Re: [PATCH v5 12/13] x86/sev: Extend the config-fs attestation support for an SVSM

From: Tom Lendacky
Date: Thu Jun 06 2024 - 15:15:55 EST

Next message: Luca Weiss: "[PATCH v2 1/2] dt-bindings: soc: qcom,smsm: Allow specifying mboxes instead of qcom,ipc"
Previous message: Nícolas F. R. A. Prado: "Re: [PATCH] remoteproc: mediatek: Don't print error when optional scp handle is missing"
In reply to: Tom Lendacky: "[PATCH v5 12/13] x86/sev: Extend the config-fs attestation support for an SVSM"
Next in thread: Tom Lendacky: "[PATCH v5 13/13] x86/sev: Allow non-VMPL0 execution when an SVSM is present"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/5/24 10:18, Tom Lendacky wrote:

When an SVSM is present, the guest can also request attestation reports
from the SVSM. These SVSM attestation reports can be used to attest the
SVSM and any services running within the SVSM.

Extend the config-fs attestation support to allow for an SVSM attestation
report. This involves creating four (4) new config-fs attributes:

- 'service-provider' (input)
This attribute is used to determine whether the attestation request
should be sent to the specified service provider or to the SEV
firmware. The SVSM service provider is represented by the value
'svsm'.

- 'service_guid' (input)
Used for requesting the attestation of a single service within the
service provider. A null GUID implies that the SVSM_ATTEST_SERVICES
call should be used to request the attestation report. A non-null
GUID implies that the SVSM_ATTEST_SINGLE_SERVICE call should be used.

- 'service_manifest_version' (input)
Used with the SVSM_ATTEST_SINGLE_SERVICE call, the service version
represents a specific service manifest version be used for the
attestation report.

- 'manifestblob' (output)
Used to return the service manifest associated with the attestation
report.

Only display these new attributes when running under an SVSM.

Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx>
---
Documentation/ABI/testing/configfs-tsm | 63 +++++++++
arch/x86/include/asm/sev.h | 31 ++++-
arch/x86/kernel/sev.c | 50 +++++++
drivers/virt/coco/sev-guest/sev-guest.c | 178 ++++++++++++++++++++++++
drivers/virt/coco/tsm.c | 93 ++++++++++++-
include/linux/tsm.h | 19 +++
6 files changed, 431 insertions(+), 3 deletions(-)

Here's a small change to provide better error detail that you can squash
into this patch if that's ok.

Thanks,
Tom

diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c
index 655865164705..e32ac31e0630 100644
--- a/drivers/virt/coco/sev-guest/sev-guest.c
+++ b/drivers/virt/coco/sev-guest/sev-guest.c
@@ -886,7 +886,8 @@ static int sev_svsm_report_new(struct tsm_report *report, void *data)
return -EINVAL;
default:
- pr_err_ratelimited("SVSM attestation request failed (%#x)\n", ret);
+ pr_err_ratelimited("SVSM attestation request failed (%d / 0x%llx)\n",
+ ret, call.rax_out);
return -EINVAL;
}
}

Next message: Luca Weiss: "[PATCH v2 1/2] dt-bindings: soc: qcom,smsm: Allow specifying mboxes instead of qcom,ipc"
Previous message: Nícolas F. R. A. Prado: "Re: [PATCH] remoteproc: mediatek: Don't print error when optional scp handle is missing"
In reply to: Tom Lendacky: "[PATCH v5 12/13] x86/sev: Extend the config-fs attestation support for an SVSM"
Next in thread: Tom Lendacky: "[PATCH v5 13/13] x86/sev: Allow non-VMPL0 execution when an SVSM is present"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]