From patchwork Mon Mar 6 09:20:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrea Righi X-Patchwork-Id: 1752269 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=gbQNW9YJ; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4PVY3q1hgXz246l for ; Mon, 6 Mar 2023 20:21:26 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1pZ71y-0007my-EV; Mon, 06 Mar 2023 09:21:18 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1pZ71p-0007gb-PR for kernel-team@lists.ubuntu.com; Mon, 06 Mar 2023 09:21:09 +0000 Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 309643F125 for ; Mon, 6 Mar 2023 09:21:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1678094469; bh=3QUhESpsJG3/Q4t3sdpOc8qOvq8Wof0H1f4g0t510Q0=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=gbQNW9YJYljQPBiOHS5+xSpZ4Ct2ggFI0LIbtdiyqgUje52FNBiBuWMXcQTPG/zrH jw81e4BTXSBusaVeT0HjBa9wKDmOduAHjACs809QRxDCO+aSIU2/A6RsFpp3nyWdkS Cb1WMbs0IcMqvJCawG2N5H0J1zUCGznqqgVzS98T0voyrX4mUNsQgLrBpAxt9UYMe9 TdeFya08sr3q9udEjnljik9920rQDKxDmVzssPaGJYPQzlTCz1i3xaEefqkxQHa0Ez uEIpIcoh1kRygum9bhGHJ+QipGDJpG6SC396JpCFSSbYbT0O3CS9KDFiiLEBe4b9yv /kfuLOXDE89lA== Received: by mail-ed1-f70.google.com with SMTP id y1-20020a056402358100b004ea439d57b7so635251edc.12 for ; Mon, 06 Mar 2023 01:21:09 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3QUhESpsJG3/Q4t3sdpOc8qOvq8Wof0H1f4g0t510Q0=; b=7ds4NKPTNIWnVu3uHBeufwXIVFXhTvj5AoP4Cab2IErnvkSWvmBTn+rPoKFeM7KH5X lVrovP8UTWASn/Ns7XIFz0YE8DlngZkA7CUpNsCzJATxYy9oR1YioTcS3OGdsKLuhAG7 0Xpq4/8luLXUB9l2RGX8RQDx325Am6+i1xLvIO77sP0f08GuOn/JMC4MdEW09keKxGCE /kd+t7Hdf02OzjABTrRoZyCCIluKrAKJIM5R9j9ukJz8HySouioZpy8efdGiBA9Z57qQ fkJ3ECeZ6TDAB7V4dphWprClK+vsUHNBLQ/LYw0mKWCPnhzbHJnJQJZ3dz5p9VTs3VJC LVSQ== X-Gm-Message-State: AO0yUKXCE/lMhbAooaQJEqsQeaHFdJRH06NSYAsEraBA8Inq3WIBmwdZ IBMEZmZSypQ/Zv63Rp0OQe7lsOTUWshdL2PywlCIZ120veBu9y+uWDG3XaDlEuv8gCJL7l9r8Hm TBQACSA71qVYOOHlZphGyBk1DQEe+ED5tUwj17Jv9XiAAWmeC0g== X-Received: by 2002:aa7:d7c3:0:b0:4af:5aa1:6e58 with SMTP id e3-20020aa7d7c3000000b004af5aa16e58mr9792603eds.21.1678094467722; Mon, 06 Mar 2023 01:21:07 -0800 (PST) X-Google-Smtp-Source: AK7set84JzSYmbNXXuFb8Kba11gWYufpoYDyXDnQ19jg6qI/Q304kSnsO++G4Lm2LCS59fLl4YvmwA== X-Received: by 2002:aa7:d7c3:0:b0:4af:5aa1:6e58 with SMTP id e3-20020aa7d7c3000000b004af5aa16e58mr9792588eds.21.1678094467423; Mon, 06 Mar 2023 01:21:07 -0800 (PST) Received: from localhost.localdomain (host-79-53-23-214.retail.telecomitalia.it. [79.53.23.214]) by smtp.gmail.com with ESMTPSA id n18-20020a50c212000000b004af515d2dd8sm4864293edf.74.2023.03.06.01.21.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Mar 2023 01:21:07 -0800 (PST) From: Andrea Righi To: kernel-team@lists.ubuntu.com Subject: [SRU][K][PATCH 1/6] Revert "UBUNTU: SAUCE: selftests: tdx: Test GetReport TDX attestation feature" Date: Mon, 6 Mar 2023 10:20:53 +0100 Message-Id: <20230306092058.26718-2-andrea.righi@canonical.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230306092058.26718-1-andrea.righi@canonical.com> References: <20230306092058.26718-1-andrea.righi@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/2009437 This reverts commit the following commit, that will be replaced by a new TDX patch set: 0b78a71c7d76 ("UBUNTU: SAUCE: selftests: tdx: Test GetReport TDX attestation feature") Signed-off-by: Andrea Righi --- tools/arch/x86/include/uapi/asm/tdx.h | 51 ------ tools/testing/selftests/Makefile | 1 - tools/testing/selftests/tdx/Makefile | 11 -- tools/testing/selftests/tdx/config | 1 - tools/testing/selftests/tdx/tdx_attest_test.c | 156 ------------------ 5 files changed, 220 deletions(-) delete mode 100644 