Re: [PATCH v4 2/2] misc: Add Nitro Secure Module driver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Oct 09, 2023 at 09:20:53PM +0000, Alexander Graf wrote:
> When running Linux inside a Nitro Enclave, the hypervisor provides a
> special virtio device called "NSM". This device has 3 main functions:
> 
>   1) Provide attestation reports
>   2) Modify PCR state
>   3) Provide entropy
> 
> This patch adds a driver for NSM that exposes a /dev/nsm device node which
> user space can issue ioctls on to request attestation documents, influence
> PCR states, read entropy and enumerate status of the device. In addition,
> the driver implements a hwrng backend and exposes some of the NSM device
> metadata as sysfs entries.
> 
> Originally-by: Petre Eftime <petre.eftime@xxxxxxxxx>
> Signed-off-by: Alexander Graf <graf@xxxxxxxxxx>
> 
> ---
> 
> v1 -> v2:
> 
>   - Remove boilerplate
>   - Add uapi header
> 
> v2 -> v3:
> 
>   - Move globals to device struct
>   - Add compat handling
>   - Simplify some naming
>   - Remove debug prints
>   - Use module_virtio_driver
>   - Drop use of uio.h
> 
> v3 -> v4:
> 
>   - Merge hwrng into the misc driver
>   - Add dependency on CBOR library
>   - Add internal and ioctl logic for all current NSM actions
>   - Use in-struct arrays instead of kvecs
>   - Add sysfs entries for NSM metadata

You forgot Documentation/ABI/ entries for your new sysfs files so we can
see what exactly they are and if they are sane.

thanks,

greg k-h



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux