Re: [PATCH v5] misc: Add Nitro Secure Module driver
From: Michael S. Tsirkin
Date: Tue Oct 10 2023 - 17:43:42 EST
On Tue, Oct 10, 2023 at 11:29:00PM +0200, Alexander Graf wrote:
>
> On 10.10.23 22:34, Michael S. Tsirkin wrote:
> >
> > On Tue, Oct 10, 2023 at 07:18:15PM +0000, Alexander Graf wrote:
> > > When running Linux inside a Nitro Enclave, the hypervisor provides a
> > > special virtio device called "Nitro Security Module" (NSM). This device
> > > has 3 main functions:
> > >
> > > 1) Provide attestation reports
> > > 2) Modify PCR state
> > > 3) Provide entropy
> > >
> > > This patch adds a driver for NSM that exposes a /dev/nsm device node which
> > > user space can issue an ioctl on this device with raw NSM CBOR formatted
> > > commands to request attestation documents, influence PCR states, read
> > > entropy and enumerate status of the device. In addition, the driver
> > > implements a hwrng backend.
> > >
> > > Originally-by: Petre Eftime <petre.eftime@xxxxxxxxx>
> > > Signed-off-by: Alexander Graf <graf@xxxxxxxxxx>
> > Could some documentation about how this device works be posted on virtio
> > list please?
>
>
> Sure! What is your preferred method to provide this? :)
>
> Alex
>
Posting patch adding a text file with it to virtio-comment would be best.
>
>
>
> Amazon Development Center Germany GmbH
> Krausenstr. 38
> 10117 Berlin
> Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
> Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
> Sitz: Berlin
> Ust-ID: DE 289 237 879
>
>