Re: [PATCH v4 2/2] misc: Add Nitro Secure Module driver

From: Greg Kroah-Hartman
Date: Tue Oct 10 2023 - 02:15:49 EST


On Mon, Oct 09, 2023 at 09:20:53PM +0000, Alexander Graf wrote:
> When running Linux inside a Nitro Enclave, the hypervisor provides a
> special virtio device called "NSM". This device has 3 main functions:
>
> 1) Provide attestation reports
> 2) Modify PCR state
> 3) Provide entropy
>
> This patch adds a driver for NSM that exposes a /dev/nsm device node which
> user space can issue ioctls on to request attestation documents, influence
> PCR states, read entropy and enumerate status of the device. In addition,
> the driver implements a hwrng backend and exposes some of the NSM device
> metadata as sysfs entries.
>
> Originally-by: Petre Eftime <petre.eftime@xxxxxxxxx>
> Signed-off-by: Alexander Graf <graf@xxxxxxxxxx>
>
> ---
>
> v1 -> v2:
>
> - Remove boilerplate
> - Add uapi header
>
> v2 -> v3:
>
> - Move globals to device struct
> - Add compat handling
> - Simplify some naming
> - Remove debug prints
> - Use module_virtio_driver
> - Drop use of uio.h
>
> v3 -> v4:
>
> - Merge hwrng into the misc driver
> - Add dependency on CBOR library
> - Add internal and ioctl logic for all current NSM actions
> - Use in-struct arrays instead of kvecs
> - Add sysfs entries for NSM metadata

You forgot Documentation/ABI/ entries for your new sysfs files so we can
see what exactly they are and if they are sane.

thanks,

greg k-h