Re: [PATCH v5 19/19] virt: arm-cca-guest: TSM_REPORT support for realms

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 8/19/24 11:19 PM, Steven Price wrote:

From: Sami Mujawar <sami.mujawar@xxxxxxx>

Introduce an arm-cca-guest driver that registers with
the configfs-tsm module to provide user interfaces for
retrieving an attestation token.

When a new report is requested the arm-cca-guest driver
invokes the appropriate RSI interfaces to query an
attestation token.

The steps to retrieve an attestation token are as follows:
   1. Mount the configfs filesystem if not already mounted
      mount -t configfs none /sys/kernel/config
   2. Generate an attestation token
      report=/sys/kernel/config/tsm/report/report0
      mkdir $report
      dd if=/dev/urandom bs=64 count=1 > $report/inblob
      hexdump -C $report/outblob
      rmdir $report

Signed-off-by: Sami Mujawar <sami.mujawar@xxxxxxx>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@xxxxxxx>
Signed-off-by: Steven Price <steven.price@xxxxxxx>
---
v3: Minor improvements to comments and adapt to the renaming of
GRANULE_SIZE to RSI_GRANULE_SIZE.
---
  drivers/virt/coco/Kconfig                     |   2 +
  drivers/virt/coco/Makefile                    |   1 +
  drivers/virt/coco/arm-cca-guest/Kconfig       |  11 +
  drivers/virt/coco/arm-cca-guest/Makefile      |   2 +
  .../virt/coco/arm-cca-guest/arm-cca-guest.c   | 211 ++++++++++++++++++
  5 files changed, 227 insertions(+)
  create mode 100644 drivers/virt/coco/arm-cca-guest/Kconfig
  create mode 100644 drivers/virt/coco/arm-cca-guest/Makefile
  create mode 100644 drivers/virt/coco/arm-cca-guest/arm-cca-guest.c



[...]


+
+/**
+ * arm_cca_report_new - Generate a new attestation token.
+ *
+ * @report: pointer to the TSM report context information.
+ * @data:  pointer to the context specific data for this module.
+ *
+ * Initialise the attestation token generation using the challenge data
+ * passed in the TSM decriptor. Allocate memory for the attestation token

                        ^^^^^^^^^

Typo. s/decriptor/descriptor as reported by './scripts/checkpatch.pl --codespell'



+ * and schedule calls to retrieve the attestation token on the same CPU
+ * on which the attestation token generation was initialised.
+ *
+ * The challenge data must be at least 32 bytes and no more than 64 bytes. If
+ * less than 64 bytes are provided it will be zero padded to 64 bytes.
+ *
+ * Return:
+ * * %0        - Attestation token generated successfully.
+ * * %-EINVAL  - A parameter was not valid.
+ * * %-ENOMEM  - Out of memory.
+ * * %-EFAULT  - Failed to get IPA for memory page(s).
+ * * A negative status code as returned by smp_call_function_single().
+ */


Thanks,
Gavin
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux