikunj A Dadhania <nikunj@....com>,
 Michael Roth <michael.roth@....com>, Amit Shah <amit.shah@....com>,
 Peter Gonda <pgonda@...gle.com>, iommu@...ts.linux.dev
Subject: Re: [PATCH kernel v2 0/5] PCI/TSM: Enabling core infrastructure on

On 11/25/25 14:38, dan.j.williams@...el.com wrote:
> Alexey Kardashevskiy wrote:
>> Here are some patches to begin enabling SEV-TIO on AMD.
>>
>> SEV-TIO allows guests to establish trust in a device that supports TEE
>> Device Interface Security Protocol (TDISP, defined in PCIe r6.0+) and
>> then interact with the device via private memory.
>>
>> In order to streamline upstreaming process, a common TSM infrastructure
>> is being developed in collaboration with Intel+ARM+RiscV. There is
>> Documentation/driver-api/pci/tsm.rst with proposed phases:
>> 1. IDE: encrypt PCI, host only
>> 2. TDISP: lock + accept flow, host and guest, interface report
>> 3. Enable secure MMIO + DMA: IOMMUFD, KVM changes
>> 4. Device attestation: certificates, measurements
>>
>> This is phase1 == IDE only.
>>
>> SEV TIO spec:
>> https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58271.pdf
>>
>> Acronyms:
>> TEE - Trusted Execution Environments, a concept of managing trust
>> between the host and devices
>> TSM - TEE Security Manager (TSM), an entity which ensures security on
>> the host
>> PSP - AMD platform secure processor (also "ASP", "AMD-SP"), acts as TSM
>> on AMD.
>> SEV TIO - the TIO protocol implemented by the PSP and used by the host
>> GHCB - guest/host communication block - a protocol for guest-to-host
>> communication via a shared page
>> TDISP - TEE Device Interface Security Protocol (PCIe).
>>
>>
>> Flow:
>> - Boot host OS, load CCP which registers itself as a TSM
>> - PCI TSM creates sysfs nodes under "tsm" subdirectory in for all
>>   TDISP-capable devices
>> - Enable IDE via "echo tsm0 >
>>     /sys/bus/pci/devices/0000:e1:00.0/tsm/connect"
>> - observe "secure" in stream states in "lspci" for the rootport and endpoint
>>
>>
>> This is pushed out to
>> https://github.com/AMDESE/linux-kvm/commits/tsm-staging
>>
>> The full "WIP" trees and configs are here:
>> https://github.com/AMDESE/AMDSEV/blob/tsm/stable-commits
>>
>>
>> The previous conversation is here:
>> https://lore.kernel.org/r/20251111063819.4098701-1-aik@amd.com
>> https://lore.kernel.org/r/20250218111017.491719-1-aik@amd.com
>>
>> This is based on sha1
>> f7ae6d4ec652 Dan Williams "PCI/TSM: Add 'dsm' and 'bound' attributes for dependent functions".
>>
>> Please comment. Thanks.
> 
> This looks ok to me. If the AMD IOMMU and CCP maintainers can give it an
> ack I can queue this for v6.19, but let me know if the timing is too
> tight and this needs to circle around for v6.20.

I had some comments in patches 4 and 5 that I hope would be quick to
cleanup.

> 
> Note that if this is deferred then the PCI/TSM core, that has been
> soaking in linux-next [1], will also be deferred as at least one
> consumer needs to go in with the core infrastructure. It is already the
> case that TEE I/O for CCA and TDX have dependencies that will not
> resolve in time for v6.19 merge.
> 
> [1]: https://git.kernel.org/pub/scm/linux/kernel/git/devsec/tsm.git/log/?h=next

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