On Fri, Oct 06, 2023 at 09:06:13AM -0700, Dan Williams wrote: > Lukas Wunner wrote: > > The root of trust is initially an in-kernel key ring of certificates. > > We can discuss linking the system key ring into it, thereby allowing > > EFI to pass trusted certificates to the kernel for CMA. Alternatively, > > a bundle of trusted certificates could be loaded from the initrd. > > I envision that we'll add TPMs or remote attestation services such as > > https://keylime.dev/ to create an ecosystem of various trust sources. > > Linux also has an interest in accommodating opt-in to using platform > managed keys, so the design requires that key management and session > ownership is a system owner policy choice. You're pointing out a gap in the specification: There's an existing mechanism to negotiate which PCI features are handled natively by the OS and which by platform firmware and that's the _OSC Control Field (PCI Firmware Spec r3.3 table 4-5 and 4-6). There are currently 10 features whose ownership is negotiated with _OSC, examples are Hotplug control and DPC configuration control. I propose adding an 11th bit to negotiate ownership of the CMA-SPDM session. Once that's added to the PCI Firmware Spec, amending the implementation to honor it is trivial: Just check for platform ownership at the top of pci_cma_init() and return. Thanks, Lukas