Lukas Wunner wrote: > CMA-SPDM state is lost when a device undergoes a Conventional Reset. > (But not a Function Level Reset, PCIe r6.2 sec 6.6.2.) A D3cold to D0 > transition implies a Conventional Reset (PCIe r6.2 sec 5.8). > > Thus, reauthenticate devices on resume from D3cold and on recovery from > a Secondary Bus Reset or DPC-induced Hot Reset. > > The requirement to reauthenticate devices on resume from system sleep > (and in the future reestablish IDE encryption) is the reason why SPDM TSM "connect" state also needs to be managed over reset, so stay tuned for some collaboration here. > needs to be in-kernel: During ->resume_noirq, which is the first phase > after system sleep, the PCI core walks down the hierarchy, puts each > device in D0, restores its config space and invokes the driver's > ->resume_noirq callback. The driver is afforded the right to access the > device already during this phase. I agree that CMA should be in kernel, it's not clear that authentication needs to be automatic, and certainly not in a way that a driver can not opt-out of. What if a use case cares about resume time latency? What if a driver knows that authentication is only needed later in the resume flow? Seems presumptious for the core to assume it knows best when authentication needs to happen. At a minimum I think pci_cma_reauthenticate() should do something like: /* not previously authenticated skip authentication */ if (!spdm_state->authenticated) return; ...so that spdm capable devices can opt-out of automatic reauthentication.
