1. Patchew
  2. linux
  3. [PATCH v1 0/3] Increase CoCo attestation report buffer size
  4. View patch

[PATCH v1 3/3] virt: tdx-guest: Increase Quote buffer size to 128KB

Kuppuswamy Sathyanarayanan posted 3 patches 1 month, 2 weeks ago
[PATCH v1 3/3] virt: tdx-guest: Increase Quote buffer size to 128KB
Posted by Kuppuswamy Sathyanarayanan 1 month, 2 weeks ago 
Intel platforms are transitioning from traditional SGX-based
attestation toward DICE-based attestation as part of a broader move
toward open and standardized attestation models. DICE enables layered
and extensible attestation, where evidence is accumulated across
multiple boot stages.

With SGX-based attestation, Quote sizes are typically under 8KB, as the
payload consists primarily of Quote data and a small certificate bundle.
Existing TDX guest code sizes the Quote buffer accordingly.

DICE-based attestation produces significantly larger Quotes due to the
inclusion of evidence (certificate chains) from multiple boot layers.
The cumulative Quote size can reach approximately 100KB.

Increase GET_QUOTE_BUF_SIZE to 128KB to ensure sufficient buffer
capacity for DICE-based Quote payloads.

Reviewed-by: Fang Peter <peter.fang@intel.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
---
 Documentation/ABI/testing/configfs-tsm-report | 4 ++++
 drivers/virt/coco/tdx-guest/tdx-guest.c       | 4 +++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/Documentation/ABI/testing/configfs-tsm-report b/Documentation/ABI/testing/configfs-tsm-report
index ca3352cfd2f1..7a6a5045a7d5 100644
--- a/Documentation/ABI/testing/configfs-tsm-report
+++ b/Documentation/ABI/testing/configfs-tsm-report
@@ -73,6 +73,10 @@ Description:
 		Library Revision 0.8 Appendix 4,5
 		https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf
 
+		Intel TDX platforms with DICE-based attestation use CBOR Web Token
+		(CWT) format for the Quote payload. This is indicated by the Quote
+		size exceeding 8KB.
+
 What:		/sys/kernel/config/tsm/report/$name/generation
 Date:		September, 2023
 KernelVersion:	v6.7
diff --git a/drivers/virt/coco/tdx-guest/tdx-guest.c b/drivers/virt/coco/tdx-guest/tdx-guest.c
index 4e239ec960c9..4252b147593a 100644
--- a/drivers/virt/coco/tdx-guest/tdx-guest.c
+++ b/drivers/virt/coco/tdx-guest/tdx-guest.c
@@ -160,8 +160,10 @@ static void tdx_mr_deinit(const struct attribute_group *mr_grp)
 /*
  * Intel's SGX QE implementation generally uses Quote size less
  * than 8K (2K Quote data + ~5K of certificate blob).
+ * DICE-based attestation uses layered evidence that requires
+ * larger Quote size (~100K).
  */
-#define GET_QUOTE_BUF_SIZE		SZ_8K
+#define GET_QUOTE_BUF_SIZE		SZ_128K
 
 #define GET_QUOTE_CMD_VER		1
 
-- 
2.43.0
Re: [PATCH v1 3/3] virt: tdx-guest: Increase Quote buffer size to 128KB
Posted by Kiryl Shutsemau 1 month, 2 weeks ago 
On Tue, Feb 10, 2026 at 04:17:12PM -0800, Kuppuswamy Sathyanarayanan wrote:
> Intel platforms are transitioning from traditional SGX-based
> attestation toward DICE-based attestation as part of a broader move
> toward open and standardized attestation models. DICE enables layered
> and extensible attestation, where evidence is accumulated across
> multiple boot stages.
> 
> With SGX-based attestation, Quote sizes are typically under 8KB, as the
> payload consists primarily of Quote data and a small certificate bundle.
> Existing TDX guest code sizes the Quote buffer accordingly.
> 
> DICE-based attestation produces significantly larger Quotes due to the
> inclusion of evidence (certificate chains) from multiple boot layers.
> The cumulative Quote size can reach approximately 100KB.
> 
> Increase GET_QUOTE_BUF_SIZE to 128KB to ensure sufficient buffer
> capacity for DICE-based Quote payloads.

It worth noting that it requires guest physically-contiguous memory.

Single order-5 allocation is not that bad as long as the driver
initialized during the boot.

-- 
  Kiryl Shutsemau / Kirill A. Shutemov
Re: [PATCH v1 3/3] virt: tdx-guest: Increase Quote buffer size to 128KB
Posted by Kuppuswamy Sathyanarayanan 1 month, 2 weeks ago 
Hi Kiryl,

Thanks for the review!

On 2/11/2026 3:17 AM, Kiryl Shutsemau wrote:
> On Tue, Feb 10, 2026 at 04:17:12PM -0800, Kuppuswamy Sathyanarayanan wrote:
>> Intel platforms are transitioning from traditional SGX-based
>> attestation toward DICE-based attestation as part of a broader move
>> toward open and standardized attestation models. DICE enables layered
>> and extensible attestation, where evidence is accumulated across
>> multiple boot stages.
>>
>> With SGX-based attestation, Quote sizes are typically under 8KB, as the
>> payload consists primarily of Quote data and a small certificate bundle.
>> Existing TDX guest code sizes the Quote buffer accordingly.
>>
>> DICE-based attestation produces significantly larger Quotes due to the
>> inclusion of evidence (certificate chains) from multiple boot layers.
>> The cumulative Quote size can reach approximately 100KB.
>>
>> Increase GET_QUOTE_BUF_SIZE to 128KB to ensure sufficient buffer
>> capacity for DICE-based Quote payloads.
> 
> It worth noting that it requires guest physically-contiguous memory.
> 
> Single order-5 allocation is not that bad as long as the driver
> initialized during the boot.

Good point! We can add following to the commit log:

The Quote buffer requires guest physically-contiguous memory and is
allocated once during driver initialization at boot time, where an
order-5 allocation (128KB) is expected to succeed reliably.

> 

-- 
Sathyanarayanan Kuppuswamy
Linux Kernel Developer
Re: [PATCH v1 3/3] virt: tdx-guest: Increase Quote buffer size to 128KB
Posted by dan.j.williams@intel.com 1 month, 2 weeks ago 
Kuppuswamy Sathyanarayanan wrote:
> Hi Kiryl,
> 
> Thanks for the review!
> 
> On 2/11/2026 3:17 AM, Kiryl Shutsemau wrote:
> > On Tue, Feb 10, 2026 at 04:17:12PM -0800, Kuppuswamy Sathyanarayanan wrote:
> >> Intel platforms are transitioning from traditional SGX-based
> >> attestation toward DICE-based attestation as part of a broader move
> >> toward open and standardized attestation models. DICE enables layered
> >> and extensible attestation, where evidence is accumulated across
> >> multiple boot stages.
> >>
> >> With SGX-based attestation, Quote sizes are typically under 8KB, as the
> >> payload consists primarily of Quote data and a small certificate bundle.
> >> Existing TDX guest code sizes the Quote buffer accordingly.
> >>
> >> DICE-based attestation produces significantly larger Quotes due to the
> >> inclusion of evidence (certificate chains) from multiple boot layers.
> >> The cumulative Quote size can reach approximately 100KB.
> >>
> >> Increase GET_QUOTE_BUF_SIZE to 128KB to ensure sufficient buffer
> >> capacity for DICE-based Quote payloads.
> > 
> > It worth noting that it requires guest physically-contiguous memory.
> > 
> > Single order-5 allocation is not that bad as long as the driver
> > initialized during the boot.
> 
> Good point! We can add following to the commit log:
> 
> The Quote buffer requires guest physically-contiguous memory and is
> allocated once during driver initialization at boot time, where an
> order-5 allocation (128KB) is expected to succeed reliably.

That is good feedback. I would rather not restart the timer on the
linux-next exposure with a rebase to add that. I think in this case it
is sufficient that the commit has a link back to this discussion:

Link: https://patch.msgid.link/20260211001712.1531955-4-sathyanarayanan.kuppuswamy@linux.intel.com

However, when the the patch to add the link to the documentation for the
CBOR Web Token schema is ready, do take the opportunity to also add a
patch commenting about the order-5 allocation risk to
GET_QUOTE_BUF_SIZE.

Later, when / if these objects start to get into order-10+ allocations
for PQC etc, a scatter-gather mechanism will need to be considered.
Re: [PATCH v1 3/3] virt: tdx-guest: Increase Quote buffer size to 128KB
Posted by Kuppuswamy Sathyanarayanan 1 month, 2 weeks ago 
Hi Dan,

On 2/11/2026 1:06 PM, dan.j.williams@intel.com wrote:
> Kuppuswamy Sathyanarayanan wrote:
>> Hi Kiryl,
>>
>> Thanks for the review!
>>
>> On 2/11/2026 3:17 AM, Kiryl Shutsemau wrote:
>>> On Tue, Feb 10, 2026 at 04:17:12PM -0800, Kuppuswamy Sathyanarayanan wrote:
>>>> Intel platforms are transitioning from traditional SGX-based
>>>> attestation toward DICE-based attestation as part of a broader move
>>>> toward open and standardized attestation models. DICE enables layered
>>>> and extensible attestation, where evidence is accumulated across
>>>> multiple boot stages.
>>>>
>>>> With SGX-based attestation, Quote sizes are typically under 8KB, as the
>>>> payload consists primarily of Quote data and a small certificate bundle.
>>>> Existing TDX guest code sizes the Quote buffer accordingly.
>>>>
>>>> DICE-based attestation produces significantly larger Quotes due to the
>>>> inclusion of evidence (certificate chains) from multiple boot layers.
>>>> The cumulative Quote size can reach approximately 100KB.
>>>>
>>>> Increase GET_QUOTE_BUF_SIZE to 128KB to ensure sufficient buffer
>>>> capacity for DICE-based Quote payloads.
>>>
>>> It worth noting that it requires guest physically-contiguous memory.
>>>
>>> Single order-5 allocation is not that bad as long as the driver
>>> initialized during the boot.
>>
>> Good point! We can add following to the commit log:
>>
>> The Quote buffer requires guest physically-contiguous memory and is
>> allocated once during driver initialization at boot time, where an
>> order-5 allocation (128KB) is expected to succeed reliably.
> 
> That is good feedback. I would rather not restart the timer on the
> linux-next exposure with a rebase to add that. I think in this case it
> is sufficient that the commit has a link back to this discussion:
> 
> Link: https://patch.msgid.link/20260211001712.1531955-4-sathyanarayanan.kuppuswamy@linux.intel.com
> 
> However, when the the patch to add the link to the documentation for the
> CBOR Web Token schema is ready, do take the opportunity to also add a
> patch commenting about the order-5 allocation risk to
> GET_QUOTE_BUF_SIZE.

Sounds good. Once the CWT documentation is ready, I will send a follow-up
patch that includes both the documentation link and the order-5 allocation
comment.

> 
> Later, when / if these objects start to get into order-10+ allocations
> for PQC etc, a scatter-gather mechanism will need to be considered.

-- 
Sathyanarayanan Kuppuswamy
Linux Kernel Developer
Re: [PATCH v1 3/3] virt: tdx-guest: Increase Quote buffer size to 128KB
Posted by dan.j.williams@intel.com 1 month, 2 weeks ago 
Kuppuswamy Sathyanarayanan wrote:
> Intel platforms are transitioning from traditional SGX-based
> attestation toward DICE-based attestation as part of a broader move
> toward open and standardized attestation models. DICE enables layered
> and extensible attestation, where evidence is accumulated across
> multiple boot stages.
> 
> With SGX-based attestation, Quote sizes are typically under 8KB, as the
> payload consists primarily of Quote data and a small certificate bundle.
> Existing TDX guest code sizes the Quote buffer accordingly.
> 
> DICE-based attestation produces significantly larger Quotes due to the
> inclusion of evidence (certificate chains) from multiple boot layers.
> The cumulative Quote size can reach approximately 100KB.
> 
> Increase GET_QUOTE_BUF_SIZE to 128KB to ensure sufficient buffer
> capacity for DICE-based Quote payloads.
> 
> Reviewed-by: Fang Peter <peter.fang@intel.com>
> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
> ---
>  Documentation/ABI/testing/configfs-tsm-report | 4 ++++
>  drivers/virt/coco/tdx-guest/tdx-guest.c       | 4 +++-
>  2 files changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/Documentation/ABI/testing/configfs-tsm-report b/Documentation/ABI/testing/configfs-tsm-report
> index ca3352cfd2f1..7a6a5045a7d5 100644
> --- a/Documentation/ABI/testing/configfs-tsm-report
> +++ b/Documentation/ABI/testing/configfs-tsm-report
> @@ -73,6 +73,10 @@ Description:
>  		Library Revision 0.8 Appendix 4,5
>  		https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf
>  
> +		Intel TDX platforms with DICE-based attestation use CBOR Web Token
> +		(CWT) format for the Quote payload. This is indicated by the Quote
> +		size exceeding 8KB.

Looks ok, please follow up with a link to the full format specification
when it is published.

I will change this subject to:

"configfs-tsm-report: tdx_guest: Increase Quote buffer size to 128KB"

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.