Re: [PATCH 08/11] x86/sev: Provide guest VMPL level to userspace

[Tom Lendacky]

On 1/26/24 19:06, Dionna Amalie Glaze wrote:
> On Fri, Jan 26, 2024 at 2:19 PM Tom Lendacky <thomas.lendacky@xxxxxxx> wrote:
> > Requesting an attestation report from userspace involves providing the
> > VMPL level for the report. Currently any value from 0-3 is valid because
> > Linux enforces running at VMPL0.
> >
> > When an SVSM is present, though, Linux will not be running at VMPL0 and
> > only VMPL values starting at the VMPL level Linux is running at to 3 are
> > valid. In order to allow userspace to determine the minimum VMPL value
> > that can be supplied to an attestation report, create a sysfs entry that
> > can be used to retrieve the current VMPL level of Linux.
>
> Is this not the intended meaning of privlevel_floor in
> /sys/kernel/config/tsm/report/$report0/privlevel_floor?

Hmmm... possibly. But that would make someone using the ioctl() (which is 
still available) have to use the config-tsm support to get the value. If 
the overall consensus is not to have a sysfs entry, I'll remove it, but it 
could be useful beyond just attestation.

Your comment does make me realize that I did miss changing privlevel_floor 
for the TSM support. I need to set privlevel_floor to the current VMPL level.

Thanks,
Tom

>