From: Mian Yousaf Kaukab <ykaukab@suse.de>
To: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Peter Zijlstra <peterz@infradead.org>,
Andy Lutomirski <luto@kernel.org>,
Hans de Goede <hdegoede@redhat.com>,
Mark Gross <mgross@linux.intel.com>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Peter H Anvin <hpa@zytor.com>,
Dave Hansen <dave.hansen@intel.com>,
Tony Luck <tony.luck@intel.com>,
Dan Williams <dan.j.williams@intel.com>,
Andi Kleen <ak@linux.intel.com>,
Kirill Shutemov <kirill.shutemov@linux.intel.com>,
Sean Christopherson <seanjc@google.com>,
Kuppuswamy Sathyanarayanan <knsathya@kernel.org>,
x86@kernel.org, linux-kernel@vger.kernel.org,
platform-driver-x86@vger.kernel.org, bpf@vger.kernel.org,
netdev@vger.kernel.org
Subject: Re: [PATCH v2 6/6] tools/tdx: Add a sample attestation user app
Date: Thu, 15 Jul 2021 10:36:35 +0200 [thread overview]
Message-ID: <20210715083635.GA112769@suse.de> (raw)
In-Reply-To: <20210707204249.3046665-7-sathyanarayanan.kuppuswamy@linux.intel.com>
On Wed, Jul 07, 2021 at 01:42:49PM -0700, Kuppuswamy Sathyanarayanan wrote:
> This application uses the misc device /dev/tdx-attest to get TDREPORT
> from the TDX Module or request quote from the VMM.
>
> It tests following attestation features:
>
> - Get report using TDX_CMD_GET_TDREPORT IOCTL.
> - Using report data request quote from VMM using TDX_CMD_GEN_QUOTE IOCTL.
> - Get the quote size using TDX_CMD_GET_QUOTE_SIZE IOCTL.
>
> Reviewed-by: Tony Luck <tony.luck@intel.com>
> Reviewed-by: Andi Kleen <ak@linux.intel.com>
> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
> ---
> tools/Makefile | 13 +-
> tools/tdx/Makefile | 19 +++
> tools/tdx/attest/.gitignore | 2 +
> tools/tdx/attest/Makefile | 24 +++
> tools/tdx/attest/tdx-attest-test.c | 232 +++++++++++++++++++++++++++++
> 5 files changed, 284 insertions(+), 6 deletions(-)
> create mode 100644 tools/tdx/Makefile
> create mode 100644 tools/tdx/attest/.gitignore
> create mode 100644 tools/tdx/attest/Makefile
> create mode 100644 tools/tdx/attest/tdx-attest-test.c
>
> diff --git a/tools/Makefile b/tools/Makefile
> index 7e9d34ddd74c..5d68084511cb 100644
> --- a/tools/Makefile
> +++ b/tools/Makefile
> @@ -30,6 +30,7 @@ help:
> @echo ' selftests - various kernel selftests'
> @echo ' bootconfig - boot config tool'
> @echo ' spi - spi tools'
> + @echo ' tdx - TDX related test tools'
> @echo ' tmon - thermal monitoring and tuning tool'
> @echo ' tracing - misc tracing tools'
> @echo ' turbostat - Intel CPU idle stats and freq reporting tool'
> @@ -65,7 +66,7 @@ acpi: FORCE
> cpupower: FORCE
> $(call descend,power/$@)
>
> -cgroup firewire hv guest bootconfig spi usb virtio vm bpf iio gpio objtool leds wmi pci firmware debugging tracing: FORCE
> +cgroup firewire hv guest bootconfig spi usb virtio vm bpf iio gpio objtool leds wmi pci firmware debugging tracing tdx: FORCE
> $(call descend,$@)
>
> bpf/%: FORCE
> @@ -104,7 +105,7 @@ all: acpi cgroup cpupower gpio hv firewire liblockdep \
> perf selftests bootconfig spi turbostat usb \
