Re: [PATCH v4 14/15] x86/sev: Extend the config-fs attestation support for an SVSM

From: Tom Lendacky
Date: Fri May 31 2024 - 15:03:37 EST

Next message: Borislav Petkov: "Re: [PATCH v4 10/15] virt: sev-guest: Choose the VMPCK key based on executing VMPL"
Previous message: Simon Horman: "Re: [PATCH net] net: dsa: microchip: fix initial port flush problem"
In reply to: Borislav Petkov: "Re: [PATCH v4 14/15] x86/sev: Extend the config-fs attestation support for an SVSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 5/31/24 08:16, Borislav Petkov wrote:

On Wed, Apr 24, 2024 at 10:58:10AM -0500, Tom Lendacky wrote:

+/*
+ * The SVSM Attestation related structures
+ */
+struct svsm_location_entry {

"svsm_loc" should be enough.

+ u64 pa;
+ u32 len;
+ u8 rsvd[4];
+};
+
+struct svsm_attestation_call {

Can we shorten all "attestion" to "atst" or "attest"?

Will shorten to attest.

+ struct svsm_location_entry report_buffer;
+ struct svsm_location_entry nonce;
+ struct svsm_location_entry manifest_buffer;
+ struct svsm_location_entry certificates_buffer;

report_buf;
nonce;
manifest_buf;
certs_buf;

Please shorten all those.

Ok.

+ /* For attesting a single service */
+ u8 service_guid[16];
+ u32 service_manifest_version;

manifest_ver;

Yep.

+ u8 rsvd[4];
+};
+
/*
* SVSM protocol structure

...

+static void update_attestation_input(struct svsm_call *call, struct svsm_attestation_call *input)
+{
+ /* If (new) lengths have been returned, propograte them up */

"propagate"

Fixed.

+ if (call->rcx_out != call->rcx)
+ input->manifest_buffer.len = call->rcx_out;
+
+ if (call->rdx_out != call->rdx)
+ input->certificates_buffer.len = call->rdx_out;
+
+ if (call->r8_out != call->r8)
+ input->report_buffer.len = call->r8_out;
+}
+
+int snp_issue_svsm_attestation_request(u64 call_id, struct svsm_attestation_call *input)

This looks like BIOS code. The only thing that's missing is the
CamelCase. :-)

int snp_issue_svsm_attest_req(u64 call_id, struct svsm_attest_call *input_call)

Now that's more like it!

Ok.

+{
+ struct svsm_attestation_call *attest_call;

struct svsm_attest_call *atst_call;

Ok, I'll use 'ac'

+ struct svsm_call call = {};
+ unsigned long flags;
+ u64 attest_call_pa;
+ int ret;
+
+ if (!vmpl)
+ return -EINVAL;
+

...

+static int sev_svsm_report_new(struct tsm_report *report, void *data)
+{
+ unsigned int report_len, manifest_len, certificates_len;
+ void *report_blob, *manifest_blob, *certificates_blob;

Prose. Shorter pls.

Ok.

Thanks,
Tom

+ struct svsm_attestation_call attest_call = {};
+ struct tsm_desc *desc = &report->desc;
+ unsigned int retry_count;
+ unsigned int size;
+ bool try_again;
+ void *buffer;
+ u64 call_id;
+ int ret;

...

Next message: Borislav Petkov: "Re: [PATCH v4 10/15] virt: sev-guest: Choose the VMPCK key based on executing VMPL"
Previous message: Simon Horman: "Re: [PATCH net] net: dsa: microchip: fix initial port flush problem"
In reply to: Borislav Petkov: "Re: [PATCH v4 14/15] x86/sev: Extend the config-fs attestation support for an SVSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]