From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
To: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, Hans de Goede <hdegoede@redhat.com>,
Mark Gross <mgross@linux.intel.com>
Cc: "H . Peter Anvin" <hpa@zytor.com>,
Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@linux.intel.com>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
Tony Luck <tony.luck@intel.com>, Andi Kleen <ak@linux.intel.com>,
linux-kernel@vger.kernel.org,
platform-driver-x86@vger.kernel.org
Subject: [PATCH v2 1/6] x86/tdx: Add tdx_mcall_tdreport() API support
Date: Wed, 30 Mar 2022 15:18:00 -0700 [thread overview]
Message-ID: <53663f824e7cfb09cb9bbb3dedfcb834f20ec64a.1648664666.git.sathyanarayanan.kuppuswamy@intel.com> (raw)
In-Reply-To: <cover.1648664666.git.sathyanarayanan.kuppuswamy@intel.com>
In TDX guest, attestation is mainly used to verify the trustworthiness
of a TD to the 3rd party key servers. First step in attestation process
is to get the TDREPORT data and the generated data is further used in
subsequent steps of the attestation process. TDREPORT data contains
details like TDX module version information, measurement of the TD,
along with a TD-specified nonce
Add a wrapper function (tdx_mcall_tdreport()) to get the TDREPORT from
the TDX Module.
More details about the TDREPORT TDCALL can be found in TDX Guest-Host
Communication Interface (GHCI) for Intel TDX 1.5, section titled
"TDCALL [MR.REPORT]".
Steps involved in attestation process can be found in TDX Guest-Host
Communication Interface (GHCI) for Intel TDX 1.5, section titled
"TD attestation"
This API will be mainly used by the attestation driver. Attestation
driver support will be added by upcoming patches.
Reviewed-by: Tony Luck <tony.luck@intel.com>
Reviewed-by: Andi Kleen <ak@linux.intel.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
---
arch/x86/coco/tdx/tdx.c | 53 ++++++++++++++++++++++++++++++++++++++
arch/x86/include/asm/tdx.h | 2 ++
2 files changed, 55 insertions(+)
diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c
index d509ea0ed601..3721e357262e 100644
--- a/arch/x86/coco/tdx/tdx.c
+++ b/arch/x86/coco/tdx/tdx.c
@@ -11,10 +11,12 @@
#include <asm/insn.h>
#include <asm/insn-eval.h>
#include <asm/pgtable.h>
+#include <asm/io.h>
/* TDX module Call Leaf IDs */
#define TDX_GET_INFO 1
#define TDX_GET_VEINFO 3
+#define TDX_GET_REPORT 4
#define TDX_ACCEPT_PAGE 6
/* TDX hypercall Leaf IDs */
@@ -34,6 +36,12 @@
#define VE_GET_PORT_NUM(e) ((e) >> 16)
#define VE_IS_IO_STRING(e) ((e) & BIT(4))
+/* TDX Module call error codes */
+#define TDCALL_RETURN_CODE_MASK 0xffffffff00000000
+#define TDCALL_RETURN_CODE(a) ((a) & TDCALL_RETURN_CODE_MASK)
+#define TDCALL_INVALID_OPERAND 0x8000000000000000
+#define TDCALL_OPERAND_BUSY 0x8000020000000000
+
/*
* Wrapper for standard use of __tdx_hypercall with no output aside from
* return code.
@@ -98,6 +106,51 @@ static inline void tdx_module_call(u64 fn, u64 rcx, u64 rdx, u64 r8, u64 r9,
panic("TDCALL %lld failed (Buggy TDX module!)\n", fn);
}
+/*
+ * tdx_mcall_tdreport() - Generate TDREPORT_STRUCT using TDCALL.
+ *
+ * @data : Address of 1024B aligned data to store
+ * TDREPORT_STRUCT.
+ * @reportdata : Address of 64B aligned report data
+ *
+ * return 0 on success or failure error number.
+ */
+int tdx_mcall_tdreport(void *data, void *reportdata)
+{
+ u64 ret;
+
+ /*
+ * Check for a valid TDX guest to ensure this API is only
+ * used by TDX guest platform. Also make sure "data" and
+ * "reportdata" pointers are valid.
+ */
+ if (!data || !reportdata || !cpu_feature_enabled(X86_FEATURE_TDX_GUEST))
+ return -EINVAL;
+
+ /*
+ * Pass the physical address of user generated reportdata
+ * and the physical address of out pointer to store the
+ * TDREPORT data to the TDX module to generate the
+ * TD report. Generated data contains measurements/configuration
+ * data of the TD guest. More info about ABI can be found in TDX
+ * Guest-Host-Communication Interface (GHCI), sec titled
+ * "TDG.MR.REPORT".
+ */
+ ret = __tdx_module_call(TDX_GET_REPORT, virt_to_phys(data),
+ virt_to_phys(reportdata), 0, 0, NULL);
+
+ if (ret) {
+ if (TDCALL_RETURN_CODE(ret) == TDCALL_INVALID_OPERAND)
+ return -EINVAL;
+ if (TDCALL_RETURN_CODE(ret) == TDCALL_OPERAND_BUSY)
+ return -EBUSY;
+ return -EIO;
+ }
+
+ return 0;
+}
+EXPORT_SYMBOL_GPL(tdx_mcall_tdreport);
+
static u64 get_cc_mask(void)
{
struct tdx_module_output out;
diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
index ea92641dd1f8..343fd8b17e66 100644
--- a/arch/x86/include/asm/tdx.h
+++ b/arch/x86/include/asm/tdx.h
@@ -66,6 +66,8 @@ void tdx_safe_halt(void);
bool tdx_early_handle_ve(struct pt_regs *regs);
+int tdx_mcall_tdreport(void *data, void *reportdata);
+
#else
static inline void tdx_early_init(void) { };
--
2.25.1
next prev parent reply other threads:[~2022-03-30 22:18 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-30 22:17 [PATCH v2 0/6] Add TDX Guest Attestation support Kuppuswamy Sathyanarayanan
2022-03-30 22:18 ` Kuppuswamy Sathyanarayanan [this message]
2022-03-30 22:18 ` [PATCH v2 2/6] x86/tdx: Add tdx_hcall_get_quote() API support Kuppuswamy Sathyanarayanan
2022-03-31 1:55 ` Aubrey Li
2022-03-30 22:18 ` [PATCH v2 3/6] x86/tdx: Add SetupEventNotifyInterrupt TDX hypercall support Kuppuswamy Sathyanarayanan
2022-03-30 22:18 ` [PATCH v2 4/6] x86/tdx: Add TDX Guest event notify interrupt vector support Kuppuswamy Sathyanarayanan
2022-03-30 22:18 ` [PATCH v2 5/6] platform/x86: intel_tdx_attest: Add TDX Guest attestation interface driver Kuppuswamy Sathyanarayanan
2022-04-04 10:07 ` Hans de Goede
2022-04-04 19:56 ` Sathyanarayanan Kuppuswamy
2022-04-11 14:38 ` Hans de Goede
2022-04-04 10:09 ` Hans de Goede
2022-04-04 10:11 ` Hans de Goede
2022-03-30 22:18 ` [PATCH v2 6/6] tools/tdx: Add a sample attestation user app Kuppuswamy Sathyanarayanan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53663f824e7cfb09cb9bbb3dedfcb834f20ec64a.1648664666.git.sathyanarayanan.kuppuswamy@intel.com \
--to=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=ak@linux.intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hdegoede@redhat.com \
--cc=hpa@zytor.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mgross@linux.intel.com \
--cc=mingo@redhat.com \
--cc=platform-driver-x86@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.