Alexey Kardashevskiy wrote: [..] > > diff --git a/drivers/pci/cma.c b/drivers/pci/cma.c > > index be7d2bb21b4c..5a69e9919589 100644 > > --- a/drivers/pci/cma.c > > +++ b/drivers/pci/cma.c > > @@ -39,6 +39,9 @@ static ssize_t authenticated_store(struct device *dev, > > if (!sysfs_streq(buf, "native")) > > return -EINVAL; > > > > + if (pci_tsm_authenticated(pdev)) > > + return -EBUSY; > > + > > rc = pci_cma_reauthenticate(pdev); > > if (rc) > > return rc; > > btw is this "native" CMA expected to migrate to tsm_pci_ops? Thanks, No, CMA is independent from TSM enabling. So you have the option to only ever authenticate devices via kernel-native CMA, and ignore TEE I/O and the platform TSM completely. Or, once CMA authentication succeeds then the kernel additionally allows transitioning the device to be TSM authenticated / connected. This keeps the Linux device-attestation ecosystem healthy, standards compliant devices with managed certificate distribution.
