From patchwork Tue Mar 7 10:35:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrea Righi X-Patchwork-Id: 1753051 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=u/PakjUR; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4PWBft1KyDz1yXD for ; Tue, 7 Mar 2023 21:35:32 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1pZUfC-0005uG-G8; Tue, 07 Mar 2023 10:35:22 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1pZUf9-0005tm-T5 for kernel-team@lists.ubuntu.com; Tue, 07 Mar 2023 10:35:19 +0000 Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id A5C1B3F469 for ; Tue, 7 Mar 2023 10:35:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1678185319; bh=C4+XexBL5GBUI0HEY+rrEk+HljzyOdTEzdXLHgJb/qs=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=u/PakjUR4+bhH4XGcTVA4ybUCs1vRk/p0Qb6VPOhMR5NjTHzpYnCafdNATjn1AyLX NgMZOyNQeIEpOuyudFOYtzZhB5Af3GY1dF2T6HBQqVA2YreuFTo6cMc1F9nB+9MlfL NxGwZVZz5l7UcTVjlwecfrpx9m3NDZctISYQfIplH+R2zg8oRGxwYQPRI3s8O4fFyr RegBtKwErqmg4LgGWkGSpITFaFjPAU9ljkvCR51Dn9o19Rt7K0f60woqNvc7iY1q5+ 2pvi09DEjMiB0AQpFhIzxodrKbtGvS9Hd4tP1V+LzOduqdgNS3UR3zbP6pg+zSEXx6 6mhpw2qhoHVhg== Received: by mail-ed1-f69.google.com with SMTP id y24-20020aa7ccd8000000b004be3955a42eso18459392edt.22 for ; Tue, 07 Mar 2023 02:35:19 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678185319; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=C4+XexBL5GBUI0HEY+rrEk+HljzyOdTEzdXLHgJb/qs=; b=LxyHwTLTPDtYaZGcTcE66ZACVPUeiVHuXC2SZQ6nYoS/dHO8KDsA6TVv0/wawP0RJG RJoGYajGFl8mCn51dDW4JdyHxuq2vXWnxJfVQDkk4UwCRZRlJryFyf0V1TyCKDAGZ+8V HAbLSCSIk+fmMVJRvrr5aIveSaAqSaiqIhDFzvLEwmYQbFpYhyWjgKz/Tqs+klY0MPGN 7LYAmEDwCf6bLOwpAj+S+G9KntvlSEJI+cQf4FQuEZ91US+w8VN/n6IQa+uG2+UFDWbA vRfToqYzPcpKkUa56CQgzOKMbkgI+eJzafXx7mM9UPtvFYtJDpangADpUc4rEP88Fugs 29oA== X-Gm-Message-State: AO0yUKXgHbYgluq9ZuyV/wUoQxfagSES+rWc1n7DwEheELez0/33V1Y7 Ntgj3z7ZIdvm0n2fV8oFk6xBkYs9mJKX60CpfpMCi96bp28A5PVMkjnnXozD/1Swl0xwD0wwpHv uWpJn53+CVxFObMu0ih60pyUZXc5HnwvLK0wLEXrPMsM1RMCmHg== X-Received: by 2002:aa7:ca54:0:b0:4ab:4569:4b9f with SMTP id j20-20020aa7ca54000000b004ab45694b9fmr13157840edt.0.1678185319296; Tue, 07 Mar 2023 02:35:19 -0800 (PST) X-Google-Smtp-Source: AK7set8ydg2z9RtkWvvl4QFjzBYAI8EdrISKcCgqql8omlFIh77NFdzYboZ5mbYkZXNOqxpscxnKnA== X-Received: by 2002:aa7:ca54:0:b0:4ab:4569:4b9f with SMTP id j20-20020aa7ca54000000b004ab45694b9fmr13157832edt.0.1678185318955; Tue, 07 Mar 2023 02:35:18 -0800 (PST) Received: from righiandr-XPS-13-7390.homenet.telecomitalia.it (host-79-53-23-214.retail.telecomitalia.it. [79.53.23.214]) by smtp.gmail.com with ESMTPSA id q8-20020a170906940800b008eb89a435c9sm5831395ejx.164.2023.03.07.02.35.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 02:35:18 -0800 (PST) From: Andrea Righi To: kernel-team@lists.ubuntu.com Subject: [SRU][K][PATCH v2 1/6] Revert "UBUNTU: SAUCE: selftests: tdx: Test GetReport TDX attestation feature" Date: Tue, 7 Mar 2023 11:35:08 +0100 Message-Id: <20230307103513.206358-2-andrea.righi@canonical.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230307103513.206358-1-andrea.righi@canonical.com> References: <20230307103513.206358-1-andrea.righi@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/2009437 This reverts the following commit, that will be replaced by a new TDX patch set: 0b78a71c7d76 ("UBUNTU: SAUCE: selftests: tdx: Test GetReport TDX attestation feature") Signed-off-by: Andrea Righi --- tools/arch/x86/include/uapi/asm/tdx.h | 51 ------ tools/testing/selftests/Makefile | 1 - tools/testing/selftests/tdx/Makefile | 11 -- tools/testing/selftests/tdx/config | 1 - tools/testing/selftests/tdx/tdx_attest_test.c | 156 ------------------ 5 files changed, 220 deletions(-) delete mode 100644 tools/arch/x86/include/uapi/asm/tdx.h delete mode 100644 tools/testing/selftests/tdx/Makefile delete mode 100644 tools/testing/selftests/tdx/config delete mode 100644 tools/testing/selftests/tdx/tdx_attest_test.c diff --git a/tools/arch/x86/include/uapi/asm/tdx.h b/tools/arch/x86/include/uapi/asm/tdx.h deleted file mode 100644 index c1667b20fe20..000000000000 --- a/tools/arch/x86/include/uapi/asm/tdx.h +++ /dev/null @@ -1,51 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ -#ifndef _UAPI_ASM_X86_TDX_H -#define _UAPI_ASM_X86_TDX_H - -#include -#include - -/* Length of the REPORTDATA used in TDG.MR.REPORT TDCALL */ -#define TDX_REPORTDATA_LEN 64 - -/* Length of TDREPORT used in TDG.MR.REPORT TDCALL */ -#define TDX_REPORT_LEN 1024 - -/** - * struct tdx_report_req: Get TDREPORT using REPORTDATA as input. - * - * @subtype : Subtype of TDREPORT (fixed as 0 by TDX Module - * specification, but added a parameter to handle - * future extension). - * @reportdata : User-defined REPORTDATA to be included into - * TDREPORT. Typically it can be some nonce - * provided by attestation service, so the - * generated TDREPORT can be uniquely verified. - * @rpd_len : Length of the REPORTDATA (fixed as 64 bytes by - * the TDX Module specification, but parameter is - * added to handle future extension). - * @tdreport : TDREPORT output from TDCALL[TDG.MR.REPORT]. - * @tdr_len : Length of the TDREPORT (fixed as 1024 bytes by - * the TDX Module specification, but a parameter - * is added to accommodate future extension). - * - * Used in TDX_CMD_GET_REPORT IOCTL request. - */ -struct tdx_report_req { - __u8 subtype; - __u64 reportdata; - __u32 rpd_len; - __u64 tdreport; - __u32 tdr_len; -}; - -/* - * TDX_CMD_GET_REPORT - Get TDREPORT using TDCALL[TDG.MR.REPORT] - * - * Return 0 on success, -EIO on TDCALL execution failure, and - * standard errno on other general error cases. - * - */ -#define TDX_CMD_GET_REPORT _IOWR('T', 0x01, __u64) - -#endif /* _UAPI_ASM_X86_TDX_H */ diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index 807a839d69c4..de11992dc577 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -69,7 +69,6 @@ TARGETS += sync TARGETS += syscall_user_dispatch TARGETS += sysctl TARGETS += tc-testing -TARGETS += tdx TARGETS += timens ifneq (1, $(quicktest)) TARGETS += timers diff --git a/tools/testing/selftests/tdx/Makefile b/tools/testing/selftests/tdx/Makefile deleted file mode 100644 index 014795420184..000000000000 --- a/tools/testing/selftests/tdx/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: GPL-2.0 - -top_srcdir = ../../../.. - -LINUX_TOOL_ARCH_INCLUDE = $(top_srcdir)/tools/arch/x86/include - -CFLAGS += -O3 -Wl,-no-as-needed -Wall -static -I$(LINUX_TOOL_ARCH_INCLUDE) - -TEST_GEN_PROGS := tdx_attest_test - -include ../lib.mk diff --git a/tools/testing/selftests/tdx/config b/tools/testing/selftests/tdx/config deleted file mode 100644 index 1340073a4abf..000000000000 --- a/tools/testing/selftests/tdx/config +++ /dev/null @@ -1 +0,0 @@ -CONFIG_INTEL_TDX_GUEST=y diff --git a/tools/testing/selftests/tdx/tdx_attest_test.c b/tools/testing/selftests/tdx/tdx_attest_test.c deleted file mode 100644 index b8cef2707905..000000000000 --- a/tools/testing/selftests/tdx/tdx_attest_test.c +++ /dev/null @@ -1,156 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0 -/* - * Test TDX attestation feature - * - * Copyright (C) 2022 Intel Corporation. All rights