On Thu, Dec 05, 2024 at 02:23:45PM -0800, Dan Williams wrote: > The PCIe 6.1 specification, section 11, introduces the Trusted Execution > Environment (TEE) Device Interface Security Protocol (TDISP). This > interface definition builds upon Component Measurement and > Authentication (CMA), and link Integrity and Data Encryption (IDE). It > adds support for assigning devices (PCI physical or virtual function) to > a confidential VM such that the assigned device is enabled to access > guest private memory protected by technologies like Intel TDX, AMD > SEV-SNP, RISCV COVE, or ARM CCA. > +++ b/Documentation/ABI/testing/sysfs-bus-pci > @@ -583,3 +583,45 @@ Description: > enclosure-specific indications "specific0" to "specific7", > hence the corresponding led class devices are unavailable if > the DSM interface is used. > + > +What: /sys/bus/pci/devices/.../tsm/ > +Date: July 2024 > +Contact: linux-coco@xxxxxxxxxxxxxxx > +Description: > + This directory only appears if a physical device function supports > + authentication (PCIe CMA-SPDM), interface security (PCIe TDISP), and is > + accepted for secure operation by the platform TSM driver. This attribute > + directory appears dynamically after the platform TSM driver loads. So, > + only after the /sys/class/tsm/tsm0 device arrives can tools assume that > + devices without a tsm/ attribute directory will never have one, before > + that, the security capabilities of the device relative to the platform > + TSM are unknown. See Documentation/ABI/testing/sysfs-class-tsm. Wrap to fit in 80 columns like the rest of the file. > + > +What: /sys/bus/pci/devices/.../tsm/connect > +Date: July 2024 > +Contact: linux-coco@xxxxxxxxxxxxxxx > +Description: > + (RW) Writing "1" to this file triggers the platform TSM (TEE Security > + Manager) to establish a connection with the device. This typically > + includes an SPDM (DMTF Security Protocols and Data Models) session over > + PCIe DOE (Data Object Exchange) and may also include PCIe IDE (Integrity > + and Data Encryption) establishment.
