Re: [RFC PATCH 7/7] tsm: Add secure SPDM support

Xu Yilun <yilun.xu@xxxxxxxxxxxxxxx> · Thu, 27 Feb 2025 14:50:54 +0800

On Wed, Feb 26, 2025 at 05:43:23PM +0530, Aneesh Kumar K.V (Arm) wrote:
> Add secure doe mailbox support
> 
> Signed-off-by: Aneesh Kumar K.V (Arm) <aneesh.kumar@xxxxxxxxxx>
> ---
>  drivers/pci/tsm.c       | 24 +++++++++++++++++++-----
>  include/linux/pci-tsm.h |  1 +
>  2 files changed, 20 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/pci/tsm.c b/drivers/pci/tsm.c
> index 3251dc5eeef8..cb251497ca68 100644
> --- a/drivers/pci/tsm.c
> +++ b/drivers/pci/tsm.c
> @@ -194,12 +194,16 @@ static void __pci_tsm_init(struct pci_dev *pdev)
>  		return;
>  
>  	mutex_init(&pci_tsm->lock);
> -	pci_tsm->doe_mb = pci_find_doe_mailbox(pdev, PCI_VENDOR_ID_PCI_SIG,
> +	pci_tsm->doe_mb 	= pci_find_doe_mailbox(pdev, PCI_VENDOR_ID_PCI_SIG,
>  					       PCI_DOE_PROTO_CMA);
> -	pci_info(pdev, "Device security capabilities detected (%s%s%s)\n",
> +	pci_tsm->doe_secure_mb 	= pci_find_doe_mailbox(pdev, PCI_VENDOR_ID_PCI_SIG,
> +					       PCI_DOE_PROTO_SSESSION);

Do you have 2 doe mb instances on PCI cap? And one only support CMA,
another only support SSESSION?

If it is not the case, pci_tsm->doe_mb & pci_tsm->doe_secure_mb are
likely the same one.

Thanks,
Yilun

> +
> +	pci_info(pdev, "Device security capabilities detected (%s%s%s%s)\n",
>  		 pdev->ide_cap ? " ide" : "",
>  		 tee_cap ? " tee" : "",
> -		 pci_tsm->doe_mb ? " doe" : "");
> +		 pci_tsm->doe_mb ? " doe" : "",
> +		 pci_tsm->doe_secure_mb ? " secure-doe" : "");
>  
>  	pci_tsm->state = PCI_TSM_INIT;
>  	pci_tsm->dsm = no_free_ptr(dsm);
> @@ -277,10 +281,20 @@ int pci_tsm_doe_transfer(struct pci_dev *pdev, enum pci_doe_proto type,
>  			 const void *req, size_t req_sz, void *resp,
>  			 size_t resp_sz)
>  {
> -	if (!pdev->tsm || !pdev->tsm->doe_mb)
> +	struct pci_doe_mb *mb = NULL;
> +
> +	if (!pdev->tsm)
> +		return -ENXIO;
> +
> +	if (type == PCI_DOE_PROTO_CMA)
> +		mb = pdev->tsm->doe_mb;
> +	else if (type == PCI_DOE_PROTO_SSESSION)
> +		mb = pdev->tsm->doe_secure_mb;
> +
> +	if (!mb)
>  		return -ENXIO;
>  
> -	return pci_doe(pdev->tsm->doe_mb, PCI_VENDOR_ID_PCI_SIG, type, req,
> +	return pci_doe(mb, PCI_VENDOR_ID_PCI_SIG, type, req,
>  		       req_sz, resp, resp_sz);
>  }
>  EXPORT_SYMBOL_GPL(pci_tsm_doe_transfer);
> diff --git a/include/linux/pci-tsm.h b/include/linux/pci-tsm.h
> index 6ad2081a329d..815da9c3fc50 100644
> --- a/include/linux/pci-tsm.h
> +++ b/include/linux/pci-tsm.h
> @@ -34,6 +34,7 @@ struct pci_tsm {
>  	enum pci_tsm_state state;
>  	struct mutex lock;
>  	struct pci_doe_mb *doe_mb;
> +	struct pci_doe_mb *doe_secure_mb;
>  	struct pci_dsm *dsm;
>  };
>  
> -- 
> 2.43.0
> 