> virtio vm bpf x86_energy_perf_policy \
> tmon freefall iio objtool kvm_stat wmi \
> - pci debugging tracing
> + pci debugging tracing tdx
>
> acpi_install:
> $(call descend,power/$(@:_install=),install)
> @@ -112,7 +113,7 @@ acpi_install:
> cpupower_install:
> $(call descend,power/$(@:_install=),install)
>
> -cgroup_install firewire_install gpio_install hv_install iio_install perf_install bootconfig_install spi_install usb_install virtio_install vm_install bpf_install objtool_install wmi_install pci_install debugging_install tracing_install:
> +cgroup_install firewire_install gpio_install hv_install iio_install perf_install bootconfig_install spi_install usb_install virtio_install vm_install bpf_install objtool_install wmi_install pci_install debugging_install tracing_install tdx_install:
> $(call descend,$(@:_install=),install)
>
> liblockdep_install:
> @@ -139,7 +140,7 @@ install: acpi_install cgroup_install cpupower_install gpio_install \
> virtio_install vm_install bpf_install x86_energy_perf_policy_install \
> tmon_install freefall_install objtool_install kvm_stat_install \
> wmi_install pci_install debugging_install intel-speed-select_install \
> - tracing_install
> + tracing_install tdx_install
>
> acpi_clean:
> $(call descend,power/acpi,clean)
> @@ -147,7 +148,7 @@ acpi_clean:
> cpupower_clean:
> $(call descend,power/cpupower,clean)
>
> -cgroup_clean hv_clean firewire_clean bootconfig_clean spi_clean usb_clean virtio_clean vm_clean wmi_clean bpf_clean iio_clean gpio_clean objtool_clean leds_clean pci_clean firmware_clean debugging_clean tracing_clean:
> +cgroup_clean hv_clean firewire_clean bootconfig_clean spi_clean usb_clean virtio_clean vm_clean wmi_clean bpf_clean iio_clean gpio_clean objtool_clean leds_clean pci_clean firmware_clean debugging_clean tracing_clean tdx_clean:
> $(call descend,$(@:_clean=),clean)
>
> liblockdep_clean:
> @@ -186,6 +187,6 @@ clean: acpi_clean cgroup_clean cpupower_clean hv_clean firewire_clean \
> vm_clean bpf_clean iio_clean x86_energy_perf_policy_clean tmon_clean \
> freefall_clean build_clean libbpf_clean libsubcmd_clean liblockdep_clean \
> gpio_clean objtool_clean leds_clean wmi_clean pci_clean firmware_clean debugging_clean \
> - intel-speed-select_clean tracing_clean
> + intel-speed-select_clean tracing_clean tdx_clean
>
> .PHONY: FORCE
> diff --git a/tools/tdx/Makefile b/tools/tdx/Makefile
> new file mode 100644
> index 000000000000..e2564557d463
> --- /dev/null
> +++ b/tools/tdx/Makefile
> @@ -0,0 +1,19 @@
> +# SPDX-License-Identifier: GPL-2.0
> +include ../scripts/Makefile.include
> +
> +all: attest
> +
> +clean: attest_clean
> +
> +install: attest_install
> +
> +attest:
> + $(call descend,attest)
> +
> +attest_install:
> + $(call descend,attest,install)
> +
> +attest_clean:
> + $(call descend,attest,clean)
> +
> +.PHONY: all install clean attest latency_install latency_clean
> diff --git a/tools/tdx/attest/.gitignore b/tools/tdx/attest/.gitignore
> new file mode 100644
> index 000000000000..5f819a8a6c49
> --- /dev/null
> +++ b/tools/tdx/attest/.gitignore
