Re: [RFC v3 00/27] lib: Rust implementation of SPDM

Next message: Bartosz Golaszewski: "Re: [PATCH v2 1/1] gpiolib: of: add gpio-line node support"
Previous message: Roberto Sassu: "Re: [PATCH v4] ima_fs: Avoid creating measurement lists for unsupported hash algos"
In reply to: dan.j.williams: "Re: [RFC v3 00/27] lib: Rust implementation of SPDM"
Next in thread: dan.j.williams: "Re: [RFC v3 00/27] lib: Rust implementation of SPDM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Lukas Wunner

Date: Thu Feb 19 2026 - 04:14:47 EST

On Wed, Feb 18, 2026 at 03:40:10PM -0800, dan.j.williams@xxxxxxxxx wrote:
> However, I notice that Aneesh needs x509 certificate parsing for his TSM
> driver [1], I think TDX would benefit from the same to offload needing
> to specify the wall-clock time to the module [2] for cert verification,
> and SEV-TIO (already upstream) is currently missing any facility for the
> host to attest the device.
>
> [1]: http://lore.kernel.org/20250728135216.48084-17-aneesh.kumar@xxxxxxxxxx

There's a newer version:

https://lore.kernel.org/all/20251027095602.1154418-1-aneesh.kumar@xxxxxxxxxx/

This would allow upstreaming at least the three X.509 patches at the
beginning of my CMA series (and Alistair's rSPDM series) and thus
reduce the patch count a little bit.

However I don't know how far along Aneesh's CCA work is.

Note that David Howells' introduction of ML-DSA in v7.0 moves around
a lot of the X.509 code so the three X.509 patches for CMA will no longer
apply cleanly:

https://lore.kernel.org/all/2977832.1770384806@xxxxxxxxxxxxxxxxxxxxxx/

I'll rebase my development branch after v7.0-rc1 is out and Aneesh can
then pick up the latest version from it:

https://github.com/l1k/linux/commits/doe

Thanks,

Lukas