5e2cb28dd7
- Introduce configfs-tsm as a shared ABI for confidential computing
attestation reports
- Convert sev-guest to additionally support configfs-tsm alongside its
vendor specific ioctl()
- Added signed attestation report retrieval to the tdx-guest driver
forgoing a new vendor specific ioctl()
- Misc. cleanups and a new __free() annotation for kvfree()
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSbo+XnGs+rwLz9XGXfioYZHlFsZwUCZUQhiQAKCRDfioYZHlFs
Z2gMAQCJdtP0f2kH+pvf3oxAkA1OubKBqJqWOppeyrhTsNMpDQEA9ljXH9h7eRB/
2NQ6USrU6jqcdu3gB5Tzq8J/ZZabMQU=
=1Eiv
-----END PGP SIGNATURE-----
Merge tag 'tsm-for-6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/linux
Pull unified attestation reporting from Dan Williams:
"In an ideal world there would be a cross-vendor standard attestation
report format for confidential guests along with a common device
definition to act as the transport.
In the real world the situation ended up with multiple platform
vendors inventing their own attestation report formats with the
SEV-SNP implementation being a first mover to define a custom
sev-guest character device and corresponding ioctl(). Later, this
configfs-tsm proposal intercepted an attempt to add a tdx-guest
character device and a corresponding new ioctl(). It also anticipated
ARM and RISC-V showing up with more chardevs and more ioctls().
The proposal takes for granted that Linux tolerates the vendor report
format differentiation until a standard arrives. From talking with
folks involved, it sounds like that standardization work is unlikely
to resolve anytime soon. It also takes the position that kernfs ABIs
are easier to maintain than ioctl(). The result is a shared configfs
mechanism to return per-vendor report-blobs with the option to later
support a standard when that arrives.
Part of the goal here also is to get the community into the
"uncomfortable, but beneficial to the long term maintainability of the
kernel" state of talking to each other about their differentiation and
opportunities to collaborate. Think of this like the device-driver
equivalent of the common memory-management infrastructure for
confidential-computing being built up in KVM.
As for establishing an "upstream path for cross-vendor
confidential-computing device driver infrastructure" this is something
I want to discuss at Plumbers. At present, the multiple vendor
proposals for assigning devices to confidential computing VMs likely
needs a new dedicated repository and maintainer team, but that is a
discussion for v6.8.
For now, Greg and Thomas have acked this approach and this is passing
is AMD, Intel, and Google tests.
Summary:
- Introduce configfs-tsm as a shared ABI for confidential computing
attestation reports
- Convert sev-guest to additionally support configfs-tsm alongside
its vendor specific ioctl()
- Added signed attestation report retrieval to the tdx-guest driver
forgoing a new vendor specific ioctl()
- Misc cleanups and a new __free() annotation for kvfree()"
* tag 'tsm-for-6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/linux:
virt: tdx-guest: Add Quote generation support using TSM_REPORTS
virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT
mm/slab: Add __free() support for kvfree
virt: sevguest: Prep for kernel internal get_ext_report()
configfs-tsm: Introduce a shared ABI for attestation reports
virt: coco: Add a coco/Makefile and coco/Kconfig
virt: sevguest: Fix passing a stack buffer as a scatterlist target
130 lines
3.2 KiB
C
130 lines
3.2 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef _ASM_X86_SHARED_TDX_H
|
|
#define _ASM_X86_SHARED_TDX_H
|
|
|
|
#include <linux/bits.h>
|
|
#include <linux/types.h>
|
|
|
|
#define TDX_HYPERCALL_STANDARD 0
|
|
|
|
#define TDX_CPUID_LEAF_ID 0x21
|
|
#define TDX_IDENT "IntelTDX "
|
|
|
|
/* TDX module Call Leaf IDs */
|
|
#define TDG_VP_VMCALL 0
|
|
#define TDG_VP_INFO 1
|
|
#define TDG_VP_VEINFO_GET 3
|
|
#define TDG_MR_REPORT 4
|
|
#define TDG_MEM_PAGE_ACCEPT 6
|
|
#define TDG_VM_WR 8
|
|
|
|
/* TDCS fields. To be used by TDG.VM.WR and TDG.VM.RD module calls */
|
|
#define TDCS_NOTIFY_ENABLES 0x9100000000000010
|
|
|
|
/* TDX hypercall Leaf IDs */
|
|
#define TDVMCALL_MAP_GPA 0x10001
|
|
#define TDVMCALL_GET_QUOTE 0x10002
|
|
#define TDVMCALL_REPORT_FATAL_ERROR 0x10003
|
|
|
|
#define TDVMCALL_STATUS_RETRY 1
|
|
|
|
/*
|
|
* Bitmasks of exposed registers (with VMM).
