A TSM (TEE Security Manager) is a platform agent that facilitates TEE
I/O (device assignment for confidential VMs). It uses PCI CMA, IDE, and
TDISP to authenticate, encrypt/integrity-protect the link, and bind
device-virtual-functions capable of accessing private memory to
confidential VMs (TVMs).
Unlike native PCI CMA many of the details of establishing a connection
between a device (DSM) and the TSM are abstracted through platform APIs.
I.e. in the native case Linux picks the keys and validates the
certificates, in the TSM case Linux just sees a "success" from invoking
a "connect" API with the TSM.
SPDM only allows for one session-owner per transport (DOE), so the
expectation is that authentication will only ever be in the "native"
established case, or the "tsm" established case.
Convert the "authenticated" attribute to reflect {"none", "native"}
rather than {"0", "1"} in preparation for a follow-on {"none", "native",
"tsm"} possibility.
Note: Expect this patch gets folded into "PCI/CMA: Expose in sysfs
whether devices are authenticated" and assume Linux never ships
the binary authenticated ABI.
Cc: Wu Hao <hao.wu@xxxxxxxxx>
Cc: Yilun Xu <yilun.xu@xxxxxxxxx>
Cc: Lukas Wunner <lukas@xxxxxxxxx>
Cc: Samuel Ortiz <sameo@xxxxxxxxxxxx>
Cc: Alexey Kardashevskiy <aik@xxxxxxx>
Cc: Bjorn Helgaas <bhelgaas@xxxxxxxxxx>
Signed-off-by: Dan Williams <dan.j.williams@xxxxxxxxx>
---
Documentation/ABI/testing/sysfs-bus-pci | 14 ++++++++------
drivers/pci/cma.c | 7 ++++++-
2 files changed, 14 insertions(+), 7 deletions(-)
diff --git a/Documentation/ABI/testing/sysfs-bus-pci b/Documentation/ABI/testing/sysfs-bus-pci
index bec7c197451e..35b0e11fd0e6 100644
--- a/Documentation/ABI/testing/sysfs-bus-pci
+++ b/Documentation/ABI/testing/sysfs-bus-pci
@@ -505,12 +505,14 @@ What: /sys/bus/pci/devices/.../authenticated
Date: November 2023
Contact: Lukas Wunner <lukas@xxxxxxxxx>
Description:
- This file contains 1 if the device authenticated successfully
- with CMA-SPDM (PCIe r6.1 sec 6.31). It contains 0 if the
- device failed authentication (and may thus be malicious).
-
- Writing anything to this file causes reauthentication.
- That may be opportune after updating the .cma keyring.
+ This file contains "native" if the device authenticated
+ successfully with CMA-SPDM (PCIe r6.1 sec 6.31). It contains
+ "none" if the device failed authentication (and may thus be
+ malicious).
+
+ Writing "native" to this file causes reauthentication with
+ kernel-selected keys and the kernel's certificate chain. That
+ may be opportune after updating the .cma keyring.
The file is not visible if authentication is unsupported
by the device.
diff --git a/drivers/pci/cma.c b/drivers/pci/cma.c
index fb9bb5a637a5..be7d2bb21b4c 100644
--- a/drivers/pci/cma.c
+++ b/drivers/pci/cma.c
@@ -36,6 +36,9 @@ static ssize_t authenticated_store(struct device *dev,
(pdev->cma_init_failed || pdev->doe_init_failed))
return -ENOTTY;
+ if (!sysfs_streq(buf, "native"))
+ return -EINVAL;
+
rc = pci_cma_reauthenticate(pdev);
if (rc)
return rc;
@@ -52,7 +55,9 @@ static ssize_t authenticated_show(struct device *dev,
(pdev->cma_init_failed || pdev->doe_init_failed))
return -ENOTTY;
- return sysfs_emit(buf, "%u\n", spdm_authenticated(pdev->spdm_state));
+ if (spdm_authenticated(pdev->spdm_state))
+ return sysfs_emit(buf, "native\n");
+ return sysfs_emit(buf, "none\n");
}
static DEVICE_ATTR_RW(authenticated);
