Hi Erdem, On 5/9/23 5:10 PM, Erdem Aktas wrote: > On Wed, Apr 12, 2023 at 8:42 PM Kuppuswamy Sathyanarayanan > <sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx> wrote: >> >> Hi All, >> >> In TDX guest, the attestation process is used to verify the TDX guest >> trustworthiness to other entities before provisioning secrets to the >> guest. >> >> The TDX guest attestation process consists of two steps: >> >> 1. TDREPORT generation >> 2. Quote generation. >> >> The First step (TDREPORT generation) involves getting the TDX guest >> measurement data in the format of TDREPORT which is further used to >> validate the authenticity of the TDX guest. The second step involves >> sending the TDREPORT to a Quoting Enclave (QE) server to generate a >> remotely verifiable Quote. TDREPORT by design can only be verified on >> the local platform. To support remote verification of the TDREPORT, >> TDX leverages Intel SGX Quoting Enclave to verify the TDREPORT >> locally and convert it to a remotely verifiable Quote. Although >> attestation software can use communication methods like TCP/IP or >> vsock to send the TDREPORT to QE, not all platforms support these >> communication models. So TDX GHCI specification [1] defines a method >> for Quote generation via hypercalls. Please check the discussion from >> Google [2] and Alibaba [3] which clarifies the need for hypercall based >> Quote generation support. This patch set adds this support. > > > Thanks Kuppuswamy for the v2 of this patch set. > I reviewed all 3 patches and it looks good for me and it covers our use cases. Thanks for the review. I will address other reviewers comments and resubmit v3 this week. I will include your Reviewed-by in it. > >> >> Support for TDREPORT generation already exists in the TDX guest driver. >> This patchset extends the same driver to add the Quote generation >> support. >> >> Following are the details of the patch set: >> >> Patch 1/3 -> Adds event notification IRQ support. >> Patch 2/3 -> Adds Quote generation support. >> Patch 3/3 -> Adds selftest support for Quote generation feature. >> >> [1] https://cdrdv2.intel.com/v1/dl/getContent/726790, section titled "TDG.VP.VMCALL<GetQuote>". >> [2] https://lore.kernel.org/lkml/CAAYXXYxxs2zy_978GJDwKfX5Hud503gPc8=1kQ-+JwG_kA79mg@xxxxxxxxxxxxxx/ >> [3] https://lore.kernel.org/lkml/a69faebb-11e8-b386-d591-dbd08330b008@xxxxxxxxxxxxxxxxx/ >> >> Kuppuswamy Sathyanarayanan (3): >> x86/tdx: Add TDX Guest event notify interrupt support >> virt: tdx-guest: Add Quote generation support >> selftests/tdx: Test GetQuote TDX attestation feature >> >> Documentation/virt/coco/tdx-guest.rst | 11 ++ >> arch/x86/coco/tdx/tdx.c | 196 +++++++++++++++++++ >> arch/x86/include/asm/tdx.h | 8 + >> drivers/virt/coco/tdx-guest/tdx-guest.c | 168 +++++++++++++++- >> include/uapi/linux/tdx-guest.h | 43 ++++ >> tools/testing/selftests/tdx/tdx_guest_test.c | 68 ++++++- >> 6 files changed, 487 insertions(+), 7 deletions(-) >> >> -- >> 2.34.1 >> -- Sathyanarayanan Kuppuswamy Linux Kernel Developer
