lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260211001712.1531955-1-sathyanarayanan.kuppuswamy@linux.intel.com>
Date: Tue, 10 Feb 2026 16:17:09 -0800
From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@...ux.intel.com>
To: Dan Williams <dan.j.williams@...el.com>,
	"Kirill A . Shutemov" <kas@...nel.org>
Cc: Dave Hansen <dave.hansen@...ux.intel.com>,
	Rick Edgecombe <rick.p.edgecombe@...el.com>,
	x86@...nel.org,
	linux-kernel@...r.kernel.org,
	linux-coco@...ts.linux.dev
Subject: [PATCH v1 0/3] Increase CoCo attestation report buffer size

Hi All,

This patch series addresses buffer size limitations in the Confidential
Computing (CoCo) attestation stack. These changes are necessary to
support emerging security requirements such as DICE-based attestation
and Post-Quantum Cryptography (PQC).

DICE relies on layered evidence collected across multiple boot stages,
where each stage contributes to a cumulative certificate chain. This
process can increase the total report size to over 100KB. Furthermore,
with PQC support enabled, evidence size can reach several MB due to
larger cryptographic signatures and certificates.

Current Intel platforms use SGX-based attestation with Quote sizes
typically under 8KB. Newer Intel platforms will support DICE-based
attestation, requiring larger buffers.

This series extends the TSM framework to support reports up to 16MB,
providing sufficient headroom for these security standards. It also
increases the TDX Quote buffer size to 128KB to accommodate DICE-based
attestation.

Patch Details:

Patch 1/3 - Documents TSM binary blob size limits.      
Patch 2/3 - Increases the generic TSM maximum output blob size from
            32KB to 16MB.
Patch 3/3 - Increases the TDX-specific GET_QUOTE_BUF_SIZE from 8KB to
            128KB to support DICE-based attestation.

Kuppuswamy Sathyanarayanan (3):
  virt: tsm: Document size limits for outblob attributes
  virt: tsm: Increase TSM_REPORT_OUTBLOB_MAX to 16MB
  virt: tdx-guest: Increase Quote buffer size to 128KB

 Documentation/ABI/testing/configfs-tsm-report | 16 ++++++++++++++++
 drivers/virt/coco/tdx-guest/tdx-guest.c       |  4 +++-
 include/linux/tsm.h                           |  2 +-
 3 files changed, 20 insertions(+), 2 deletions(-)

-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