Re: [PATCH v8 0/5] Add TDX Guest Attestation support

[Sathyanarayanan Kuppuswamy]

Hi,

On 6/24/22 11:24 AM, Dave Hansen wrote:
> On 6/8/22 19:52, Kuppuswamy Sathyanarayanan wrote:
>> Following patches add the attestation support to TDX guest which
>> includes attestation user interface driver and related hypercall support.
> 
> This is also the place where you lay out the roadmap:
> 
> 	1. Get a report
> 	2. Get a quote
> 	 2a. Interrupt support because quotes take a long time
> 	 2b. Actual quote module calls and ABI
> 
> Right?  That seems worth a few sentences in the cover letter.

Ok. I will update the cover letter with brief introduction to
changes involved.

How about following?

In TDX guest, attestation process generally involves the following steps:

1. Get the TDREPORT using user specified REPORTDATA. This is implemented
   using TDG.MR.TDREPORT Module call. An IOCTL interface is added to let
   userspace get the TDREPORT data  (implemented in patch #1).
   
2. Using the TDREPORT data, generate a remotely verifiable signed Quote.
   Quote can be generated either using GetQuote hypercall or by communicating
   with VMM/Quoting Enclave(QE) using VSOCK. In this patch set, only the
   GetQuote hypercall model is supported. Since Quote generation is an
   asynchronous request, and takes more time, we let VMM notify the TDX Guest
   using the callback interrupt. Patch # 2-5 implements Quote generation support,
   in which Patch # 2 implements the callback interrupt support.

-- 
Sathyanarayanan Kuppuswamy
Linux Kernel Developer