tools/arch/x86/include/uapi/asm/tdx.h delete mode 100644 tools/testing/selftests/tdx/Makefile delete mode 100644 tools/testing/selftests/tdx/config delete mode 100644 tools/testing/selftests/tdx/tdx_attest_test.c diff --git a/tools/arch/x86/include/uapi/asm/tdx.h b/tools/arch/x86/include/uapi/asm/tdx.h deleted file mode 100644 index c1667b20fe20..000000000000 --- a/tools/arch/x86/include/uapi/asm/tdx.h +++ /dev/null @@ -1,51 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ -#ifndef _UAPI_ASM_X86_TDX_H -#define _UAPI_ASM_X86_TDX_H - -#include -#include - -/* Length of the REPORTDATA used in TDG.MR.REPORT TDCALL */ -#define TDX_REPORTDATA_LEN 64 - -/* Length of TDREPORT used in TDG.MR.REPORT TDCALL */ -#define TDX_REPORT_LEN 1024 - -/** - * struct tdx_report_req: Get TDREPORT using REPORTDATA as input. - * - * @subtype : Subtype of TDREPORT (fixed as 0 by TDX Module - * specification, but added a parameter to handle - * future extension). - * @reportdata : User-defined REPORTDATA to be included into - * TDREPORT. Typically it can be some nonce - * provided by attestation service, so the - * generated TDREPORT can be uniquely verified. - * @rpd_len : Length of the REPORTDATA (fixed as 64 bytes by - * the TDX Module specification, but parameter is - * added to handle future extension). - * @tdreport : TDREPORT output from TDCALL[TDG.MR.REPORT]. - * @tdr_len : Length of the TDREPORT (fixed as 1024 bytes by - * the TDX Module specification, but a parameter - * is added to accommodate future extension). - * - * Used in TDX_CMD_GET_REPORT IOCTL request. - */ -struct tdx_report_req { - __u8 subtype; - __u64 reportdata; - __u32 rpd_len; - __u64 tdreport; - __u32 tdr_len; -}; - -/* - * TDX_CMD_GET_REPORT - Get TDREPORT using TDCALL[TDG.MR.REPORT] - * - * Return 0 on success, -EIO on TDCALL execution failure, and - * standard errno on other general error cases. - * - */ -#define TDX_CMD_GET_REPORT _IOWR('T', 0x01, __u64) - -#endif /* _UAPI_ASM_X86_TDX_H */ diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index 807a839d69c4..de11992dc577 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -69,7 +69,6 @@ TARGETS += sync TARGETS += syscall_user_dispatch TARGETS += sysctl TARGETS += tc-testing -TARGETS += tdx TARGETS += timens ifneq (1, $(quicktest)) TARGETS += timers diff --git a/tools/testing/selftests/tdx/Makefile b/tools/testing/selftests/tdx/Makefile deleted file mode 100644 index 014795420184..000000000000 --- a/tools/testing/selftests/tdx/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: GPL-2.0 - -top_srcdir = ../../../.. - -LINUX_TOOL_ARCH_INCLUDE = $(top_srcdir)/tools/arch/x86/include - -CFLAGS += -O3 -Wl,-no-as-needed -Wall -static -I$(LINUX_TOOL_ARCH_INCLUDE) - -TEST_GEN_PROGS := tdx_attest_test - -include ../lib.mk diff --git a/tools/testing/selftests/tdx/config b/tools/testing/selftests/tdx/config deleted file mode 100644 index 1340073a4abf..000000000000 --- a/tools/testing/selftests/tdx/config +++ /dev/null @@ -1 +0,0 @@ -CONFIG_INTEL_TDX_GUEST=y diff --git a/tools/testing/selftests/tdx/tdx_attest_test.c b/tools/testing/selftests/tdx/tdx_attest_test.c deleted file mode 100644 index b8cef2707905..000000000000 --- a/tools/testing/selftests/tdx/tdx_attest_test.c +++ /dev/null @@ -1,156 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0 -/* - * Test TDX attestation feature - * - * Copyright (C) 2022 Intel Corporation. All rights reserved. - * - * Author: Kuppuswamy Sathyanarayanan - */ - - -#include -#include -#include -#include -#include -#include -#include - -#include "../kselftest_harness.h" - -#define devname "/dev/tdx-guest" -#define