> @@ -0,0 +1,2 @@
> +# SPDX-License-Identifier: GPL-2.0
> +tdx-attest-test
> diff --git a/tools/tdx/attest/Makefile b/tools/tdx/attest/Makefile
> new file mode 100644
> index 000000000000..bf47ba718386
> --- /dev/null
> +++ b/tools/tdx/attest/Makefile
> @@ -0,0 +1,24 @@
> +# SPDX-License-Identifier: GPL-2.0
> +# Makefile for vm tools
> +#
> +VAR_CFLAGS := $(shell pkg-config --cflags libtracefs 2>/dev/null)
> +VAR_LDLIBS := $(shell pkg-config --libs libtracefs 2>/dev/null)
> +
> +TARGETS = tdx-attest-test
> +CFLAGS = -static -Wall -Wextra -g -O2 $(VAR_CFLAGS)
> +LDFLAGS = -lpthread $(VAR_LDLIBS)
> +
> +all: $(TARGETS)
> +
> +%: %.c
> + $(CC) $(CFLAGS) -o $@ $< $(LDFLAGS)
> +
> +clean:
> + $(RM) tdx-attest-test
> +
> +prefix ?= /usr/local
> +sbindir ?= ${prefix}/sbin
> +
> +install: all
> + install -d $(DESTDIR)$(sbindir)
> + install -m 755 -p $(TARGETS) $(DESTDIR)$(sbindir)
> diff --git a/tools/tdx/attest/tdx-attest-test.c b/tools/tdx/attest/tdx-attest-test.c
> new file mode 100644
> index 000000000000..7634ec6a084c
> --- /dev/null
> +++ b/tools/tdx/attest/tdx-attest-test.c
> @@ -0,0 +1,232 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +/*
> + * tdx-attest-test.c - utility to test TDX attestation feature.
> + *
> + * Copyright (C) 2020 - 2021 Intel Corporation. All rights reserved.
> + *
> + * Author: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
> + *
> + */
> +
> +#include <linux/types.h>
> +#include <linux/ioctl.h>
> +#include <sys/ioctl.h>
> +#include <sys/stat.h>
> +#include <sys/types.h>
> +#include <stdio.h>
> +#include <ctype.h>
> +#include <errno.h>
> +#include <fcntl.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <unistd.h>
> +#include <string.h>
> +#include <limits.h>
> +#include <stdbool.h>
> +#include <getopt.h>
> +#include <stdint.h> /* uintmax_t */
> +#include <sys/mman.h>
> +#include <unistd.h> /* sysconf */
> +#include <time.h>
> +
> +#include "../../../include/uapi/misc/tdx.h"
> +
> +#define devname "/dev/tdx-attest"
> +
> +#define HEX_DUMP_SIZE 16
> +#define MAX_ROW_SIZE 70
> +
> +#define ATTESTATION_TEST_BIN_VERSION "0.1"
> +
> +struct tdx_attest_args {
> + bool is_dump_data;
> + bool is_get_tdreport;
> + bool is_get_quote_size;
> + bool is_gen_quote;
> + bool debug_mode;
> + char *out_file;
> +};
> +
> +static void print_hex_dump(const char *title, const char *prefix_str,
> + const void *buf, int len)
> +{
> + const __u8 *ptr = buf;
> + int i, rowsize = HEX_DUMP_SIZE;
> +
> + if (!len || !buf)
> + return;
> +
> + printf("\t\t%s", title);
> +
> + for (i = 0; i < len; i++) {
> + if (!(i % rowsize))
> + printf("\n%s%.8x:", prefix_str, i);
> + printf(" %.2x", ptr[i])
> + }
> +
> + printf("\n");
> +}
> +
> +static void gen_report_data(__u8 *report_data, bool dump_data)
> +{
> + int i;
> +
> + srand(time(NULL));
> +
> + for (i = 0; i < TDX_REPORT_DATA_LEN; i++)
> + report_data[i] = rand();
> +
> + if (dump_data)
> + print_hex_dump("\n\t\tTDX report data\n", " ",
> + report_data, TDX_REPORT_DATA_LEN);
> +}
> +
> +static int get_tdreport(int devfd, bool dump_data, __u8 *report_data)
