lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <eb2ba274-42a0-4bf4-aeba-36b2645e4860@linux.intel.com>
Date: Wed, 11 Feb 2026 13:13:36 -0800
From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@...ux.intel.com>
To: dan.j.williams@...el.com, Kiryl Shutsemau <kas@...nel.org>
Cc: Dave Hansen <dave.hansen@...ux.intel.com>,
 Rick Edgecombe <rick.p.edgecombe@...el.com>, x86@...nel.org,
 linux-kernel@...r.kernel.org, linux-coco@...ts.linux.dev
Subject: Re: [PATCH v1 3/3] virt: tdx-guest: Increase Quote buffer size to
 128KB

Hi Dan,

On 2/11/2026 1:06 PM, dan.j.williams@...el.com wrote:
> Kuppuswamy Sathyanarayanan wrote:
>> Hi Kiryl,
>>
>> Thanks for the review!
>>
>> On 2/11/2026 3:17 AM, Kiryl Shutsemau wrote:
>>> On Tue, Feb 10, 2026 at 04:17:12PM -0800, Kuppuswamy Sathyanarayanan wrote:
>>>> Intel platforms are transitioning from traditional SGX-based
>>>> attestation toward DICE-based attestation as part of a broader move
>>>> toward open and standardized attestation models. DICE enables layered
>>>> and extensible attestation, where evidence is accumulated across
>>>> multiple boot stages.
>>>>
>>>> With SGX-based attestation, Quote sizes are typically under 8KB, as the
>>>> payload consists primarily of Quote data and a small certificate bundle.
>>>> Existing TDX guest code sizes the Quote buffer accordingly.
>>>>
>>>> DICE-based attestation produces significantly larger Quotes due to the
>>>> inclusion of evidence (certificate chains) from multiple boot layers.
>>>> The cumulative Quote size can reach approximately 100KB.
>>>>
>>>> Increase GET_QUOTE_BUF_SIZE to 128KB to ensure sufficient buffer
>>>> capacity for DICE-based Quote payloads.
>>>
>>> It worth noting that it requires guest physically-contiguous memory.
>>>
>>> Single order-5 allocation is not that bad as long as the driver
>>> initialized during the boot.
>>
>> Good point! We can add following to the commit log:
>>
>> The Quote buffer requires guest physically-contiguous memory and is
>> allocated once during driver initialization at boot time, where an
>> order-5 allocation (128KB) is expected to succeed reliably.
> 
> That is good feedback. I would rather not restart the timer on the
> linux-next exposure with a rebase to add that. I think in this case it
> is sufficient that the commit has a link back to this discussion:
> 
> Link: https://patch.msgid.link/20260211001712.1531955-4-sathyanarayanan.kuppuswamy@linux.intel.com
> 
> However, when the the patch to add the link to the documentation for the
> CBOR Web Token schema is ready, do take the opportunity to also add a
> patch commenting about the order-5 allocation risk to
> GET_QUOTE_BUF_SIZE.

Sounds good. Once the CWT documentation is ready, I will send a follow-up
patch that includes both the documentation link and the order-5 allocation
comment.

> 
> Later, when / if these objects start to get into order-10+ allocations
> for PQC etc, a scatter-gather mechanism will need to be considered.

-- 
Sathyanarayanan Kuppuswamy
Linux Kernel Developer

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