HEX_DUMP_SIZE 8 -#define __packed __attribute__((packed)) - -/* - * Trusted Execution Environment (TEE) report (TDREPORT_STRUCT) type, - * sub type and version. More details can be found in TDX v1.0 Module - * specification, sec titled "REPORTTYPE". - */ -struct tdreport_type { - /* 0 - SGX, 81 -TDX, rest are reserved */ - __u8 type; - /* Default value is 0 */ - __u8 sub_type; - /* Default value is 0 */ - __u8 version; - __u8 reserved; -} __packed; - -/* - * struct reportmac - First field in the TRDREPORT_STRUCT. It is common - * to Intel’s TEE's e.g., SGX and TDX. It is MAC-protected and contains - * hashes of the remainder of the report structure which includes the - * TEE’s measurements, and where applicable, the measurements of additional - * TCB elements not reflected in CPUSVN – e.g., a SEAM’s measurements. - * More details can be found in TDX v1.0 Module specification, sec titled - * "REPORTMACSTRUCT" - */ -struct reportmac { - struct tdreport_type type; - __u8 reserved1[12]; - /* CPU security version */ - __u8 cpu_svn[16]; - /* SHA384 hash of TEE TCB INFO */ - __u8 tee_tcb_info_hash[48]; - /* SHA384 hash of TDINFO_STRUCT */ - __u8 tee_td_info_hash[48]; - /* User defined unique data passed in TDG.MR.REPORT request */ - __u8 reportdata[64]; - __u8 reserved2[32]; - __u8 mac[32]; -} __packed; - -/* - * struct td_info - It contains the measurements and initial configuration - * of the TD that was locked at initialization and a set of measurement - * registers that are run-time extendable. These values are copied from - * the TDCS by the TDG.MR.REPORT function. More details can be found in - * TDX v1.0 Module specification, sec titled "TDINFO_STRUCT". - */ -struct td_info { - /* TD attributes (like debug, spet_disable, etc) */ - __u8 attr[8]; - __u64 xfam; - /* Measurement registers */ - __u64 mrtd[6]; - __u64 mrconfigid[6]; - __u64 mrowner[6]; - __u64 mrownerconfig[6]; - /* Runtime measurement registers */ - __u64 rtmr[24]; - __u64 reserved[14]; -} __packed; - -struct tdreport { - /* Common to TDX/SGX of size 256 bytes */ - struct reportmac reportmac; - __u8 tee_tcb_info[239]; - __u8 reserved[17]; - /* Measurements and configuration data of size 512 byes */ - struct td_info tdinfo; -} __packed; - -#ifdef DEBUG -static void print_array_hex(const char *title, const char *prefix_str, - const void *buf, int len) -{ - const __u8 *ptr = buf; - int i, rowsize = HEX_DUMP_SIZE; - - if (!len || !buf) - return; - - printf("\t\t%s", title); - - for (i = 0; i < len; i++) { - if (!(i % rowsize)) - printf("\n%s%.8x:", prefix_str, i); - printf(" %.2x", ptr[i]); - } - - printf("\n"); -} -#endif - -TEST(verify_report) -{ - __u8 reportdata[TDX_REPORTDATA_LEN]; - struct tdreport tdreport; - struct tdx_report_req req; - int devfd, i; - - devfd = open(devname, O_RDWR | O_SYNC); - - ASSERT_LT(0, devfd); - - /* Generate sample report data */ - for (i = 0; i < TDX_REPORTDATA_LEN; i++) - reportdata[i] = i; - - /* Initialize IOCTL request */ - req.subtype = 0; - req.reportdata = (__u64)reportdata; - req.rpd_len = TDX_REPORTDATA_LEN; - req.tdreport = (__u64)&tdreport; - req.tdr_len = sizeof(tdreport); - - /* Get TDREPORT */ - ASSERT_EQ(0, ioctl(devfd, TDX_CMD_GET_REPORT, &req)); - -#ifdef DEBUG - print_array_hex("\n\t\tTDX report data\n", "", - reportdata, sizeof(reportdata)); - - print_array_hex("\n\t\tTDX tdreport data\n", "", - &tdreport, sizeof(tdreport)); -#endif - - /* Make sure TDREPORT data includes the REPORTDATA passed */ - ASSERT_EQ(0, memcmp(&tdreport.reportmac.reportdata[0], - reportdata, sizeof(reportdata))); - - ASSERT_EQ(0, close(devfd)); -} - -TEST_HARNESS_MAIN