On Tue, 2022-04-19 at 19:47 +1200, Kai Huang wrote: > On Fri, 2022-04-15 at 15:01 -0700, Kuppuswamy Sathyanarayanan wrote: > > --- /dev/null > > +++ b/drivers/platform/x86/intel/tdx/Kconfig > > @@ -0,0 +1,13 @@ > > +# SPDX-License-Identifier: GPL-2.0 > > +# > > +# X86 TDX Platform Specific Drivers > > +# > > + > > +config INTEL_TDX_ATTESTATION > > + tristate "Intel TDX attestation driver" > > + depends on INTEL_TDX_GUEST > > + help > > + The TDX attestation driver provides IOCTL interfaces to the user to > > + request TDREPORT from the TDX module or request quote from the VMM > > + or to get quote buffer size. It is mainly used to get secure disk > > + decryption keys from the key server. > > diff --git a/drivers/platform/x86/intel/tdx/Makefile b/drivers/platform/x86/intel/tdx/Makefile > > new file mode 100644 > > index 000000000000..94eea6108fbd > > --- /dev/null > > +++ b/drivers/platform/x86/intel/tdx/Makefile > > @@ -0,0 +1,3 @@ > > +# SPDX-License-Identifier: GPL-2.0 > > + > > +obj-$(CONFIG_INTEL_TDX_ATTESTATION) += intel_tdx_attest.o > > diff --git a/drivers/platform/x86/intel/tdx/intel_tdx_attest.c b/drivers/platform/x86/intel/tdx/intel_tdx_attest.c > > new file mode 100644 > > index 000000000000..9124db800d4f > > --- /dev/null > > +++ b/drivers/platform/x86/intel/tdx/intel_tdx_attest.c > > > From security's perspective, attestation is an essential part of TDX. That > being said, w/o attestation support in TD guest, I guess nobody will seriously > use TD guest. > > From this perspective, I am not sure what's the value of having a dedicated > INTEL_TDX_ATTESTATION Kconfig. The attestation support code should be turned on > unconditionally when CONFIG_INTEL_TDX_GUEST is on. The code can also be just > under arch/x86/coco/tdx/ I guess? > > But I'll leave this to maintainers. In fact after slightly thinking more, I think you can split TDREPORT TDCALL support with GetQuote/SetupEventNotifyInterrupt support. The reason is as I said, GetQuote isn't mandatory to support attestation. TD attestation agent can use i.e. vsock, tcp/ip, to communicate to QE directly. Whether kernel needs to support GetQuote is actually arguable. So IMHO you can split this attestation driver into two parts: 1) A "basic" driver which supports reporting TDREPORT to userspace 2) Additional support of GetQuote/SetupEventNotifyInterrupt. The 1) can even be in a single patch (I guess it won't be complicated). It is easy to review (and i.e. can be merged separately), and with it, you will immediately have one way to support attestation. 2) can be reviewed separately, perhaps with one additional Kconfig option (i.e. CONFIG_INTEL_TDX_ATTESTATION_GET_QUOTE). I think this part has most of the complexity things in terms of review. -- Thanks, -Kai