reserved. - * - * Author: Kuppuswamy Sathyanarayanan - */ - - -#include -#include -#include -#include -#include -#include -#include - -#include "../kselftest_harness.h" - -#define devname "/dev/tdx-guest" -#define HEX_DUMP_SIZE 8 -#define __packed __attribute__((packed)) - -/* - * Trusted Execution Environment (TEE) report (TDREPORT_STRUCT) type, - * sub type and version. More details can be found in TDX v1.0 Module - * specification, sec titled "REPORTTYPE". - */ -struct tdreport_type { - /* 0 - SGX, 81 -TDX, rest are reserved */ - __u8 type; - /* Default value is 0 */ - __u8 sub_type; - /* Default value is 0 */ - __u8 version; - __u8 reserved; -} __packed; - -/* - * struct reportmac - First field in the TRDREPORT_STRUCT. It is common - * to Intel’s TEE's e.g., SGX and TDX. It is MAC-protected and contains - * hashes of the remainder of the report structure which includes the - * TEE’s measurements, and where applicable, the measurements of additional - * TCB elements not reflected in CPUSVN – e.g., a SEAM’s measurements. - * More details can be found in TDX v1.0 Module specification, sec titled - * "REPORTMACSTRUCT" - */ -struct reportmac { - struct tdreport_type type; - __u8 reserved1[12]; - /* CPU security version */ - __u8 cpu_svn[16]; - /* SHA384 hash of TEE TCB INFO */ - __u8 tee_tcb_info_hash[48]; - /* SHA384 hash of TDINFO_STRUCT */ - __u8 tee_td_info_hash[48]; - /* User defined unique data passed in TDG.MR.REPORT request */ - __u8 reportdata[64]; - __u8 reserved2[32]; - __u8 mac[32]; -} __packed; - -/* - * struct td_info - It contains the measurements and initial configuration - * of the TD that was locked at initialization and a set of measurement - * registers that are run-time extendable. These values are copied from - * the TDCS by the TDG.MR.REPORT function. More details can be found in - * TDX v1.0 Module specification, sec titled "TDINFO_STRUCT". - */ -struct td_info { - /* TD attributes (like debug, spet_disable, etc) */ - __u8 attr[8]; - __u64 xfam; - /* Measurement registers */ - __u64 mrtd[6]; - __u64 mrconfigid[6]; - __u64 mrowner[6]; - __u64 mrownerconfig[6]; - /* Runtime measurement registers */ - __u64 rtmr[24]; - __u64 reserved[14]; -} __packed; - -struct tdreport { - /* Common to TDX/SGX of size 256 bytes */ - struct reportmac reportmac; - __u8 tee_tcb_info[239]; - __u8 reserved[17]; - /* Measurements and configuration data of size 512 byes */ - struct td_info tdinfo; -} __packed; - -#ifdef DEBUG -static void print_array_hex(const char *title, const char *prefix_str, - const void *buf, int len) -{ - const __u8 *ptr = buf; - int i, rowsize = HEX_DUMP_SIZE; - - if (!len || !buf) - return; - - printf("\t\t%s", title); - - for (i = 0; i < len; i++) { - if (!(i % rowsize)) - printf("\n%s%.8x:", prefix_str, i); - printf(" %.2x", ptr[i]); - } - - printf("\n"); -} -#endif - -TEST(verify_report) -{ - __u8 reportdata[TDX_REPORTDATA_LEN]; - struct tdreport tdreport; - struct tdx_report_req req; - int devfd, i; - - devfd = open(devname, O_RDWR | O_SYNC); - - ASSERT_LT(0, devfd); - - /* Generate sample report data */ - for (i = 0; i < TDX_REPORTDATA_LEN; i++) - reportdata[i] = i; - - /* Initialize IOCTL request */ - req.subtype = 0; - req.reportdata = (__u64)reportdata; - req.rpd_len = TDX_REPORTDATA_LEN; - req.tdreport = (__u64)&tdreport; - req.tdr_len = sizeof(tdreport); - - /* Get TDREPORT */ - ASSERT_EQ(0, ioctl(devfd, TDX_CMD_GET_REPORT, &req)); - -#ifdef DEBUG - print_array_hex("\n\t\tTDX report data\n", "", - reportdata, sizeof(reportdata)); - - print_array_hex("\n\t\tTDX tdreport data\n", "", - &tdreport, sizeof(tdreport)); -#endif - - /* Make sure TDREPORT data includes the REPORTDATA passed */ - ASSERT_EQ(0, memcmp(&tdreport.reportmac.reportdata[0], - reportdata, sizeof(reportdata))); - - ASSERT_EQ(0, close(devfd)); -} - -TEST_HARNESS_MAIN From patchwork Tue Mar 7 10:35:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Righi X-Patchwork-Id: 1753056 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=vS8vFd2l; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4PWBg33bqqz246k for ; Tue, 7 Mar 2023 21:35:43 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1pZUfQ-00067e-9u; Tue, 07 Mar 2023 10:35:36 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1pZUfE-0005u1-Fc for kernel-team@lists.ubuntu.com; Tue, 07 Mar 2023 10:35:24 +0000 Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 1E6353F591 for ; Tue, 7 Mar 2023 10:35:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1678185320; bh=VGznEuGIutfb4eCU3gc72hH9MfkCYg/38vm3DnXVbLE=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=vS8vFd2lLiplM8j3vRd5KOPMeJngXGRMdhkf8lfPT6GJUuaeRS0g7OaA/FrXoXj+r EKOkonBs7XQTw7wAVQ7L7TFsCli4oZmiZJtSKHR4L3yTUEMin9/3hZwEz80AOI5Ljl +6S+3neoKJAsci6zXlpC/ay7dFIdbx7dBTrtilfdI39LY+rNqUZBqZ7iw3k7P8IEhf 1YWe8IFRsBUsizWiUPi0tCPUjHmtfUUn1kN8f5E2+IbwZ4g8yifnvpN7i4J4J4ODc4 SQiI9L/fGMfHZczawVDZNwo4FG4PNLFv+MUS2lz3JEMs6sYIjWZrBNc9BiAlqfCObx DneVIg8FNhWKQ== Received: by mail-ed1-f71.google.com with SMTP id g2-20020a056402320200b004e98d45ee7dso6476813eda.0 for ; Tue, 07 Mar 2023 02:35:20 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678185320; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VGznEuGIutfb4eCU3gc72hH9MfkCYg/38vm3DnXVbLE=; b=2UBX+/ZTY0W0XIH7Ft8ejhlzBjybQHw0JXyFMVAaS6tV0m419XztMOXJWzMheorVLb wCGGQG9GzhhiGVEy4JB1FvUbWxyO0am9LNrXnqUq0FyazDb5UrlBIRyOLOf2UZLI6x8H 14yKZar00CDDiFm5efpGDIg1kIhVlHelgvLW3K8II1sn+9s7qe3n1OLQTShdYZGXpY/z lH9NtPtcGGiHMkJLNOlxVJSLgvKiA0ZROHCDEqDv24+Wa6LdvTPFjbgqX6FUSeOuXuiS YmXuiJKD6r9evXkSuWOU5x7jA6+7eoGFXIkMoDcyBOKCOAoDD61yi2yhqFydxdCJsNWo v01g== X-Gm-Message-State: AO0yUKWwOZ2h6zaweU0qdwJRBDpVi7/VWLnOZ4o5VT4kTehSGoEatYw2 Ymco2ceMtVgQCSVUNV7yfTJCZEFGvitfpKlvtgxzHOuCgjs59KNH/g942eHsSybIvlHLGCkGyFS ap7qHeZ+vsaDhS+nHApM1rN4KqQjVs/t+QfGTgz/nxyPO1osx7Q== X-Received: by 2002:a17:906:40d7:b0:871:d59d:4f54 with SMTP id a23-20020a17090640d700b00871d59d4f54mr14474916ejk.27.1678185319747; Tue, 07 Mar 2023 02:35:19 -0800 (PST) X-Google-Smtp-Source: AK7set/w7iesOoYzfVajUgNcg8gmW6aDnzceWQ7A7wl4cqZRZairVHbX0x1iv5zfLZih2VluZrcjgg== X-Received: by 2002:a17:906:40d7:b0:871:d59d:4f54 with SMTP id a23-20020a17090640d700b00871d59d4f54mr14474908ejk.27.1678185319467; Tue, 07 Mar 2023 02:35:19 -0800 (PST) Received: from righiandr-XPS-13-7390.homenet.telecomitalia.it (host-79-53-23-214.retail.telecomitalia.it. [79.53.23.214]) by smtp.gmail.com with ESMTPSA id q8-20020a170906940800b008eb89a435c9sm5831395ejx.164.2023.03.07.02.35.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 02:35:19 -0800 (PST) From: Andrea Righi To: kernel-team@lists.ubuntu.com Subject: [SRU][K][PATCH v2 2/6] Revert "UBUNTU: SAUCE: x86/tdx: Add TDX Guest attestation interface driver" Date: Tue, 7 Mar 2023 11:35:09 +0100 Message-Id: <20230307103513.206358-3-andrea.righi@canonical.