Re: [PATCH v2 0/4] tsm: Unified Measurement Register ABI for TVMs

From: Jianxiong Gao
Date: Thu Feb 27 2025 - 17:06:41 EST

Next message: Mateusz Guzik: "Re: [PATCH] pipe: cache 2 pages instead of 1"
Previous message: tip-bot2 for Zhang Kunbo: " [tip: x86/cleanups] x86/irq: Fix missing declaration of 'io_apic_irqs'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Feb 23, 2025 at 7:23 PM Cedric Xing <cedric.xing@xxxxxxxxx> wrote:
>
> NOTE: This patch series introduces the Measurement Register (MR) ABI, and
> is a continuation of the RFC series on the same topic [1].
>
> This patch series adds a unified interface to the TSM core, allowing TVM
> (TEE VM) guest drivers to expose measurement registers (MRs) as attributes
> (files) in sysfs. With this interface, applications can read and write
> (extend) MRs like regular files, enabling usages like configuration
> verification (e.g., verifying a TVM's configuration against digests stored
> in static/immutable MRs like MRCONFIGID on TDX or HOSTDATA on SEV) and
> runtime measurements (e.g., extending the measurement of a container image
> to an RTMR before running it).
>
> Patches included in this series:
>
> - Patch 1 adds TSM APIs for TVM guest drivers to register/expose MRs
> through sysfs.
> - Patch 2 provides a sample module demonstrating the usage of the new TSM
> APIs.
> - The remaining patches update the TDX guest driver to expose TDX MRs
> through the new TSM APIs.
>
> [1]: https://lore.kernel.org/linux-coco/20241210-tsm-rtmr-v3-0-5997d4dbda73@xxxxxxxxx/
>
> Signed-off-by: Cedric Xing <cedric.xing@xxxxxxxxx>
> ---
> Changes in v2:
> - Added TSM_MR_MAXBANKS Kconfig option
> - Updated Kconfig dependency for TSM_REPORTS
> - Updated comments in include/linux/tsm.h
> - Updated drivers/virt/coco/tsm-mr.c to use `IS_BUILTIN()` for determining
> if static buffer addresses can be converted to GPAs by `virt_to_phys()`
> - Renamed function `tdx_mcall_rtmr_extend()` -> `tdx_mcall_extend_rtmr()`
> - Link to v1: https://lore.kernel.org/r/20250212-tdx-rtmr-v1-0-9795dc49e132@xxxxxxxxx
>
> ---
> Cedric Xing (4):
> tsm: Add TVM Measurement Register support
> tsm: Add TSM measurement sample code
> x86/tdx: Add tdx_mcall_extend_rtmr() interface
> x86/tdx: Expose TDX MRs through TSM sysfs interface
>
> Documentation/ABI/testing/sysfs-kernel-tsm | 20 ++
> MAINTAINERS | 3 +-
> arch/x86/coco/tdx/tdx.c | 36 +++
> arch/x86/include/asm/shared/tdx.h | 1 +
> arch/x86/include/asm/tdx.h | 2 +
> drivers/virt/coco/Kconfig | 17 +-
> drivers/virt/coco/Makefile | 2 +
> drivers/virt/coco/tdx-guest/Kconfig | 24 +-
> drivers/virt/coco/tdx-guest/tdx-guest.c | 115 +++++++++
> drivers/virt/coco/{tsm.c => tsm-core.c} | 6 +-
> drivers/virt/coco/tsm-mr.c | 383 +++++++++++++++++++++++++++++
> include/linux/tsm.h | 65 +++++
> samples/Kconfig | 13 +
> samples/Makefile | 1 +
> samples/tsm/Makefile | 2 +
> samples/tsm/tsm_mr_sample.c | 107 ++++++++
> 16 files changed, 789 insertions(+), 8 deletions(-)
> ---
> base-commit: d082ecbc71e9e0bf49883ee4afd435a77a5101b6
> change-id: 20250209-tdx-rtmr-255479667146
>
> Best regards,
> --
> Cedric Xing <cedric.xing@xxxxxxxxx>
>
>
Tested-by: Jianxiong Gao <jxgao@xxxxxxxxxx>
I have verified that the patchset works on Google Cloud.

--
Jianxiong Gao

Next message: Mateusz Guzik: "Re: [PATCH] pipe: cache 2 pages instead of 1"
Previous message: tip-bot2 for Zhang Kunbo: " [tip: x86/cleanups] x86/irq: Fix missing declaration of 'io_apic_irqs'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]