Tested-by: Qinkun Bao <qinkun@xxxxxxxxxx> Thanks Sathyanarayanan for the new patch! This patch is critical for our use case. We built a guest image with the patch, and verified it works for us, when using a host kernel built with https://github.com/intel/tdx repo. On Sun, May 14, 2023 at 12:24 AM Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx> wrote: > > Hi All, > > In TDX guest, the attestation process is used to verify the TDX guest > trustworthiness to other entities before provisioning secrets to the > guest. > > The TDX guest attestation process consists of two steps: > > 1. TDREPORT generation > 2. Quote generation. > > The First step (TDREPORT generation) involves getting the TDX guest > measurement data in the format of TDREPORT which is further used to > validate the authenticity of the TDX guest. The second step involves > sending the TDREPORT to a Quoting Enclave (QE) server to generate a > remotely verifiable Quote. TDREPORT by design can only be verified on > the local platform. To support remote verification of the TDREPORT, > TDX leverages Intel SGX Quoting Enclave to verify the TDREPORT > locally and convert it to a remotely verifiable Quote. Although > attestation software can use communication methods like TCP/IP or > vsock to send the TDREPORT to QE, not all platforms support these > communication models. So TDX GHCI specification [1] defines a method > for Quote generation via hypercalls. Please check the discussion from > Google [2] and Alibaba [3] which clarifies the need for hypercall based > Quote generation support. This patch set adds this support. > > Support for TDREPORT generation already exists in the TDX guest driver. > This patchset extends the same driver to add the Quote generation > support. > > Following are the details of the patch set: > > Patch 1/3 -> Adds event notification IRQ support. > Patch 2/3 -> Adds Quote generation support. > Patch 3/3 -> Adds selftest support for Quote generation feature. > > [1] https://cdrdv2.intel.com/v1/dl/getContent/726790, section titled "TDG.VP.VMCALL<GetQuote>". > [2] https://lore.kernel.org/lkml/CAAYXXYxxs2zy_978GJDwKfX5Hud503gPc8=1kQ-+JwG_kA79mg@xxxxxxxxxxxxxx/ > [3] https://lore.kernel.org/lkml/a69faebb-11e8-b386-d591-dbd08330b008@xxxxxxxxxxxxxxxxx/ > > Kuppuswamy Sathyanarayanan (3): > x86/tdx: Add TDX Guest event notify interrupt support > virt: tdx-guest: Add Quote generation support > selftests/tdx: Test GetQuote TDX attestation feature > > Documentation/virt/coco/tdx-guest.rst | 11 ++ > arch/x86/coco/tdx/tdx.c | 194 +++++++++++++++++++ > arch/x86/include/asm/tdx.h | 8 + > drivers/virt/coco/tdx-guest/tdx-guest.c | 175 ++++++++++++++++- > include/uapi/linux/tdx-guest.h | 44 +++++ > tools/testing/selftests/tdx/tdx_guest_test.c | 65 ++++++- > 6 files changed, 490 insertions(+), 7 deletions(-) > > -- > 2.34.1 >