> +{
> + __u8 tdrdata[TDX_TDREPORT_LEN] = {0};
> + int ret;
> +
> + if (!report_data)
> + report_data = tdrdata;
> +
> + gen_report_data(report_data, dump_data);
> +
> + ret = ioctl(devfd, TDX_CMD_GET_TDREPORT, report_data);
> + if (ret) {
> + printf("TDX_CMD_GET_TDREPORT ioctl() %d failed\n", ret);
> + return -EIO;
> + }
> +
> + if (dump_data)
> + print_hex_dump("\n\t\tTDX tdreport data\n", " ", report_data,
> + TDX_TDREPORT_LEN);
> +
> + return 0;
> +}
> +
> +static __u64 get_quote_size(int devfd)
> +{
> + int ret;
> + __u64 quote_size;
> +
> + ret = ioctl(devfd, TDX_CMD_GET_QUOTE_SIZE, "e_size);
> + if (ret) {
> + printf("TDX_CMD_GET_QUOTE_SIZE ioctl() %d failed\n", ret);
> + return -EIO;
> + }
> +
> + printf("Quote size: %lld\n", quote_size);
> +
> + return quote_size;
> +}
> +
> +static int gen_quote(int devfd, bool dump_data)
> +{
> + __u8 *quote_data;
> + __u64 quote_size;
> + int ret;
> +
> + quote_size = get_quote_size(devfd);
> +
> + quote_data = malloc(sizeof(char) * quote_size);
> + if (!quote_data) {
> + printf("%s queue data alloc failed\n", devname);
> + return -ENOMEM;
> + }
> +
> + ret = get_tdreport(devfd, dump_data, quote_data);
In tdg_attest_ioctl() TDX_CMD_GEN_QUOTE case is calling
tdx_mcall_tdreport() same as TDX_CMD_GET_TDREPORT case. Then what is
the point of calling get_tdreport() here? Do you mean to call
gen_report_data()?
> + if (ret) {
> + printf("TDX_CMD_GET_TDREPORT ioctl() %d failed\n", ret);
> + goto done;
> + }
> +
> + ret = ioctl(devfd, TDX_CMD_GEN_QUOTE, quote_data);
> + if (ret) {
> + printf("TDX_CMD_GEN_QUOTE ioctl() %d failed\n", ret);
> + goto done;
> + }
> +
> + print_hex_dump("\n\t\tTDX Quote MMIO data\n", " ", quote_data,
> + quote_size);
> +
> +done:
> + free(quote_data);
> +
> + return ret;
> +}
> +
> +static void usage(void)
> +{
> + puts("\nUsage:\n");
> + puts("tdx_attest [options] \n");
> +
> + puts("Attestation device test utility.");
> +
> + puts("\nOptions:\n");
> + puts(" -d, --dump Dump tdreport/tdquote data");
> + puts(" -r, --get-tdreport Get TDREPORT data");
> + puts(" -g, --gen-quote Generate TDQUOTE");
> + puts(" -s, --get-quote-size Get TDQUOTE size");
> +}
> +
> +int main(int argc, char **argv)
> +{
> + int ret, devfd;
> + struct tdx_attest_args args = {0};
> +
> + static const struct option longopts[] = {
> + { "dump", no_argument, NULL, 'd' },
> + { "get-tdreport", required_argument, NULL, 'r' },
> + { "gen-quote", required_argument, NULL, 'g' },
> + { "gen-quote-size", required_argument, NULL, 's' },
> + { "version", no_argument, NULL, 'V' },
> + { NULL, 0, NULL, 0 }
> + };
> +
> + while ((ret = getopt_long(argc, argv, "hdrgsV", longopts,
> + NULL)) != -1) {
> + switch (ret) {
> + case 'd':
> + args.is_dump_data = true;
> + break;
> + case 'r':
> + args.is_get_tdreport = true;
> + break;
> + case 'g':
> + args.is_gen_quote = true;
> + break;
> + case 's':
> + args.is_get_quote_size = true;
> + break;
> + case 'h':
> + usage();
> + return 0;
> + case 'V':
> + printf("Version: %s\n", ATTESTATION_TEST_BIN_VERSION);
