NOTE: This patch series introduces the Measurement Register (MR) ABI, and
is a continuation of the RFC series on the same topic [1].
Introduce the CONFIG_TSM_MEASUREMENTS helper library (tsm-mr) as a
cross-vendor transport schema to allow TVM (TEE VM) guest drives to export
CC (Confidential Compute) architecture-specific MRs (Measurement Registers)
as sysfs attributes/files. Enable applications to read, write/extend MRs
like regular files, supporting various usages such as configuration
verification (e.g., verify a TVM's configuration against digests stored in
static/immutable MRs like MRCONFIGID on TDX or HOSTDATA on SEV) and runtime
measurements (e.g., extend the measurement of a container image to an RTMR
before running it).
Patches included in this series:
- Patch 1 adds the tsm-mr library to help TVM guest drivers exposing MRs as
sysfs attributes.
- Patch 2 provides a sample module demonstrating the usage of the new
tsm-mr library.
- The remaining patches update the TDX guest driver to expose TDX MRs with
the help of the tsm-mr library.
[1]: https://lore.kernel.org/linux-coco/20241210-tsm-rtmr-v3-0-5997d4dbda73@intel.com/
Signed-off-by: Cedric Xing <cedric.xing@intel.com>
---
Changes in v3:
- tsm-mr: Separate measurement support (tsm-mr) from the original tsm
source code. Modules depending on tsm-mr should `select TSM_MEASUREMENTS`
in Kconfig.
- tsm-mr: Revise tsm-mr APIs to allow callers to decide where to host the
MR attributes in sysfs.
- tsm-mr: Drop TSM_MR_F_EXTENSIBLE and route all "write" requests to the CC
guest driver, which would decide how to handle writes (e.g., as extension
to the specified MR).
- tsm-mr: Update the naming pattern for MR attributes from
MRNAME/HASH/digest to MRNAME:HASH.
- tsm-mr: Drop TSM_MR_MAXBANKS kernel config.
- x86/tdx: Return -EBUSY from tdx_mcall_get_report0 on TDCALL_OPERAND_BUSY
error.
- tdx-guest: Move MR attributes from /sys/kernel/tsm/tdx/ to
/sys/class/misc/tdx_guest/ because MR names are architecture-specific, so
their attributes should reside in an architecture-specific location.
- tdx-guest: Remove hash from `mrconfigid`, `mrowner`, `mrownerconfig`.
- tdx-guest: Remove `servtd_hash`, `report0`, and `reportdata`.
- Link to v2: https://lore.kernel.org/r/20250223-tdx-rtmr-v2-0-f2d85b0a5f94@intel.com
Changes in v2:
- Added TSM_MR_MAXBANKS Kconfig option
- Updated Kconfig dependency for TSM_REPORTS
- Updated comments in include/linux/tsm.h
- Updated drivers/virt/coco/tdx-guest/tdx-guest.c to use `IS_BUILTIN()` for
determining if static buffer addresses can be converted to GPAs by
`virt_to_phys()`
- Renamed function `tdx_mcall_rtmr_extend()` -> `tdx_mcall_extend_rtmr()`
- Link to v1: https://lore.kernel.org/r/20250212-tdx-rtmr-v1-0-9795dc49e132@intel.com
---
Cedric Xing (5):
tsm-mr: Add TVM Measurement Register support
tsm-mr: Add tsm-mr sample code
x86/tdx: Add tdx_mcall_extend_rtmr() interface
x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error
virt: tdx-guest: Expose TDX MRs as sysfs attributes
.../sysfs-devices-virtual-misc-tdx_guest-mr | 48 +++++
MAINTAINERS | 6 +-
arch/x86/coco/tdx/tdx.c | 42 ++++-
arch/x86/include/asm/shared/tdx.h | 1 +
arch/x86/include/asm/tdx.h | 2 +
drivers/virt/coco/Kconfig | 5 +
drivers/virt/coco/Makefile | 1 +
drivers/virt/coco/tdx-guest/Kconfig | 1 +
drivers/virt/coco/tdx-guest/tdx-guest.c | 169 ++++++++++++++++-
drivers/virt/coco/tsm-mr.c | 209 +++++++++++++++++++++
include/linux/tsm-mr.h | 93 +++++++++
samples/Kconfig | 10 +
samples/Makefile | 1 +
samples/tsm-mr/Makefile | 2 +
samples/tsm-mr/tsm_mr_sample.c | 138 ++++++++++++++
15 files changed, 722 insertions(+), 6 deletions(-)
---
base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8
change-id: 20250209-tdx-rtmr-255479667146
Best regards,
--
Cedric Xing <cedric.xing@intel.com>