This looks great Lukas, some forward looking review comments below. Lukas Wunner wrote: > Authenticate PCI devices with CMA-SPDM (PCIe r6.1 sec 6.31) and > expose the result in sysfs. This enables user-defined policies > such as forbidding driver binding to devices which failed > authentication. > > CMA-SPDM forms the basis for PCI encryption (PCIe r6.1 sec 6.33), > which will be submitted later. > > The meat of the series is in patches [07/12] and [08/12], which contain > the SPDM library and the CMA glue code (the PCI-adaption of SPDM). > > The reason why SPDM is done in-kernel is provided in patch [10/12]: > Briefly, when devices are reauthenticated on resume from system sleep, > user space is not yet available. Same when reauthenticating after > recovery from reset. > > One use case for CMA-SPDM and PCI encryption is confidential access > to passed-through devices: Neither the host nor other guests are > able to eavesdrop on device accesses, in particular if guest memory > is encrypted as well. Note, only for traffic over the SPDM session. In order for private MMIO and T=1 traffic to private memory, coordination with the platform TSM is mandated by all the known TSM (CPU/Platform security modules). This has implications for policy decisions later in this series. > Further use cases for the SPDM library are appearing on the horizon: > Alistair Francis and Wilfred Mallawa from WDC are interested in using > it for SCSI/SATA. David Box from Intel has implemented measurement > retrieval over SPDM. > > The root of trust is initially an in-kernel key ring of certificates. > We can discuss linking the system key ring into it, thereby allowing > EFI to pass trusted certificates to the kernel for CMA. Alternatively, > a bundle of trusted certificates could be loaded from the initrd. > I envision that we'll add TPMs or remote attestation services such as > https://keylime.dev/ to create an ecosystem of various trust sources. Linux also has an interest in accommodating opt-in to using platform managed keys, so the design requires that key management and session ownership is a system owner policy choice. > If you wish to play with PCI device authentication but lack capable > hardware, Wilfred has written a guide how to test with qemu: > https://github.com/twilfredo/spdm-emulation-guide-b >
