1. Patchew
  2. linux
  3. [PATCH 0/2 v2] Move SEV sysfs information and expose MSR_SEV_STATUS
  4. View patch

[PATCH 2/2] x86/sev: Make SEV_STATUS available via SYSFS

Joerg Roedel posted 2 patches 9 months, 1 week ago
[PATCH 2/2] x86/sev: Make SEV_STATUS available via SYSFS
Posted by Joerg Roedel 9 months, 1 week ago 
From: Joerg Roedel <jroedel@suse.de>

Current user-space tooling which needs access to the SEV_STATUS MSR is
using the MSR module. The use of this module poses a security risk in
any trusted execution environment and is generally discouraged.

Instead, provide an file in SYSFS in the /sys/hypervisor/sev/
directory to provide the value of the SEV_STATUS MSR to user-space.

Signed-off-by: Joerg Roedel <jroedel@suse.de>
---
 Documentation/ABI/testing/sysfs-hypervisor | 5 +++++
 arch/x86/coco/sev/core.c                   | 9 +++++++++
 2 files changed, 14 insertions(+)

diff --git a/Documentation/ABI/testing/sysfs-hypervisor b/Documentation/ABI/testing/sysfs-hypervisor
index aca8b02c878c..54c80899c19c 100644
--- a/Documentation/ABI/testing/sysfs-hypervisor
+++ b/Documentation/ABI/testing/sysfs-hypervisor
@@ -1,5 +1,6 @@
 What:		/sys/devices/system/cpu/sev
 		/sys/devices/system/cpu/sev/vmpl
+		/sys/devices/system/cpu/sev/sev_status
 Date:		May 2024
 Contact:	Linux kernel mailing list <linux-kernel@vger.kernel.org>
 Description:	Secure Encrypted Virtualization (SEV) information
@@ -8,3 +9,7 @@ Description:	Secure Encrypted Virtualization (SEV) information
 
 		vmpl: Reports the Virtual Machine Privilege Level (VMPL) at which
 		      the SEV-SNP guest is running.
+
+		sev_status: Reports the value of the SEV_STATUS MSR which
+		            enumerates the enabled features of an SEV-SNP
+			    environment.
diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
index 51a04a19449b..3e834ce9badc 100644
--- a/arch/x86/coco/sev/core.c
+++ b/arch/x86/coco/sev/core.c
@@ -2678,10 +2678,19 @@ static ssize_t vmpl_show(struct kobject *kobj,
 	return sysfs_emit(buf, "%d\n", snp_vmpl);
 }
 
+static ssize_t sev_status_show(struct kobject *kobj,
+			       struct kobj_attribute *attr, char *buf)
+{
+	return sysfs_emit(buf, "%llx\n", sev_status);
+}
+
 static struct kobj_attribute vmpl_attr = __ATTR_RO(vmpl);
+static struct kobj_attribute sev_status_attr = __ATTR_RO(sev_status);
+
 
 static struct attribute *vmpl_attrs[] = {
 	&vmpl_attr.attr,
+	&sev_status_attr.attr,
 	NULL
 };
 
-- 
2.48.1
Re: [PATCH 2/2] x86/sev: Make SEV_STATUS available via SYSFS
Posted by Dave Hansen 9 months, 1 week ago 
On 3/12/25 07:41, Joerg Roedel wrote:
> +static ssize_t sev_status_show(struct kobject *kobj,
> +			       struct kobj_attribute *attr, char *buf)
> +{
> +	return sysfs_emit(buf, "%llx\n", sev_status);
> +}

Do we really want to just plumb the raw MSR out to userspace? Users
would still need to parse the thing, so it's not _really_ human readable.
Re: [PATCH 2/2] x86/sev: Make SEV_STATUS available via SYSFS
Posted by Joerg Roedel 9 months, 1 week ago 
Hi Dave,

On Wed, Mar 12, 2025 at 07:57:31AM -0700, Dave Hansen wrote:
> Do we really want to just plumb the raw MSR out to userspace? Users
> would still need to parse the thing, so it's not _really_ human readable.