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230307103513.206358-1-andrea.righi@canonical.com> References: <20230307103513.206358-1-andrea.righi@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/2009437 This reverts the following commit, that will be replaced by a new TDX patch set: 285d6d8136eb ("UBUNTU: SAUCE: x86/tdx: Add TDX Guest attestation interface driver") Signed-off-by: Andrea Righi --- arch/x86/coco/tdx/tdx.c | 117 -------------------------------- arch/x86/include/uapi/asm/tdx.h | 51 -------------- 2 files changed, 168 deletions(-) delete mode 100644 arch/x86/include/uapi/asm/tdx.h diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index d8be693cb3a2..b8998cf0508a 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -5,21 +5,16 @@ #define pr_fmt(fmt) "tdx: " fmt #include -#include -#include -#include #include #include #include #include #include #include -#include /* TDX module Call Leaf IDs */ #define TDX_GET_INFO 1 #define TDX_GET_VEINFO 3 -#define TDX_GET_REPORT 4 #define TDX_ACCEPT_PAGE 6 /* TDX hypercall Leaf IDs */ @@ -39,10 +34,6 @@ #define VE_GET_PORT_NUM(e) ((e) >> 16) #define VE_IS_IO_STRING(e) ((e) & BIT(4)) -#define DRIVER_NAME "tdx-guest" - -static struct miscdevice tdx_misc_dev; - #define ATTR_SEPT_VE_DISABLE BIT(28) /* @@ -795,111 +786,3 @@ void __init tdx_early_init(void) pr_info("Guest detected\n"); } - -static long tdx_get_report(void __user *argp) -{ - u8 *reportdata = NULL, *tdreport = NULL; - struct tdx_report_req req; - long ret; - - /* Copy request struct from the user buffer */ - if (copy_from_user(&req, argp, sizeof(req))) - return -EFAULT; - - /* - * Per TDX Module 1.0 specification, section titled - * "TDG.MR.REPORT", REPORTDATA and TDREPORT length - * is fixed as TDX_REPORTDATA_LEN and TDX_REPORT_LEN. - */ - if (req.rpd_len != TDX_REPORTDATA_LEN || req.tdr_len != TDX_REPORT_LEN) - return -EINVAL; - - /* Allocate kernel buffers for REPORTDATA and TDREPORT */ - reportdata = kzalloc(req.rpd_len, GFP_KERNEL); - if (!reportdata) { - ret = -ENOMEM; - goto out; - } - - tdreport = kzalloc(req.tdr_len, GFP_KERNEL); - if (!tdreport) { - ret = -ENOMEM; - goto out; - } - - - /* Copy REPORTDATA from user to kernel buffer */ - if (copy_from_user(reportdata, (void *)req.reportdata, req.rpd_len)) { - ret = -EFAULT; - goto out; - } - - /* - * Generate TDREPORT using "TDG.MR.REPORT" TDCALL. - * - * Get the TDREPORT using REPORTDATA as input. Refer to - * section 22.3.3 TDG.MR.REPORT leaf in the TDX Module 1.0 - * Specification for detailed information. - */ - ret = __tdx_module_call(TDX_GET_REPORT, virt_to_phys(tdreport), - virt_to_phys(reportdata), req.subtype, - 0, NULL); - if (ret) { - ret = -EIO; - goto out; - } - - /* Copy TDREPORT data back to the user buffer */ - if (copy_to_user((void *)req.tdreport, tdreport, req.tdr_len)) - ret = -EFAULT; - -out: - kfree(reportdata); - kfree(tdreport); - return ret; -} -static long tdx_guest_ioctl(struct file *file, unsigned int cmd, - unsigned long arg) -{ - void __user *argp = (void __user *)arg; - long ret = -EINVAL; - - switch (cmd) { - case TDX_CMD_GET_REPORT: - ret = tdx_get_report(argp); - break; - default: - pr_debug("cmd %d not supported\n", cmd); - break; - } - - return ret; -} - -static const struct file_operations tdx_guest_fops = { - .owner = THIS_MODULE, - .unlocked_ioctl = tdx_guest_ioctl, - .llseek = no_llseek, -}; - -static int __init tdx_guest_init(void) -{ - int ret; - - /* Make sure we are in a valid TDX platform */ - if (!cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) - return -EIO; - - tdx_misc_dev.name = DRIVER_NAME; - tdx_misc_dev.minor = MISC_DYNAMIC_MINOR; - tdx_misc_dev.fops = &tdx_guest_fops; - - ret = misc_register(&tdx_misc_dev); - if (ret) { - pr_err("misc device registration failed\n"); - return ret; - } - - return 0; -} -device_initcall(tdx_guest_init) diff --git a/arch/x86/include/uapi/asm/tdx.h b/arch/x86/include/uapi/asm/tdx.h deleted file mode 100644 index c1667b20fe20..000000000000 --- a/arch/x86/include/uapi/asm/tdx.h +++ /dev/null @@ -1,51 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ -#ifndef _UAPI_ASM_X86_TDX_H -#define _UAPI_ASM_X86_TDX_H - -#include -#include - -/* Length of the REPORTDATA used in TDG.MR.REPORT TDCALL */ -#define TDX_REPORTDATA_LEN 64 - -/* Length of TDREPORT used in TDG.MR.REPORT TDCALL */ -#define TDX_REPORT_LEN 1024 - -/** - * struct tdx_report_req: Get TDREPORT using REPORTDATA as input. - * - * @subtype : Subtype of TDREPORT (fixed as 0 by TDX Module - * specification, but added a parameter to handle - * future extension). - * @reportdata : User-defined REPORTDATA to be included into - * TDREPORT. Typically it can be some nonce - * provided by attestation service, so the - * generated TDREPORT can be uniquely verified. - * @rpd_len : Length of the REPORTDATA (fixed as 64 bytes by - * the TDX Module specification, but parameter is - * added to handle future extension). - * @tdreport : TDREPORT output from TDCALL[TDG.MR.REPORT]. - * @tdr_len : Length of the TDREPORT (fixed as 1024 bytes by - * the TDX Module specification, but a parameter - * is added to accommodate future extension). - * - * Used in TDX_CMD_GET_REPORT IOCTL request. - */ -struct tdx_report_req { - __u8 subtype; - __u64 reportdata; - __u32 rpd_len; - __u64 tdreport; - __u32 tdr_len; -}; - -/* - * TDX_CMD_GET_REPORT - Get TDREPORT using TDCALL[TDG.MR.REPORT] - * - * Return 0 on success, -EIO on TDCALL execution failure, and - * standard errno on other general error cases. - * - */ -#define TDX_CMD_GET_REPORT _IOWR('T', 0x01, __u64) - -#endif /* _UAPI_ASM_X86_TDX_H */ From patchwork Tue Mar 7 10:35:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Righi X-Patchwork-Id: 1753052 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=IMBRrrnt; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4PWBfv2WRYz246n for ; Tue, 7 Mar 2023 21:35:35 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1pZUfJ-0005y3-CI; Tue, 07 Mar 2023 10:35:29 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1pZUfF-0005uF-1L for kernel-team@lists.ubuntu.com; Tue, 07 Mar 2023 10:35:25 +0000 Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 684793F828 for ; Tue, 7 Mar 2023 10:35:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1678185321; bh=0omGT4gXb+Vz90i6xiEXUvSzjrM5IlEnAg66hE3GSx0=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=IMBRrrntzWcPJ/bNat/R1dmKJBFi0sfw2AEYLddLHBG1ZY37dHd7uYyeh+rPxu8b/ 98hF3yS7AjbvLC0mXr6TNKXOzMNp+rOPJSu3gp8fJJ6E2eWofecKFbLCaYYHPz4SvN 3b8UgkWwxifth3hjPzYapUT0jnEu+rV9yki5QGvVuZr/STgnRUPXa2u9ijVrTq4TM7 4Y/8RCJSe+EUM1QPlSUukOg4bvtGzwpCk/G92BJ9Uzgm/2g+xEsVBOVDiVsQonXhmT bPipoWwkzIHNoHl91rokWpJS6fWyZ5lPQg8Mf70iBuYfxxnbTz5Tyq/R4G+1AYjufO fAAHuM8ZltQIA== Received: by mail-ed1-f71.google.com with SMTP id q13-20020a5085cd000000b004af50de0bcfso18523585edh.15 for ; Tue, 07 Mar 2023 02:35:21 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678185320; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0omGT4gXb+Vz90i6xiEXUvSzjrM5IlEnAg66hE3GSx0=; b=7MEB/S+JCEw5XqQcbGC/kJxjbM2RLHqr/Deok8z0DxEFFO0zDIBX9Bp5O+z5rti++O Sk0J7ICzFlQcPK0hUqRDd7p3hPVlMiCe8MSXw5Re/N2WUmpMGlYi4wjnlx9pu26SvbA6 X4S26wDwvNoOWL1MW79TWufQaKdEESMALrFCJ5VCtxUEUTzB1xrmusMT1qdwX3navDWs NjcHTxKcJrAyQzinu+S/LxzfVB2Sk/dO+b8vgBAOo1HTN8Hv7qAC03AS8IWDjth+VQVx GS6bm8+NEfroqt3ejjmL02QB6UfcUozOPrpt+njp10158pCJBpf6JVlC5NwqclMyKge9 49LA== X-Gm-Message-State: AO0yUKWHkYqfswl65hRZ3RqNTE1sCEfQnefq+Ola6freIXruSoSjEgSb YUPg4OSX5+C4DGLZSMlDcU3IQlEYZcYN07Uuvh78yfomGhVTrnipK916cA0eitQNDlp5IrN82W4 gq3PZsuxxNrxkU2U9fn0goM4XfJjn+43g1kRUkaNUKz1lEo75zA== X-Received: by 2002:aa7:c50d:0:b0:4c0:d157:a57c with SMTP id o13-20020aa7c50d000000b004c0d157a57cmr12766242edq.4.1678185320213; Tue, 07 Mar 2023 02:35:20 -0800 (PST) X-Google-Smtp-Source: AK7set+Pfqs1CkafG0jsrKgQopcM5YxSDcxus6tL7GKGVLYvrvD7QIAk4h4R1P2asPH2WwnsnpWjDQ== X-Received: by 2002:aa7:c50d:0:b0:4c0:d157:a57c with SMTP id o13-20020aa7c50d000000b004c0d157a57cmr12766234edq.4.1678185319859; Tue, 07 Mar 2023 02:35:19 -0800 (PST) Received: from righiandr-XPS-13-7390.homenet.telecomitalia.it (host-79-53-23-214.retail.telecomitalia.it. [79.53.23.214]) by smtp.gmail.com with ESMTPSA id q8-20020a170906940800b008eb89a435c9sm5831395ejx.164.2023.03.07.02.35.