|
|
*/
|
|
#define TDX_RDX BIT(2)
|
|
#define TDX_RBX BIT(3)
|
|
#define TDX_RSI BIT(6)
|
|
#define TDX_RDI BIT(7)
|
|
#define TDX_R8 BIT(8)
|
|
#define TDX_R9 BIT(9)
|
|
#define TDX_R10 BIT(10)
|
|
#define TDX_R11 BIT(11)
|
|
#define TDX_R12 BIT(12)
|
|
#define TDX_R13 BIT(13)
|
|
#define TDX_R14 BIT(14)
|
|
#define TDX_R15 BIT(15)
|
|
|
|
/*
|
|
* These registers are clobbered to hold arguments for each
|
|
* TDVMCALL. They are safe to expose to the VMM.
|
|
* Each bit in this mask represents a register ID. Bit field
|
|
* details can be found in TDX GHCI specification, section
|
|
* titled "TDCALL [TDG.VP.VMCALL] leaf".
|
|
*/
|
|
#define TDVMCALL_EXPOSE_REGS_MASK \
|
|
(TDX_RDX | TDX_RBX | TDX_RSI | TDX_RDI | TDX_R8 | TDX_R9 | \
|
|
TDX_R10 | TDX_R11 | TDX_R12 | TDX_R13 | TDX_R14 | TDX_R15)
|
|
|
|
#ifndef __ASSEMBLY__
|
|
|
|
#include <linux/compiler_attributes.h>
|
|
|
|
/*
|
|
* Used in __tdcall*() to gather the input/output registers' values of the
|
|
* TDCALL instruction when requesting services from the TDX module. This is a
|
|
* software only structure and not part of the TDX module/VMM ABI
|
|
*/
|
|
struct tdx_module_args {
|
|
/* callee-clobbered */
|
|
u64 rcx;
|
|
u64 rdx;
|
|
u64 r8;
|
|
u64 r9;
|
|
/* extra callee-clobbered */
|
|
u64 r10;
|
|
u64 r11;
|
|
/* callee-saved + rdi/rsi */
|
|
u64 r12;
|
|
u64 r13;
|
|
u64 r14;
|
|
u64 r15;
|
|
u64 rbx;
|
|
u64 rdi;
|
|
u64 rsi;
|
|
};
|
|
|
|
/* Used to communicate with the TDX module */
|
|
u64 __tdcall(u64 fn, struct tdx_module_args *args);
|
|
u64 __tdcall_ret(u64 fn, struct tdx_module_args *args);
|
|
u64 __tdcall_saved_ret(u64 fn, struct tdx_module_args *args);
|
|
|
|
/* Used to request services from the VMM */
|
|
u64 __tdx_hypercall(struct tdx_module_args *args);
|
|
|
|
/*
|
|
* Wrapper for standard use of __tdx_hypercall with no output aside from
|
|
* return code.
|
|
*/
|
|
static inline u64 _tdx_hypercall(u64 fn, u64 r12, u64 r13, u64 r14, u64 r15)
|
|
{
|
|
struct tdx_module_args args = {
|
|
.r10 = TDX_HYPERCALL_STANDARD,
|
|
.r11 = fn,
|
|
.r12 = r12,
|
|
.r13 = r13,
|
|
.r14 = r14,
|
|
.r15 = r15,
|
|
};
|
|
|
|
return __tdx_hypercall(&args);
|
|
}
|
|
|
|
|
|
/* Called from __tdx_hypercall() for unrecoverable failure */
|
|
void __noreturn __tdx_hypercall_failed(void);
|
|
|
|
bool tdx_accept_memory(phys_addr_t start, phys_addr_t end);
|
|
|
|
/*
|
|
* The TDG.VP.VMCALL-Instruction-execution sub-functions are defined
|
|
* independently from but are currently matched 1:1 with VMX EXIT_REASONs.
|
|
* Reusing the KVM EXIT_REASON macros makes it easier to connect the host and
|
|
* guest sides of these calls.
|
|
*/
|
|
static __always_inline u64 hcall_func(u64 exit_reason)
|
|
{
|
|
return exit_reason;
|
|
}
|
|
|
|
#endif /* !__ASSEMBLY__ */
|
|
#endif /* _ASM_X86_SHARED_TDX_H */
|