I agree that this is not really human readable. On the other side SYSFS
is more an interface targeted for tools than optimized for human
readability (see the one-datum-per-file rule).

The actual use-case (and the reason for these patches) of the sev_status
file is to provide a better and more secure interface than /dev/msr to a
tool named snpguest.

A human readable form of this can be added as well, if needed. There is
already a line in dmesg with the decoded features.

Regards,

-- 
Jörg Rödel
jroedel@suse.de

SUSE Software Solutions Germany GmbH
Frankenstraße 146
90461 Nürnberg
Germany
https://www.suse.com/

Geschäftsführer: Ivo Totev, Andrew McDonald, Werner Knoblich
(HRB 36809, AG Nürnberg)
Re: [PATCH 2/2] x86/sev: Make SEV_STATUS available via SYSFS
Posted by Dave Hansen 9 months, 1 week ago 
On 3/12/25 08:07, Joerg Roedel wrote:
> Hi Dave,
> 
> On Wed, Mar 12, 2025 at 07:57:31AM -0700, Dave Hansen wrote:
>> Do we really want to just plumb the raw MSR out to userspace? Users
>> would still need to parse the thing, so it's not _really_ human readable.
> 
> I agree that this is not really human readable. On the other side SYSFS
> is more an interface targeted for tools than optimized for human
> readability (see the one-datum-per-file rule).

Right, but I think it's also intended to be independent and not
*require* tools to make sense of the output. A raw MSR requires tooling
or someone sitting there with the hardware docs to make sense of it.

That's why we have things like:

	/sys/kernel/mm/transparent_hugepage/enabled

that tell you:

	[always] madvise never

as opposed to the old style in:

	/proc/sys/vm/zone_reclaim_mode

which require you to go read the docs and figure out what 0/1/2 mean.

> The actual use-case (and the reason for these patches) of the sev_status
> file is to provide a better and more secure interface than /dev/msr to a
> tool named snpguest.

Let's draw this out to its natural conclusion. There are also a bunch of
TDX attributes that tell you about the capabilities of the VM and the
TDX module.

Should we have:

	/sys/devices/system/cpu/tdx/tdx_attributes

which just dumps out the raw register values that come back from the
TDCALL? Then we'll go write a tdxguest tool to parse those values.
Re: [PATCH 2/2] x86/sev: Make SEV_STATUS available via SYSFS
Posted by Joerg Roedel 9 months, 1 week ago 
On Wed, Mar 12, 2025 at 09:04:14AM -0700, Dave Hansen wrote:
> Let's draw this out to its natural conclusion. There are also a bunch of
> TDX attributes that tell you about the capabilities of the VM and the
> TDX module.
> 
> Should we have:
> 
> 	/sys/devices/system/cpu/tdx/tdx_attributes
> 
> which just dumps out the raw register values that come back from the
> TDCALL? Then we'll go write a tdxguest tool to parse those values.

If I remember correctly the goal of the VirTEE project (where the
snpguest tool lives) is to come up with a combined teeguest tool. This
will serve as a vendor- and architecture-independent frontend for the
various kernel interfaces for confidential computing (configfs-tsm,
sysfs-attributes, ...).

So yes, my expectation is that this tool will understand the raw values
returned from the TDCALL, as long as they are architectural.

But let me think a bit more about a solution that takes care of the
tooling and the human requirements.