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 02:35:19 -0800 (PST) From: Andrea Righi To: kernel-team@lists.ubuntu.com Subject: [SRU][K][PATCH v2 3/6] x86/tdx: Add a wrapper to get TDREPORT0 from the TDX Module Date: Tue, 7 Mar 2023 11:35:10 +0100 Message-Id: <20230307103513.206358-4-andrea.righi@canonical.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230307103513.206358-1-andrea.righi@canonical.com> References: <20230307103513.206358-1-andrea.righi@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Kuppuswamy Sathyanarayanan BugLink: https://bugs.launchpad.net/bugs/2009437 To support TDX attestation, the TDX guest driver exposes an IOCTL interface to allow userspace to get the TDREPORT0 (a.k.a. TDREPORT subtype 0) from the TDX module via TDG.MR.TDREPORT TDCALL. In order to get the TDREPORT0 in the TDX guest driver, instead of using a low level function like __tdx_module_call(), add a tdx_mcall_get_report0() wrapper function to handle it. This is a preparatory patch for adding attestation support. Signed-off-by: Kuppuswamy Sathyanarayanan Signed-off-by: Dave Hansen Acked-by: Wander Lairson Costa Link: https://lore.kernel.org/all/20221116223820.819090-2-sathyanarayanan.kuppuswamy%40linux.intel.com (cherry picked from commit 51acfe89af1118f906f9b68d95fdfb22832ac960) Signed-off-by: Andrea Righi --- arch/x86/coco/tdx/tdx.c | 40 ++++++++++++++++++++++++++++++++++++++ arch/x86/include/asm/tdx.h | 2 ++ 2 files changed, 42 insertions(+) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index b8998cf0508a..cfd4c95b9f04 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -5,6 +5,8 @@ #define pr_fmt(fmt) "tdx: " fmt #include +#include +#include #include #include #include @@ -15,6 +17,7 @@ /* TDX module Call Leaf IDs */ #define TDX_GET_INFO 1 #define TDX_GET_VEINFO 3 +#define TDX_GET_REPORT 4 #define TDX_ACCEPT_PAGE 6 /* TDX hypercall Leaf IDs */ @@ -36,6 +39,12 @@ #define ATTR_SEPT_VE_DISABLE BIT(28) +/* TDX Module call error codes */ +#define TDCALL_RETURN_CODE(a) ((a) >> 32) +#define TDCALL_INVALID_OPERAND 0xc0000100 + +#define TDREPORT_SUBTYPE_0 0 + /* * Wrapper for standard use of __tdx_hypercall with no output aside from * return code. @@ -100,6 +109,37 @@ static inline void tdx_module_call(u64 fn, u64 rcx, u64 rdx, u64 r8, u64 r9, panic("TDCALL %lld failed (Buggy TDX module!)\n", fn); } +/** + * tdx_mcall_get_report0() - Wrapper to get TDREPORT0 (a.k.a. TDREPORT + * subtype 0) using TDG.MR.REPORT TDCALL. + * @reportdata: Address of the input buffer which contains user-defined + * REPORTDATA to be included into TDREPORT. + * @tdreport: Address of the output buffer to store TDREPORT. + * + * Refer to section titled "TDG.MR.REPORT leaf" in the TDX Module + * v1.0 specification for more information on TDG.MR.REPORT TDCALL. + * It is used in the TDX guest driver module to get the TDREPORT0. + * + * Return 0 on success, -EINVAL for invalid operands, or -EIO on + * other TDCALL failures. + */ +int tdx_mcall_get_report0(u8 *reportdata, u8 *tdreport) +{ + u64 ret; + + ret = __tdx_module_call(TDX_GET_REPORT, virt_to_phys(tdreport), + virt_to_phys(reportdata), TDREPORT_SUBTYPE_0, + 0, NULL); + if (ret) { + if (TDCALL_RETURN_CODE(ret) == TDCALL_INVALID_OPERAND) + return -EINVAL; + return -EIO; + } + + return 0; +} +EXPORT_SYMBOL_GPL(tdx_mcall_get_report0); + static void tdx_parse_tdinfo(u64 *cc_mask) { struct tdx_module_output out; diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index 020c81a7c729..28d889c9aa16 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -67,6 +67,8 @@ void tdx_safe_halt(void); bool tdx_early_handle_ve(struct pt_regs *regs); +int tdx_mcall_get_report0(u8 *reportdata, u8 *tdreport); + #else static inline void tdx_early_init(void) { }; From patchwork Tue Mar 7 10:35:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Righi X-Patchwork-Id: 1753049 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=SdSXBTR1; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4PWBft1Nczz246k for ; Tue, 7 Mar 2023 21:35:34 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1pZUfH-0005wM-My; Tue, 07 Mar 2023 10:35:27 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1pZUfB-0005tt-P1 for kernel-team@lists.ubuntu.com; Tue, 07 Mar 2023 10:35:21 +0000 Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 1CFC13FDDE for ; Tue, 7 Mar 2023 10:35:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1678185321; bh=0jRAouK5pQa+rZyw2XEA/7qa0/CJHeHai2piZEG6K5g=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=SdSXBTR1gwESrCKJcwWo2A3ei+0fazbx8r/rVPa7ccooJvsgyAWdRA92F0xLqw/oZ uF5GYdv8LxQbcD4VplXjioqRjpdUulgDBWWXs7QsNCA/exnWgX+vCQ/pglZEB0Aa4r 8TNrx8aUTJW4iQcLlhKdnyktA+7JlTwJkSrOyvUIOE3DlJAQ0lAqkmVh2XbAMhltv7 z7SwcpVYGLsQsusm5Km2yIOy6Ge4ykHXsEmyWDSgX75cq2oOakdzSZcGmZ0xNbNrC7 H1TUynYwIyIhjUoRkp1Y3DNlwlj57LvDtBWnvR2tWwF/ocbVQek/+a3llf24MW3y4Z +nL0onOQzBwRQ== Received: by mail-ed1-f70.google.com with SMTP id h15-20020a056402280f00b004bf9e193c23so18486749ede.11 for ; Tue, 07 Mar 2023 02:35:21 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678185320; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0jRAouK5pQa+rZyw2XEA/7qa0/CJHeHai2piZEG6K5g=; b=z0zRep9ymHtbcovLGZ4uuPIlWma+qfre4g8WHisuxFS2W5uY+rWD9aONxcJmbgV6dN dk4celhFsvYDQnhfz0lq9ozTZx84cStCjyELM6MAgLpHgqp6p66HyhwjnKO0jxIxlR/W SJGRtM4Zbshjhf2oWQsSO0s+ncJjQr8pWWBE1trLuyfCTcM/J4gmjxgCeGm1gFAcrN7h KBCLv3u6xK5a0Gom0+mjdtVPIuZknVAae/kH7FoMnSHsTfXktMJODRS3xoD444k1LfOT XHcSSfYWMiFA029waCWJfV+Uithpw3ZAZ82JIdqktmFtIIunL1ZhMkGaDH4N+vhh2qjC uyrg== X-Gm-Message-State: AO0yUKV0ZYJ1eW0sjytCg4nABu098uMeP6AyrIEnsUmKPKR0f1WmiMF6 pDnVa/6ximBdVNw0Jt4EMGozaw8Psw16tkDDKkKLYZLXQSnA+Uofkfwqdld61a+ry4oOYVs2bdI sXmOXYEHdYOsPN9K4Z+LJ+sqoTBdTyblkOxv1yFAEam2StprkBg== X-Received: by 2002:a50:ec96:0:b0:4af:59c0:744a with SMTP id e22-20020a50ec96000000b004af59c0744amr14264223edr.24.1678185320688; Tue, 07 Mar 2023 02:35:20 -0800 (PST) X-Google-Smtp-Source: AK7set+48XUFLvxe7Op9wNhqieIZuXBercCr2xd7z4vqgzxGEeMmvJUcAeo7m5VX94YpeYWfhsOf9w== X-Received: by 2002:a50:ec96:0:b0:4af:59c0:744a with SMTP id e22-20020a50ec96000000b004af59c0744amr14264207edr.24.1678185320399; Tue, 07 Mar 2023 02:35:20 -0800 (PST) Received: from righiandr-XPS-13-7390.homenet.telecomitalia.it (host-79-53-23-214.retail.telecomitalia.it. [79.53.23.214]) by smtp.gmail.com with ESMTPSA id q8-20020a170906940800b008eb89a435c9sm5831395ejx.164.2023.03.07.02.35.