The second stage in the attestation process is for the guest to request the VMM generate and sign a quote based on the TDREPORT acquired earlier. Add tdx_hcall_get_quote() helper function to implement the GetQuote hypercall. More details about the GetQuote TDVMCALL are in the Guest-Host Communication Interface (GHCI) Specification, sec 3.3, titled "TDG.VP.VMCALL<GetQuote>". This will be used by the TD attestation driver in follow-on patches. Reviewed-by: Tony Luck <tony.luck@xxxxxxxxx> Reviewed-by: Andi Kleen <ak@xxxxxxxxxxxxxxx> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx> --- arch/x86/include/asm/tdx.h | 2 ++ arch/x86/kernel/tdx.c | 30 ++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index 4f1b5c14a09b..1599aa4850e5 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -98,6 +98,8 @@ bool tdg_filter_enabled(void); int tdx_mcall_tdreport(u64 data, u64 reportdata); +int tdx_hcall_get_quote(u64 data); + /* * To support I/O port access in decompressor or early kernel init * code, since #VE exception handler cannot be used, use paravirt diff --git a/arch/x86/kernel/tdx.c b/arch/x86/kernel/tdx.c index 0f797803f4c8..eb3a90051604 100644 --- a/arch/x86/kernel/tdx.c +++ b/arch/x86/kernel/tdx.c @@ -28,6 +28,7 @@ /* TDX hypercall Leaf IDs */ #define TDVMCALL_MAP_GPA 0x10001 +#define TDVMCALL_GET_QUOTE 0x10002 /* TDX Module call error codes */ #define TDX_PAGE_ALREADY_ACCEPTED 0x8000000000000001 @@ -36,6 +37,9 @@ #define TDCALL_INVALID_OPERAND 0x8000000000000000 #define TDCALL_RETURN_CODE(a) ((a) & TDCALL_RETURN_CODE_MASK) +/* TDX hypercall error codes */ +#define TDVMCALL_INVALID_OPERAND 0x8000000000000000 +#define TDVMCALL_TDREPORT_FAILED 0x8000000000000001 #define VE_IS_IO_OUT(exit_qual) (((exit_qual) & 8) ? 0 : 1) #define VE_GET_IO_SIZE(exit_qual) (((exit_qual) & 7) + 1) @@ -172,6 +176,32 @@ int tdx_mcall_tdreport(u64 data, u64 reportdata) } EXPORT_SYMBOL_GPL(tdx_mcall_tdreport); +/* + * tdx_hcall_get_quote() - Generate TDQUOTE using TDREPORT_STRUCT. + * + * @data : Physical address of 4KB GPA memory which contains + * TDREPORT_STRUCT. + * + * return 0 on success or failure error number. + */ +int tdx_hcall_get_quote(u64 data) +{ + u64 ret; + + if (!data || !prot_guest_has(PR_GUEST_TDX)) + return -EINVAL; + + ret = _trace_tdx_hypercall(TDVMCALL_GET_QUOTE, data, 0, 0, 0, NULL); + + if (ret == TDVMCALL_INVALID_OPERAND) + return -EINVAL; + else if (ret == TDVMCALL_TDREPORT_FAILED) + return -EBUSY; + + return 0; +} +EXPORT_SYMBOL_GPL(tdx_hcall_get_quote); + static void tdg_get_info(void) { u64 ret; -- 2.25.1