On 3/26/23 00:20, Kuppuswamy Sathyanarayanan wrote:
In TDX guest, the second stage of the attestation process is Quote generation. This process is required to convert the locally generated TDREPORT into a remotely verifiable Quote. It involves sending the TDREPORT data to a Quoting Enclave (QE) which will verify the integerity of the TDREPORT and sign it with an attestation key. Intel's TDX attestation driver exposes TDX_CMD_GET_QUOTE IOCTL to allow user agent get the TD Quote. Add a kernel selftest module to verify the Quote generation feature. TD Quote generation involves following steps: * Get the TDREPORT data using TDX_CMD_GET_REPORT IOCTL. * Embed the TDREPORT data in quote buffer and request for quote generation via TDX_CMD_GET_QUOTE IOCTL request. * Upon completion of the GetQuote request, check for non zero value in the status field of Quote header to make sure the generated quote is valid. Reviewed-by: Tony Luck <tony.luck@xxxxxxxxx> Reviewed-by: Andi Kleen <ak@xxxxxxxxxxxxxxx> Reviewed-by: Mika Westerberg <mika.westerberg@xxxxxxxxxxxxxxx> Acked-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx> --- tools/testing/selftests/tdx/tdx_guest_test.c | 68 ++++++++++++++++++-- 1 file changed, 62 insertions(+), 6 deletions(-)
Looks good to me. Reviewed-by: Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx> thanks, -- Shuah