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 02:35:20 -0800 (PST) From: Andrea Righi To: kernel-team@lists.ubuntu.com Subject: [SRU][K][PATCH v2 4/6] virt: Add TDX guest driver Date: Tue, 7 Mar 2023 11:35:11 +0100 Message-Id: <20230307103513.206358-5-andrea.righi@canonical.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230307103513.206358-1-andrea.righi@canonical.com> References: <20230307103513.206358-1-andrea.righi@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Kuppuswamy Sathyanarayanan BugLink: https://bugs.launchpad.net/bugs/2009437 TDX guest driver exposes IOCTL interfaces to service TDX guest user-specific requests. Currently, it is only used to allow the user to get the TDREPORT to support TDX attestation. Details about the TDX attestation process are documented in Documentation/x86/tdx.rst, and the IOCTL details are documented in Documentation/virt/coco/tdx-guest.rst. Operations like getting TDREPORT involves sending a blob of data as input and getting another blob of data as output. It was considered to use a sysfs interface for this, but it doesn't fit well into the standard sysfs model for configuring values. It would be possible to do read/write on files, but it would need multiple file descriptors, which would be somewhat messy. IOCTLs seem to be the best fitting and simplest model for this use case. The AMD sev-guest driver also uses the IOCTL interface to support attestation. [Bagas Sanjaya: Ack is for documentation portion] Signed-off-by: Kuppuswamy Sathyanarayanan Signed-off-by: Dave Hansen Reviewed-by: Bagas Sanjaya Reviewed-by: Tony Luck Reviewed-by: Mika Westerberg Acked-by: Kai Huang Acked-by: Kirill A. Shutemov Acked-by: Wander Lairson Costa Link: https://lore.kernel.org/all/20221116223820.819090-3-sathyanarayanan.kuppuswamy%40linux.intel.com (backported from commit 6c8c1406a6d6a3f2e61ac590f5c0994231bc6be7) [ minor context adjustment in Documentation/virt/index.rst ] Signed-off-by: Andrea Righi --- Documentation/virt/coco/tdx-guest.rst | 52 ++++++++++++ Documentation/virt/index.rst | 1 + Documentation/x86/tdx.rst | 43 ++++++++++ drivers/virt/Kconfig | 2 + drivers/virt/Makefile | 1 + drivers/virt/coco/tdx-guest/Kconfig | 10 +++ drivers/virt/coco/tdx-guest/Makefile | 2 + drivers/virt/coco/tdx-guest/tdx-guest.c | 102 ++++++++++++++++++++++++ include/uapi/linux/tdx-guest.h | 42 ++++++++++ 9 files changed, 255 insertions(+) create mode 100644 Documentation/virt/coco/tdx-guest.rst create mode 100644 drivers/virt/coco/tdx-guest/Kconfig create mode 100644 drivers/virt/coco/tdx-guest/Makefile create mode 100644 drivers/virt/coco/tdx-guest/tdx-guest.c create mode 100644 include/uapi/linux/tdx-guest.h diff --git a/Documentation/virt/coco/tdx-guest.rst b/Documentation/virt/coco/tdx-guest.rst new file mode 100644 index 000000000000..46e316db6bb4 --- /dev/null +++ b/Documentation/virt/coco/tdx-guest.rst @@ -0,0 +1,52 @@ +.. SPDX-License-Identifier: GPL-2.0 + +=================================================================== +TDX Guest API Documentation +=================================================================== + +1. General description +====================== + +The TDX guest driver exposes IOCTL interfaces via the /dev/tdx-guest misc +device to allow userspace to get certain TDX guest-specific details. + +2. API description +================== + +In this section, for each supported IOCTL, the following information is +provided along with a generic description. + +:Input parameters: Parameters passed to the IOCTL and related details. +:Output: Details about output data and return value (with details about + the non common error values). + +2.1 TDX_CMD_GET_REPORT0 +----------------------- + +:Input parameters: struct tdx_report_req +:Output: Upon successful execution, TDREPORT data is copied to + tdx_report_req.tdreport and return 0. Return -EINVAL for invalid + operands, -EIO on TDCALL failure or standard error number on other + common failures. + +The TDX_CMD_GET_REPORT0 IOCTL can be used by the attestation software to get +the TDREPORT0 (a.k.a. TDREPORT subtype 0) from the TDX module using +TDCALL[TDG.MR.REPORT]. + +A subtype index is added at the end of this IOCTL CMD to uniquely identify the +subtype-specific TDREPORT request. Although the subtype option is mentioned in +the TDX Module v1.0 specification, section titled "TDG.MR.REPORT", it is not +currently used, and it expects this value to be 0. So to keep the IOCTL +implementation simple, the subtype option was not included as part of the input +ABI. However, in the future, if the TDX Module supports more than one subtype, +a new IOCTL CMD will be created to handle it. To keep the IOCTL naming +consistent, a subtype index is added as part of the IOCTL CMD. + +Reference +--------- + +TDX reference material is collected here: + +https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html + +The driver is based on TDX module specification v1.0 and TDX GHCI specification v1.0. diff --git a/Documentation/virt/index.rst b/Documentation/virt/index.rst index 492f0920b988..9e3e72ab61f1 100644 --- a/Documentation/virt/index.rst +++ b/Documentation/virt/index.rst @@ -14,6 +14,7 @@ Linux Virtualization Support ne_overview acrn/index coco/sev-guest + coco/tdx-guest .. only:: html and subproject diff --git a/Documentation/x86/tdx.rst b/Documentation/x86/tdx.rst index b8fa4329e1a5..dc8d9fd2c3f7 100644 --- a/Documentation/x86/tdx.rst +++ b/Documentation/x86/tdx.rst @@ -210,6 +210,49 @@ converted to shared on boot. For coherent DMA allocation, the DMA buffer gets converted on the allocation. Check force_dma_unencrypted() for details. +Attestation +=========== + +Attestation is used to verify the TDX guest trustworthiness to other +entities before provisioning secrets to the guest. For example, a key +server may want to use attestation to verify that the guest is the +desired one before releasing the encryption keys to mount the encrypted +rootfs or a secondary drive. + +The TDX module records the state of the TDX guest in various stages of +the guest boot process using the build time measurement register (MRTD) +and runtime measurement registers (RTMR). Measurements related to the +guest initial configuration and firmware image are recorded in the MRTD +register. Measurements related to initial state, kernel image, firmware +image, command line options, initrd, ACPI tables, etc are recorded in +RTMR registers. For more details, as an example, please refer to TDX +Virtual Firmware design specification, section titled "TD Measurement". +At TDX guest runtime, the attestation process is used to attest to these +measurements. + +The attestation process consists of two steps: TDREPORT generation and +Quote generation. + +TDX guest uses TDCALL[TDG.MR.REPORT] to get the TDREPORT (TDREPORT_STRUCT) +from the TDX module. TDREPORT is a fixed-size data structure generated by +the TDX module which contains guest-specific information (such as build +and boot measurements), platform security version, and the MAC to protect +the integrity