Steven Price wrote: > From: Sami Mujawar <sami.mujawar@xxxxxxx> > > Introduce an arm-cca-guest driver that registers with > the configfs-tsm module to provide user interfaces for > retrieving an attestation token. > > When a new report is requested the arm-cca-guest driver > invokes the appropriate RSI interfaces to query an > attestation token. > > The steps to retrieve an attestation token are as follows: > 1. Mount the configfs filesystem if not already mounted > mount -t configfs none /sys/kernel/config > 2. Generate an attestation token > report=/sys/kernel/config/tsm/report/report0 > mkdir $report > dd if=/dev/urandom bs=64 count=1 > $report/inblob > hexdump -C $report/outblob > rmdir $report > > Signed-off-by: Sami Mujawar <sami.mujawar@xxxxxxx> > Signed-off-by: Suzuki K Poulose <suzuki.poulose@xxxxxxx> > Signed-off-by: Steven Price <steven.price@xxxxxxx> > --- > Changes since v6: > * Avoid get_cpu() and instead make the init attestation call using > smp_call_function_single(). Improve comments to explain the logic. > * Minor code reorgnisation and comment cleanup following Gavin's review > (thanks!) > --- > drivers/virt/coco/Kconfig | 2 + > drivers/virt/coco/Makefile | 1 + > drivers/virt/coco/arm-cca-guest/Kconfig | 11 + > drivers/virt/coco/arm-cca-guest/Makefile | 2 + > .../virt/coco/arm-cca-guest/arm-cca-guest.c | 224 ++++++++++++++++++ > 5 files changed, 240 insertions(+) > create mode 100644 drivers/virt/coco/arm-cca-guest/Kconfig > create mode 100644 drivers/virt/coco/arm-cca-guest/Makefile > create mode 100644 drivers/virt/coco/arm-cca-guest/arm-cca-guest.c [..] > diff --git a/drivers/virt/coco/arm-cca-guest/Kconfig b/drivers/virt/coco/arm-cca-guest/Kconfig > new file mode 100644 > index 000000000000..9dd27c3ee215 > --- /dev/null > +++ b/drivers/virt/coco/arm-cca-guest/Kconfig > @@ -0,0 +1,11 @@ > +config ARM_CCA_GUEST > + tristate "Arm CCA Guest driver" > + depends on ARM64 > + default m I am working on some updates to the TSM_REPORTS interface, rebased them to test the changes with this driver, and discovered that this driver is enabled by default. Just a reminder to please do not mark new drivers as "default m" [1]. In this case it is difficult to imagine that every arm64 kernel on the planet needs this functionality enabled by default. In general, someone should be able to run olddefconfig with a new kernel and not be exposed to brand new drivers that they have not considered previously. [1]: http://lore.kernel.org/CA+55aFzxL6-Xp=-mnBwMisZsuKhRZ6zRDJoAmH8W5LDHU2oJuw@xxxxxxxxxxxxxx/