> + return 0;
> + default:
> + printf("Invalid options\n");
> + usage();
> + return -EINVAL;
> + }
> + }
> +
> + devfd = open(devname, O_RDWR | O_SYNC);
> + if (devfd < 0) {
> + printf("%s open() failed\n", devname);
> + return -ENODEV;
> + }
> +
> + if (args.is_get_quote_size)
> + get_quote_size(devfd);
> +
> + if (args.is_get_tdreport)
> + get_tdreport(devfd, args.is_dump_data, NULL);
> +
> + if (args.is_gen_quote)
> + gen_quote(devfd, args.is_dump_data);
> +
> + close(devfd);
> +
> + return 0;
> +}
> --
> 2.25.1
BR,
Yousaf
next prev parent reply other threads:[~2021-07-15 8:36 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-07 20:42 [PATCH v2 0/6] Add TDX Guest Support (Attestation support) Kuppuswamy Sathyanarayanan
2021-07-07 20:42 ` [PATCH v2 1/6] x86/tdx: Add TDREPORT TDX Module call support Kuppuswamy Sathyanarayanan
2021-07-08 8:16 ` Xiaoyao Li
2021-07-08 14:07 ` Kuppuswamy, Sathyanarayanan
2021-07-08 14:20 ` Hans de Goede
2021-07-08 17:06 ` Kuppuswamy, Sathyanarayanan
2021-07-07 20:42 ` [PATCH v2 2/6] x86/tdx: Add GetQuote TDX hypercall support Kuppuswamy Sathyanarayanan
2021-07-07 20:42 ` [PATCH v2 3/6] x86/tdx: Add SetupEventNotifyInterrupt " Kuppuswamy Sathyanarayanan
2021-07-07 20:42 ` [PATCH v2 4/6] x86/tdx: Add TDX Guest event notify interrupt vector support Kuppuswamy Sathyanarayanan
2021-07-07 20:42 ` [PATCH v2 5/6] platform/x86: intel_tdx_attest: Add TDX Guest attestation interface driver Kuppuswamy Sathyanarayanan
2021-07-08 22:21 ` Andy Lutomirski
2021-07-08 22:35 ` Dave Hansen
2021-07-09 0:38 ` Andi Kleen
2021-07-13 0:33 ` Kuppuswamy, Sathyanarayanan
2021-07-13 0:44 ` Dave Hansen
2021-07-08 23:34 ` Kuppuswamy, Sathyanarayanan
2021-07-08 23:36 ` Dan Williams
2021-07-08 23:57 ` Kuppuswamy, Sathyanarayanan
2021-07-09 0:20 ` Dan Williams
2021-07-09 0:36 ` Andi Kleen
2021-07-09 1:37 ` Dan Williams
2021-07-09 1:44 ` Andi Kleen
2021-07-09 2:04 ` Dan Williams
2021-07-09 2:43 ` Kuppuswamy, Sathyanarayanan
2021-07-07 20:42 ` [PATCH v2 6/6] tools/tdx: Add a sample attestation user app Kuppuswamy Sathyanarayanan
2021-07-15 8:36 ` Mian Yousaf Kaukab [this message]
2021-07-15 15:19 ` Kuppuswamy, Sathyanarayanan
2022-03-30 22:17 [PATCH v2 0/6] Add TDX Guest Attestation support Kuppuswamy Sathyanarayanan
2022-03-30 22:18 ` [PATCH v2 6/6] tools/tdx: Add a sample attestation user app Kuppuswamy Sathyanarayanan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210715083635.GA112769@suse.de \
--to=ykaukab@suse.de \
--cc=ak@linux.intel.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bp@alien8.de \
--cc=bpf@vger.kernel.org \
--cc=dan.j.williams@intel.com \
--cc=daniel@iogearbox.net \
--cc=dave.hansen@intel.com \
--cc=hdegoede@redhat.com \
--cc=hpa@zytor.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=knsathya@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mgross@linux.intel.com \
--cc=mingo@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=platform-driver-x86@vger.kernel.org \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.