of the TDREPORT. A user-provided 64-Byte REPORTDATA is used +as input and included in the TDREPORT. Typically it can be some nonce +provided by attestation service so the TDREPORT can be verified uniquely. +More details about the TDREPORT can be found in Intel TDX Module +specification, section titled "TDG.MR.REPORT Leaf". + +After getting the TDREPORT, the second step of the attestation process +is to send it to the Quoting Enclave (QE) to generate the Quote. TDREPORT +by design can only be verified on the local platform as the MAC key is +bound to the platform. To support remote verification of the TDREPORT, +TDX leverages Intel SGX Quoting Enclave to verify the TDREPORT locally +and convert it to a remotely verifiable Quote. Method of sending TDREPORT +to QE is implementation specific. Attestation software can choose +whatever communication channel available (i.e. vsock or TCP/IP) to +send the TDREPORT to QE and receive the Quote. + References ========== diff --git a/drivers/virt/Kconfig b/drivers/virt/Kconfig index 87ef258cec64..f79ab13a5c28 100644 --- a/drivers/virt/Kconfig +++ b/drivers/virt/Kconfig @@ -52,4 +52,6 @@ source "drivers/virt/coco/efi_secret/Kconfig" source "drivers/virt/coco/sev-guest/Kconfig" +source "drivers/virt/coco/tdx-guest/Kconfig" + endif diff --git a/drivers/virt/Makefile b/drivers/virt/Makefile index 093674e05c40..e9aa6fc96fab 100644 --- a/drivers/virt/Makefile +++ b/drivers/virt/Makefile @@ -11,3 +11,4 @@ obj-$(CONFIG_NITRO_ENCLAVES) += nitro_enclaves/ obj-$(CONFIG_ACRN_HSM) += acrn/ obj-$(CONFIG_EFI_SECRET) += coco/efi_secret/ obj-$(CONFIG_SEV_GUEST) += coco/sev-guest/ +obj-$(CONFIG_INTEL_TDX_GUEST) += coco/tdx-guest/ diff --git a/drivers/virt/coco/tdx-guest/Kconfig b/drivers/virt/coco/tdx-guest/Kconfig new file mode 100644 index 000000000000..14246fc2fb02 --- /dev/null +++ b/drivers/virt/coco/tdx-guest/Kconfig @@ -0,0 +1,10 @@ +config TDX_GUEST_DRIVER + tristate "TDX Guest driver" + depends on INTEL_TDX_GUEST + help + The driver provides userspace interface to communicate with + the TDX module to request the TDX guest details like attestation + report. + + To compile this driver as module, choose M here. The module will + be called tdx-guest. diff --git a/drivers/virt/coco/tdx-guest/Makefile b/drivers/virt/coco/tdx-guest/Makefile new file mode 100644 index 000000000000..775cb463f9c8 --- /dev/null +++ b/drivers/virt/coco/tdx-guest/Makefile @@ -0,0 +1,2 @@ +# SPDX-License-Identifier: GPL-2.0 +obj-$(CONFIG_TDX_GUEST_DRIVER) += tdx-guest.o diff --git a/drivers/virt/coco/tdx-guest/tdx-guest.c b/drivers/virt/coco/tdx-guest/tdx-guest.c new file mode 100644 index 000000000000..5e44a0fa69bd --- /dev/null +++ b/drivers/virt/coco/tdx-guest/tdx-guest.c @@ -0,0 +1,102 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * TDX guest user interface driver + * + * Copyright (C) 2022 Intel Corporation + */ + +#include +#include +#include +#include +#include +#include +#include + +#include + +#include +#include + +static long tdx_get_report0(struct tdx_report_req __user *req) +{ + u8 *reportdata, *tdreport; + long ret; + + reportdata = kmalloc(TDX_REPORTDATA_LEN, GFP_KERNEL); + if (!reportdata) + return -ENOMEM; + + tdreport = kzalloc(TDX_REPORT_LEN, GFP_KERNEL); + if (!tdreport) { + ret = -ENOMEM; + goto out; + } + + if (copy_from_user(reportdata, req->reportdata, TDX_REPORTDATA_LEN)) { + ret = -EFAULT; + goto out; + } + + /* Generate TDREPORT0 using "TDG.MR.REPORT" TDCALL */ + ret = tdx_mcall_get_report0(reportdata, tdreport); + if (ret) + goto out; + + if (copy_to_user(req->tdreport, tdreport, TDX_REPORT_LEN)) + ret = -EFAULT; + +out: + kfree(reportdata); + kfree(tdreport); + + return ret; +} + +static long tdx_guest_ioctl(struct file *file, unsigned int cmd, + unsigned long arg) +{ + switch (cmd) { + case TDX_CMD_GET_REPORT0: + return tdx_get_report0((struct tdx_report_req __user *)arg); + default: + return -ENOTTY; + } +} + +static const struct file_operations tdx_guest_fops = { + .owner = THIS_MODULE, + .unlocked_ioctl = tdx_guest_ioctl, + .llseek = no_llseek, +}; + +static struct miscdevice tdx_misc_dev = { + .name = KBUILD_MODNAME, + .minor = MISC_DYNAMIC_MINOR, + .fops = &tdx_guest_fops, +}; + +static const struct x86_cpu_id tdx_guest_ids[] = { + X86_MATCH_FEATURE(X86_FEATURE_TDX_GUEST, NULL), + {} +}; +MODULE_DEVICE_TABLE(x86cpu, tdx_guest_ids); + +static int __init tdx_guest_init(void) +{ + if (!x86_match_cpu(tdx_guest_ids)) + return -ENODEV; + + return misc_register(&tdx_misc_dev); +} +module_init(tdx_guest_init); + +static void __exit tdx_guest_exit(void) +{ + misc_deregister(&tdx_misc_dev); +} +module_exit(tdx_guest_exit); + +MODULE_AUTHOR("Kuppuswamy Sathyanarayanan "); +MODULE_DESCRIPTION("TDX Guest Driver"); +MODULE_LICENSE("GPL"); diff --git a/include/uapi/linux/tdx-guest.h b/include/uapi/linux/tdx-guest.h new file mode 100644 index 000000000000..a6a2098c08ff --- /dev/null +++ b/include/uapi/linux/tdx-guest.h @@ -0,0 +1,42 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +/* + * Userspace interface for TDX guest driver + * + * Copyright (C) 2022 Intel Corporation + */ + +#ifndef _UAPI_LINUX_TDX_GUEST_H_ +#define _UAPI_LINUX_TDX_GUEST_H_ + +#include +#include + +/* Length of the REPORTDATA used in TDG.MR.REPORT TDCALL */ +#define TDX_REPORTDATA_LEN 64 + +/* Length of TDREPORT used in TDG.MR.REPORT TDCALL */ +#define TDX_REPORT_LEN 1024 + +/** + * struct tdx_report_req - Request struct for TDX_CMD_GET_REPORT0 IOCTL. + * + * @reportdata: User buffer with REPORTDATA to be included into TDREPORT. + * Typically it can be some nonce provided by attestation + * service, so the generated TDREPORT can be uniquely verified. + * @tdreport: User buffer to store TDREPORT output from TDCALL[TDG.MR.REPORT]. + */ +struct tdx_report_req { + __u8 reportdata[TDX_REPORTDATA_LEN]; + __u8 tdreport[TDX_REPORT_LEN]; +}; + +/* + * TDX_CMD_GET_REPORT0 - Get TDREPORT0 (a.k.a. TDREPORT subtype 0) using + * TDCALL[TDG.MR.REPORT] + * + * Return 0 on success, -EIO on TDCALL execution failure, and + * standard errno on other general error cases. + */ +#define TDX_CMD_GET_REPORT0 _IOWR('T', 1, struct tdx_report_req) + +#endif /* _UAPI_LINUX_TDX_GUEST_H_ */ From patchwork Tue Mar 7 10:35:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Righi X-Patchwork-Id: 1753053 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=L8meo+9V; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4PWBfz2j7tz1yXD for ; Tue, 7 Mar 2023 21:35:39 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1pZUfL-00061a-WB; Tue, 07 Mar 2023 10:35:32 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1pZUfF-0005uo-88 for kernel-team@lists.ubuntu.com; Tue, 07 Mar 2023 10:35:25 +0000 Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 8D1FC3F591 for ; Tue, 7 Mar 2023 10:35:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1678185324; bh=n6qr0PE3mfeNIf6+3NQxmGKhDHBcEMd7wPXDdr9I8Xg=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=L8meo+9VLpRnSyycfUZ9bTHWXO4JZdmvAKHbQFJrlAlVpeXy6MHQYEZQ7X1YN5fMM iS4YQh1qycTUS/TO4TNahrHBAJun2XE3mscArOedT8NADvpdVP6ndCxenoFr5dPNFG