On Fri, 2022-09-09 at 12:27 -0700, Kuppuswamy Sathyanarayanan wrote: > Attestation is used to verify the trustworthiness of a TDX guest. > During the guest bring-up, Intel TDX module measures and records > the initial contents and configuration of the guest, and at runtime, > guest software uses runtime measurement registers (RMTRs) to measure > and record details related to kernel image, command line params, ACPI > tables, initrd, etc. At TDX guest runtime, Intel SGX attestation > infrastructure is re-used to attest to these measurement data. Similar the comment to patch 3, I don't particularly like "to attest" part as only the verification service can truly _attest_ somthing (I suppose the "SGX infrastructure" here you mean SGX QE to generate the Quote). I think you can just say something like "TDX leverages SGX Quote mechanism to support remote attestation of TDX guests". And you can combine this with below paragraph. > > First step in the TDX attestation process is to get the TDREPORT data. > It is a fixed size data structure generated by the TDX module which > includes the above mentioned measurements data, a MAC to protect the > integerity of the TDREPORT, and a 64-Byte of user specified data passed > during TDREPORT request which can uniquely identify the TDREPORT. > > Intel's TDX guest driver exposes TDX_CMD_GET_REPORT IOCTL interface to > get the TDREPORT from the user space. > > Add a kernel selftest module to test this ABI and verify the validity > of generated TDREPORT. > > Reviewed-by: Tony Luck <tony.luck@xxxxxxxxx> > Reviewed-by: Andi Kleen <ak@xxxxxxxxxxxxxxx> > Acked-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx> > Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx> Anyway (although still not sure all the definitions of TDX architectural data structures are needed): Acked-by: Kai Huang <kai.huang@xxxxxxxxx> -- Thanks, -Kai
