[PATCH 0/4] keys: Introduce a keys frontend for attestation reports

From: Dan Williams
Date: Fri Jul 28 2023 - 15:31:05 EST

Next message: Dan Williams: "[PATCH 1/4] keys: Introduce tsm keys"
Previous message: Mario Limonciello: "[PATCH v2] ACPI: resource: Add a quirk for Lenovo Yoga 7 14ARB7"
Next in thread: Dan Williams: "[PATCH 1/4] keys: Introduce tsm keys"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The bulk of the justification for this patch kit is in "[PATCH 1/4]
keys: Introduce tsm keys". The short summary is that the current
approach of adding new char devs and new ioctls, for what amounts to the
same functionality with minor formatting differences across vendors, is
untenable. Common concepts and the community benefit from common
infrastructure.

Use Keys to build common infrastructure for confidential computing
attestation report blobs, convert sevguest to use it (leaving the
deprecation question alone for now), and pave the way for tdx-guest and
the eventual risc-v equivalent to use it in lieu of new ioctls.

The sevguest conversion is only compile-tested.

This submission is To:David since he needs to sign-off on the idea of a
new Keys type, the rest is up to the confidential-computing driver
maintainers to adopt.

Changes from / credit for internal review:
- highlight copy_{to,from}_sockptr() as a common way to mix
copy_user() and memcpy() paths (Andy)
- add MODULE_DESCRIPTION() (Andy)
- clarify how the user-defined portion blob might be used (Elena)
- clarify the key instantiation options (Sathya)
- drop usage of a list for registering providers (Sathya)
- drop list.h include from tsm.h (Andy)
- add a comment for how TSM_DATA_MAX was derived (Andy)
- stop open coding kmemdup_nul() (Andy)
- add types.h to tsm.h (Andy)
- fix punctuation in comment (Andy)
- reorder security/keys/Makefile (Andy)
- add some missing includes to tsm.c (Andy)
- undo an 81 column clang-format line break (Andy)
- manually reflow tsm_token indentation (Andy)
- move allocations after input validation in tsm_instantiate() (Andy)
- switch to bin2hex() in tsm_read() (Andy)
- move init/exit declarations next to their functions (Andy)

---

Dan Williams (4):
keys: Introduce tsm keys
virt: sevguest: Prep for kernel internal {get,get_ext}_report()
mm/slab: Add __free() support for kvfree
virt: sevguest: Add TSM key support for SNP_{GET,GET_EXT}_REPORT

drivers/virt/coco/sev-guest/Kconfig | 2
drivers/virt/coco/sev-guest/sev-guest.c | 135 ++++++++++++++-
include/keys/tsm.h | 71 ++++++++
include/linux/slab.h | 2
security/keys/Kconfig | 12 +
security/keys/Makefile | 1
security/keys/tsm.c | 282 +++++++++++++++++++++++++++++++
7 files changed, 494 insertions(+), 11 deletions(-)
create mode 100644 include/keys/tsm.h
create mode 100644 security/keys/tsm.c

base-commit: 06c2afb862f9da8dc5efa4b6076a0e48c3fbaaa5

Next message: Dan Williams: "[PATCH 1/4] keys: Introduce tsm keys"
Previous message: Mario Limonciello: "[PATCH v2] ACPI: resource: Add a quirk for Lenovo Yoga 7 14ARB7"
Next in thread: Dan Williams: "[PATCH 1/4] keys: Introduce tsm keys"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]