LPmK3HiKatLkAY04aAetCkh5qP5ST/SRXpHyQCFtDUSRQf9j1lz5cisRi8y6El8wNN eeC6+dsj0NjtVR4jLqlLjJrLnWxqtaQQ8Qr5TGv2deMvcunm7ElmwQqmmPWOo2Wt6z +1SDD3vpQmB7EpkWK/u6FJRvJizlFfhCiflnZAw/MdhiLrsPYRTDcETjVxJGE7VRlM A1Fimjbyp0MCA== Received: by mail-ed1-f72.google.com with SMTP id k12-20020a50c8cc000000b004accf30f6d3so18308486edh.14 for ; Tue, 07 Mar 2023 02:35:24 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678185321; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=n6qr0PE3mfeNIf6+3NQxmGKhDHBcEMd7wPXDdr9I8Xg=; b=hPhhqLU8LSpHnvGW8siht5O4jLdqruixOlJxxazzNyXf9tCdQEpi4nSUwxsSvaD+Qt Fyq93+Ji4EJaHC7vS0kIAHSGeo4m1Q4hQKEKNLxe7S1GolvsrpQ7e5NcXekaDBnjifwQ DlAGVZNRedV/zwlMDcEo/jfGVBD+rSIUPSyLIvjw9NH7UYkv3Mg6DSkfvaMQS6m8vE1M v4WtpE2e3mB6hdliso/guvYn2z2DgGitVNLL1su3DElr+JuzUb58m8GaN55h8uZTMODg REoFJkucnEl1cWM/YpxN68ClOWIK8ZLRa6O6/j9XtK+uHBIiJwT/dNX3bNW6TVOp0E21 wQ1w== X-Gm-Message-State: AO0yUKU6IOgejEecfthqx/Vq5VccmWbDjP1myfIz6ehRuebCnLu0nkpt F+dwisaNTX0umpsyuDX+Mp463PJrEbck1SzRBdXocRfehJI7vLFVzS8BtSk39JFnwoQVGOcJpyR XakRtBYqR7fUwGRlOnKJf0OAPD9YeYfJvxJ4LMHhemf9Ezb8J9g== X-Received: by 2002:a50:fc03:0:b0:4bf:4b5c:1d58 with SMTP id i3-20020a50fc03000000b004bf4b5c1d58mr14100212edr.11.1678185321218; Tue, 07 Mar 2023 02:35:21 -0800 (PST) X-Google-Smtp-Source: AK7set9/b54dEW+R1ji3cpZvg8iqfeXfvQY/OoMbmZ6a+tX509ao0GtCSXW1psJAILFQewOSpKQw5w== X-Received: by 2002:a50:fc03:0:b0:4bf:4b5c:1d58 with SMTP id i3-20020a50fc03000000b004bf4b5c1d58mr14100200edr.11.1678185320907; Tue, 07 Mar 2023 02:35:20 -0800 (PST) Received: from righiandr-XPS-13-7390.homenet.telecomitalia.it (host-79-53-23-214.retail.telecomitalia.it. [79.53.23.214]) by smtp.gmail.com with ESMTPSA id q8-20020a170906940800b008eb89a435c9sm5831395ejx.164.2023.03.07.02.35.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 02:35:20 -0800 (PST) From: Andrea Righi To: kernel-team@lists.ubuntu.com Subject: [SRU][K][PATCH v2 5/6] selftests/tdx: Test TDX attestation GetReport support Date: Tue, 7 Mar 2023 11:35:12 +0100 Message-Id: <20230307103513.206358-6-andrea.righi@canonical.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230307103513.206358-1-andrea.righi@canonical.com> References: <20230307103513.206358-1-andrea.righi@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Kuppuswamy Sathyanarayanan BugLink: https://bugs.launchpad.net/bugs/2009437 Attestation is used to verify the trustworthiness of a TDX guest. During the guest bring-up, the Intel TDX module measures and records the initial contents and configuration of the guest, and at runtime, guest software uses runtime measurement registers (RMTRs) to measure and record details related to kernel image, command line params, ACPI tables, initrd, etc. At guest runtime, the attestation process is used to attest to these measurements. The first step in the TDX attestation process is to get the TDREPORT data. It is a fixed size data structure generated by the TDX module which includes the above mentioned measurements data, a MAC ID to protect the integrity of the TDREPORT, and a 64-Byte of user specified data passed during TDREPORT request which can uniquely identify the TDREPORT. Intel's TDX guest driver exposes TDX_CMD_GET_REPORT0 IOCTL interface to enable guest userspace to get the TDREPORT subtype 0. Add a kernel self test module to test this ABI and verify the validity of the generated TDREPORT. Signed-off-by: Kuppuswamy Sathyanarayanan Signed-off-by: Dave Hansen Reviewed-by: Tony Luck Reviewed-by: Mika Westerberg Acked-by: Kai Huang Acked-by: Wander Lairson Costa Acked-by: Kirill A. Shutemov Link: https://lore.kernel.org/all/20221116223820.819090-4-sathyanarayanan.kuppuswamy%40linux.intel.com (cherry picked from commit 00e07cfbdf0b232f7553f0175f8f4e8d792f7e90) Signed-off-by: Andrea Righi --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/tdx/Makefile | 7 + tools/testing/selftests/tdx/config | 1 + tools/testing/selftests/tdx/tdx_guest_test.c | 163 +++++++++++++++++++ 4 files changed, 172 insertions(+) create mode 100644 tools/testing/selftests/tdx/Makefile create mode 100644 tools/testing/selftests/tdx/config create mode 100644 tools/testing/selftests/tdx/tdx_guest_test.c diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index de11992dc577..807a839d69c4 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -69,6 +69,7 @@ TARGETS += sync TARGETS += syscall_user_dispatch TARGETS += sysctl TARGETS += tc-testing +TARGETS += tdx TARGETS += timens ifneq (1, $(quicktest)) TARGETS += timers diff --git a/tools/testing/selftests/tdx/Makefile b/tools/testing/selftests/tdx/Makefile new file mode 100644 index 000000000000..8dd43517cd55 --- /dev/null +++ b/tools/testing/selftests/tdx/Makefile @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0 + +CFLAGS += -O3 -Wl,-no-as-needed -Wall -static + +TEST_GEN_PROGS := tdx_guest_test + +include ../lib.mk diff --git a/tools/testing/selftests/tdx/config b/tools/testing/selftests/tdx/config new file mode 100644 index 000000000000..aa1edc829ab6 --- /dev/null +++ b/tools/testing/selftests/tdx/config @@ -0,0 +1 @@ +CONFIG_TDX_GUEST_DRIVER=y diff --git a/tools/testing/selftests/tdx/tdx_guest_test.c b/tools/testing/selftests/tdx/tdx_guest_test.c new file mode 100644 index 000000000000..2a2afd856798 --- /dev/null +++ b/tools/testing/selftests/tdx/tdx_guest_test.c @@ -0,0 +1,163 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Test TDX guest features + * + * Copyright (C) 2022 Intel Corporation. + * + * Author: Kuppuswamy Sathyanarayanan + */ + +#include + +#include +#include + +#include "../kselftest_harness.h" +#include "../../../../include/uapi/linux/tdx-guest.h" + +#define TDX_GUEST_DEVNAME "/dev/tdx_guest" +#define HEX_DUMP_SIZE 8 +#define DEBUG 0 + +/** + * struct tdreport_type - Type header of TDREPORT_STRUCT. + * @type: Type of the TDREPORT (0 - SGX, 81 - TDX, rest are reserved) + * @sub_type: Subtype of the TDREPORT (Default value is 0). + * @version: TDREPORT version (Default value is 0). + * @reserved: Added for future extension. + * + * More details can be found in TDX v1.0 module specification, sec + * titled "REPORTTYPE". + */ +struct tdreport_type { + __u8 type; + __u8 sub_type; + __u8 version; + __u8 reserved; +}; + +/** + * struct reportmac - TDX guest report data, MAC and TEE hashes. + * @type: TDREPORT type header. + * @reserved1: Reserved for future extension. + * @cpu_svn: CPU security version. + * @tee_tcb_info_hash: SHA384 hash of TEE TCB INFO. + * @tee_td_info_hash: SHA384 hash of TDINFO_STRUCT. + * @reportdata: User defined unique data passed in TDG.MR.REPORT request. + * @reserved2: Reserved for future extension. + * @mac: CPU MAC ID. + * + * It is MAC-protected and contains hashes of the remainder of the + * report structure along with user provided report data. More details can + * be found in TDX v1.0 Module specification, sec titled "REPORTMACSTRUCT" + */ +struct reportmac { + struct tdreport_type type; + __u8 reserved1[12]; + __u8 cpu_svn[16]; + __u8 tee_tcb_info_hash[48]; + __u8 tee_td_info_hash[48]; + __u8 reportdata[64]; + __u8 reserved2[32]; + __u8 mac[32]; +}; + +/** + * struct td_info - TDX guest measurements and configuration. + * @attr: TDX Guest attributes (like debug, spet_disable, etc). + * @xfam: Extended features allowed mask. + * @mrtd: Build time measurement register. + * @mrconfigid: Software-defined ID for non-owner-defined configuration + * of the guest - e.g., run-time or OS configuration. + * @mrowner: Software-defined ID for the guest owner. + * @mrownerconfig: Software-defined ID for owner-defined configuration of + * the guest - e.g., specific to the workload. + * @rtmr: Run time measurement registers. + * @reserved: Added for future extension. + * + * It contains the measurements and initial configuration of the TDX guest + * that was locked at initialization and a set of measurement registers + * that are run-time extendable. More details can be found in TDX v1.0 + * Module specification, sec titled "TDINFO_STRUCT". + */ +struct td_info { + __u8 attr[8]; + __u64 xfam; + __u64 mrtd[6]; + __u64 mrconfigid[6]; + __u64 mrowner[6]; + __u64 mrownerconfig[6]; + __u64 rtmr[24]; + __u64 reserved[14]; +}; + +/* + * struct tdreport - Output of TDCALL[TDG.MR.REPORT]. + * @reportmac: Mac protected header of size 256 bytes. + * @tee_tcb_info: Additional attestable elements in the TCB are not + * reflected in the reportmac. + * @reserved: Added for future extension. + * @tdinfo: Measurements and configuration data of size 512 bytes. + * + * More details can be found in TDX v1.0 Module specification, sec + * titled "TDREPORT_STRUCT". + */ +struct tdreport { + struct reportmac reportmac; + __u8 tee_tcb_info[239]; + __u8 reserved[17]; + struct td_info tdinfo; +}; + +static void print_array_hex(const char *title, const char *prefix_str, + const void *buf, int len) +{ + int i, j, line_len, rowsize = HEX_DUMP_SIZE; + const __u8 *ptr = buf; + + printf("\t\t%s", title); + + for (j = 0; j < len; j += rowsize) { + line_len = rowsize < (len - j) ? rowsize : (len - j); + printf("%s%.8x:", prefix_str, j); + for (i = 0; i < line_len; i++) + printf(" %.2x", ptr[j + i]); + printf("\n"); + } + + printf("\n"); +} + +TEST(verify_report) +{ + struct tdx_report_req req; + struct tdreport *tdreport; + int devfd, i; + + devfd = open(TDX_GUEST_DEVNAME, O_RDWR | O_SYNC); + ASSERT_LT(0, devfd); + + /* Generate sample report data */ + for (i = 0; i < TDX_REPORTDATA_LEN; i++) + req.reportdata[i] = i; + + /* Get TDREPORT */ + ASSERT_EQ(0, ioctl(devfd, TDX_CMD_GET_REPORT0, &req)); + + if (DEBUG) { + print_array_hex("\n\t\tTDX report data\n", "", + req.reportdata, sizeof(req.reportdata)); + + print_array_hex("\n\t\tTDX tdreport data\n", "", + req.tdreport, sizeof(req.tdreport)); + } + + /* Make sure TDREPORT data includes the REPORTDATA passed */ + tdreport = (struct tdreport *)req.tdreport; + ASSERT_EQ(0, memcmp(&tdreport->reportmac.reportdata[0], + req.reportdata, sizeof(req.reportdata))); + + ASSERT_EQ(0, close(devfd)); +} + +TEST_HARNESS_MAIN From patchwork Tue Mar 7 10:35:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Righi X-Patchwork-Id: 1753054 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=vCF9rsKW; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4PWBg04G96z1yXD for ; Tue, 7 Mar 2023 21:35:40 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1pZUfN-00063L-8g; Tue, 07 Mar 2023 10:35:33 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1pZUfF-0005un-8Z for kernel-team@lists.ubuntu.com; Tue, 07 Mar 2023 10:35:25 +0000 Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id CD79E3FB9C for ; Tue, 7 Mar 2023 10:35:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1678185324; bh=ftgdUzemgxPajriqAXCZ5KaMz39afQMaUmL2tCkzF0A=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=vCF9rsKWn5pBaA9gVMxbMzvdbOLjSQZuGgYQfjbJF8pBiYvMhKoOcyDX+GZNmY+6W VpZvqaygYkTBYdBD7FsK2plq/cai+b2FwSRmw968rT3v7NQgfrAXNL9KKU4V+iNJEU xLTFf+QWgSnGvLMBgMgKvCHVkH2TZDJb8wol0+S5T1d36Inxs4+Pcgcu78KgcpwzmG ItlC7j0I7PsEDAXABXogkmLigtCuwmiVzDKthwl4vzlHspMS3jPPdlgo2gu8UeKTnC krin4ceEpxMJtFwtSLiX7PoU0EEOA26ZfkbXIYSjbm0uwPFLFxKRqRaLXW5xkenjL9 Yg6GSFrNdtwvQ== Received: by mail-ed1-f70.google.com with SMTP id v11-20020a056402348b00b004ce34232666so14985669edc.3 for ; Tue, 07 Mar 2023 02:35:24 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678185321; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ftgdUzemgxPajriqAXCZ5KaMz39afQMaUmL2tCkzF0A=; b=7ttVTsa/u87mxAArSn9xRMUmftB68xwbk6r31dpGXa0895Y3sB1/8eA8k1uLFz1q9X CS9wnlAuO/vammnYODlsP+Ia34tunyQNxPA0zFPDJO+o9RCLyaSVYISF6lptQbdzxe7r IJ2387sSGGNBDy9S/jYGS6O4w6/+lgKqIIjMDwz3JKsaWT3gqMD03sPn21uEaZ/tEoKR tyC7A+SDYT4OpNaSOCfcYo2c32WOab8fsn3kmbemWBwWEIjk3M+/8VNa0lKIRGYRYIOX ip8iFpiK0E4EvuKzKuTBQ/Q+kQOCoaKXdLmc74CsY7luDyTo0kBSwkWol6PvRqtTwlys FmiQ== X-Gm-Message-State: AO0yUKV8nVCYo/tFnH/MxFm14hycx12CWO/4WM8ijo/lbr74HMAKdccr JQqIQ+TyBQHwPoisLsA3+w2bhg4mo89wk4pQFvacLtRgh8u+i6XuDDdAq8fPw5pKGmoKlD4jLkg OBF6zrZzoxtq3geF6VEabPEXijlKlF8TwixwjqPOzEn6U508zKQ== X-Received: by 2002:aa7:cfcb:0:b0:4af:6c25:ed9a with SMTP id r11-20020aa7cfcb000000b004af6c25ed9amr13091863edy.29.1678185321609; Tue, 07 Mar 2023 02:35:21 -0800 (PST) X-Google-Smtp-Source: AK7set8MvFUK+JoXJqDBD0sckuqdFTO+T7sJRdbDWH/LT8pOmuONVquOVbbxjHCPE2nbp2BDxyALFA== X-Received: by 2002:aa7:cfcb:0:b0:4af:6c25:ed9a with SMTP id r11-20020aa7cfcb000000b004af6c25ed9amr13091855edy.29.1678185321449; Tue, 07 Mar 2023 02:35:21 -0800 (PST) Received: from righiandr-XPS-13-7390.homenet.telecomitalia.it (host-79-53-23-214.retail.telecomitalia.it. [79.53.23.214]) by smtp.gmail.com with ESMTPSA id q8-20020a170906940800b008eb89a435c9sm5831395ejx.164.2023.03.07.02.35.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 02:35:21 -0800 (PST) From: Andrea Righi To: kernel-team@lists.ubuntu.com Subject: [SRU][K][PATCH v2 6/6] UBUNTU: [Config] enable TDX attestation driver as module by default Date: Tue, 7 Mar 2023 11:35:13 +0100 Message-Id: <20230307103513.206358-7-andrea.righi@canonical.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230307103513.206358-1-andrea.righi@canonical.com> References: <20230307103513.206358-1-andrea.righi@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/2009437 Signed-off-by: Andrea Righi --- debian.master/config/annotations | 3 +++ debian.master/config/config.common.ubuntu | 1 + 2 files changed, 4 insertions(+) diff --git a/debian.master/config/annotations b/debian.master/config/annotations index c0d51a759b94..21261d17b4a8 100644 --- a/debian.master/config/annotations +++ b/debian.master/config/annotations @@ -14401,6 +14401,9 @@ CONFIG_KVM_AMD policy<{'amd64': 'm'}> CONFIG_KVM_AMD_SEV policy<{'amd64': 'y'}> CONFIG_KVM_XEN policy<{'amd64': 'y'}> +CONFIG_TDX_GUEST_DRIVER policy<{'amd64': 'm'}> +CONFIG_TDX_GUEST_DRIVER note + # Menu: Virtualization >> Linux - VM Monitor Stream, base infrastructure >> Architecture: s390 CONFIG_APPLDATA_BASE policy<{'s390x': 'y'}> diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu index 1284d6c7eba8..00079122932b 100644 --- a/debian.master/config/config.common.ubuntu +++ b/debian.master/config/config.common.ubuntu @@ -11485,6 +11485,7 @@ CONFIG_TCP_CONG_YEAH=m CONFIG_TCP_MD5SIG=y CONFIG_TCS3414=m CONFIG_TCS3472=m +CONFIG_TDX_GUEST_DRIVER=m CONFIG_TEE=m CONFIG_TEE_BNXT_FW=m CONFIG_TEGRA124_CLK_EMC=y