Here is a revised attempt at creating a shared sysfs-ABI for the concept
of a TSM (TEE Security Manager) as described by PCIe TDISP (PCIe 6.2
Section 11 TEE Device Interface Security Protocol). It remains an RFC
until at least one vendor (Intel, AMD, Rivos...) completes integration
with their low level TSM driver. I am actively working on that with Hao
Wu and Yilun Xu, but if another vendor adopts this before us, great.
Changes since v1: [1]
* Major simplifications:
* Drop the 'struct pci_tsm_req' concept (Yilun), but keep a common
@exec entry point from the PCI core to the low level driver.
* Drop Link IDE and related sysfs attributes (Alexey). This
sophistication may come back later, but no need to tackle that
complexity now.
* Move policy choice of requiring native CMA before TSM connection
to userspace policy. This removes the need to build on top of the
moving CMA baseline, and these series can now be considered on
indpendent timelines.
* Create a guest/ vs host/ split in drivers/virt/coco/ (Sathya)
* Require a parent device for the common TSM class device (Jonathan)
* Create a 'tdx' virtual bus and 'tdx_tsm' device to parent the TSM
class device
* Create a 'tdx_tsm' for the low-level TDX calls
* Rebase on v6.9-rc1 that includes a DEFINE_SYSFS_GROUP_VISIBLE()
* Cleanup usage of __free() to match the proposed style guide [2]
(Jonathan)
* Cleanup, clarifications, and fixes (Kevin)
* Improve the cover letter prose below (Bjorn, Kevin)
[1]: http://lore.kernel.org/r/170660662589.224441.11503798303914595072.stgit@xxxxxxxxxxxxxxxxxxxxxxxxx
[2]: http://lore.kernel.org/r/171140738438.1574931.15717256954707430472.stgit@xxxxxxxxxxxxxxxxxxxxxxxxx
Confidential Computing (CC) introduces the concept of hardware protected
(integrity and confidentiality) guest private memory. The next phase of
that journey is private memory access for guest assigned devices. To
date, assigned devices for CC guests are constrained to accessing shared
memory, unprotected clear-text memory. That mode incurs a bounce buffer
performance penalty as every DMA (direct-memory-access) performed by the
device must be later copied from shared-to-private memory for
device-write and private-to-shared copies for device-reads.
The PCIe TEE Device Interface Security Protocol (TDISP) arranges for
devices to be permitted to DMA to private memory directly, but it
requires significant infrastructure to authenticate, validate, and
provision a virtual-device interface to be used in CC guest.
TDISP specifies a TEE Security Manager (TSM) as a platform agent that
can manage the IOMMU, PCI host, and endpoint Device Security Manager
capabilities to convert an guest assigned device (physical function or
sriov-virtual function) into private mode operation.
What follows is common shared infrastructure for the PCI core to
interface with the platform TSM and a TDX as an example low level
consumer of these core capabilities.
Enable the PCI core to export a "connect" verb via sysfs for a given
device which, when the low level platform implementation is added,
arranges for the device to be authenticated and its link protected by
encryption and integrity checks.
---
Dan Williams (6):
configfs-tsm: Namespace TSM report symbols
coco/guest: Move shared guest CC infrastructure to drivers/virt/coco/guest/
x86/tdx: Introduce a "tdx" subsystem and "tsm" device
coco/tsm: Introduce a class device for TEE Security Managers
PCI/TSM: Authenticate devices via platform TSM
tdx_tsm: TEE Security Manager driver for TDX
Documentation/ABI/testing/sysfs-bus-pci | 46 +++++
MAINTAINERS | 7 +
arch/x86/include/asm/shared/tdx.h | 3
arch/x86/virt/vmx/tdx/tdx.c | 70 ++++++++
drivers/pci/Kconfig | 13 +
drivers/pci/Makefile | 2
drivers/pci/pci-sysfs.c | 4
drivers/pci/pci.h | 10 +
drivers/pci/probe.c | 1
drivers/pci/remove.c | 1
drivers/pci/tsm.c | 270 +++++++++++++++++++++++++++++++
drivers/virt/coco/Kconfig | 8 -
drivers/virt/coco/Makefile | 3
drivers/virt/coco/guest/Kconfig | 7 +
drivers/virt/coco/guest/Makefile | 2
drivers/virt/coco/guest/tsm_report.c | 32 ++--
drivers/virt/coco/host/Kconfig | 12 +
drivers/virt/coco/host/Makefile | 8 +
drivers/virt/coco/host/tdx_tsm.c | 68 ++++++++
drivers/virt/coco/host/tsm-core.c | 131 +++++++++++++++
drivers/virt/coco/sev-guest/sev-guest.c | 8 -
drivers/virt/coco/tdx-guest/tdx-guest.c | 8 -
include/linux/pci-tsm.h | 80 +++++++++
include/linux/pci.h | 11 +
include/linux/tsm.h | 31 ++--
include/uapi/linux/pci_regs.h | 4
26 files changed, 795 insertions(+), 45 deletions(-)
create mode 100644 drivers/pci/tsm.c
create mode 100644 drivers/virt/coco/guest/Kconfig
create mode 100644 drivers/virt/coco/guest/Makefile
rename drivers/virt/coco/{tsm.c => guest/tsm_report.c} (92%)
create mode 100644 drivers/virt/coco/host/Kconfig
create mode 100644 drivers/virt/coco/host/Makefile
create mode 100644 drivers/virt/coco/host/tdx_tsm.c
create mode 100644 drivers/virt/coco/host/tsm-core.c
create mode 100644 include/linux/pci-tsm.h
base-commit: 4cece764965020c22cff7665b18a012006359095