Regards,

	Joerg
Re: [PATCH 2/2] x86/sev: Make SEV_STATUS available via SYSFS
Posted by Tom Lendacky 9 months, 1 week ago 
On 3/12/25 09:41, Joerg Roedel wrote:
> From: Joerg Roedel <jroedel@suse.de>
> 
> Current user-space tooling which needs access to the SEV_STATUS MSR is
> using the MSR module. The use of this module poses a security risk in
> any trusted execution environment and is generally discouraged.
> 
> Instead, provide an file in SYSFS in the /sys/hypervisor/sev/
> directory to provide the value of the SEV_STATUS MSR to user-space.
> 
> Signed-off-by: Joerg Roedel <jroedel@suse.de>
> ---
>  Documentation/ABI/testing/sysfs-hypervisor | 5 +++++
>  arch/x86/coco/sev/core.c                   | 9 +++++++++
>  2 files changed, 14 insertions(+)
> 
> diff --git a/Documentation/ABI/testing/sysfs-hypervisor b/Documentation/ABI/testing/sysfs-hypervisor
> index aca8b02c878c..54c80899c19c 100644
> --- a/Documentation/ABI/testing/sysfs-hypervisor
> +++ b/Documentation/ABI/testing/sysfs-hypervisor
> @@ -1,5 +1,6 @@
>  What:		/sys/devices/system/cpu/sev
>  		/sys/devices/system/cpu/sev/vmpl
> +		/sys/devices/system/cpu/sev/sev_status
>  Date:		May 2024
>  Contact:	Linux kernel mailing list <linux-kernel@vger.kernel.org>
>  Description:	Secure Encrypted Virtualization (SEV) information
> @@ -8,3 +9,7 @@ Description:	Secure Encrypted Virtualization (SEV) information
>  
>  		vmpl: Reports the Virtual Machine Privilege Level (VMPL) at which
>  		      the SEV-SNP guest is running.
> +
> +		sev_status: Reports the value of the SEV_STATUS MSR which
> +		            enumerates the enabled features of an SEV-SNP
> +			    environment.
> diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
> index 51a04a19449b..3e834ce9badc 100644
> --- a/arch/x86/coco/sev/core.c
> +++ b/arch/x86/coco/sev/core.c
> @@ -2678,10 +2678,19 @@ static ssize_t vmpl_show(struct kobject *kobj,
>  	return sysfs_emit(buf, "%d\n", snp_vmpl);
>  }
>  
> +static ssize_t sev_status_show(struct kobject *kobj,
> +			       struct kobj_attribute *attr, char *buf)
> +{
> +	return sysfs_emit(buf, "%llx\n", sev_status);

Should it be prefixed with '0x'? That would make use of functions like
atoi() and strtol() easier.

Thanks,
Tom

> +}
> +
>  static struct kobj_attribute vmpl_attr = __ATTR_RO(vmpl);
> +static struct kobj_attribute sev_status_attr = __ATTR_RO(sev_status);
> +
>  
>  static struct attribute *vmpl_attrs[] = {
>  	&vmpl_attr.attr,
> +	&sev_status_attr.attr,
>  	NULL
>  };
>
Re: [PATCH 2/2] x86/sev: Make SEV_STATUS available via SYSFS
Posted by Joerg Roedel 9 months, 1 week ago 
Hi Tom,

On Wed, Mar 12, 2025 at 09:46:45AM -0500, Tom Lendacky wrote:
> On 3/12/25 09:41, Joerg Roedel wrote:
> > +static ssize_t sev_status_show(struct kobject *kobj,
> > +			       struct kobj_attribute *attr, char *buf)
> > +{
> > +	return sysfs_emit(buf, "%llx\n", sev_status);
> 
> Should it be prefixed with '0x'? That would make use of functions like
> atoi() and strtol() easier.

Yes, it probably should. Currently I see just a '7' in the file, which
gives no clue about the used base. I will change that in the next
version.

Regards,

-- 
Jörg Rödel
jroedel@suse.de

SUSE Software Solutions Germany GmbH
Frankenstraße 146
90461 Nürnberg
Germany
https://www.suse.com/

Geschäftsführer: Ivo Totev, Andrew McDonald, Werner Knoblich
(HRB 36809, AG Nürnberg)

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.