Re: [PATCH 08/11] x86/sev: Provide guest VMPL level to userspace

From: Dionna Amalie Glaze
Date: Fri Jan 26 2024 - 20:06:58 EST

Next message: Dionna Amalie Glaze: "Re: [PATCH 10/11] x86/sev: Extend the config-fs attestation support for an SVSM"
Previous message: Dionna Amalie Glaze: "Re: [PATCH 05/11] x86/sev: Perform PVALIDATE using the SVSM when not at VMPL0"
In reply to: Tom Lendacky: "[PATCH 08/11] x86/sev: Provide guest VMPL level to userspace"
Next in thread: Tom Lendacky: "Re: [PATCH 08/11] x86/sev: Provide guest VMPL level to userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 26, 2024 at 2:19 PM Tom Lendacky <thomas.lendacky@xxxxxxx> wrote:
>
> Requesting an attestation report from userspace involves providing the
> VMPL level for the report. Currently any value from 0-3 is valid because
> Linux enforces running at VMPL0.
>
> When an SVSM is present, though, Linux will not be running at VMPL0 and
> only VMPL values starting at the VMPL level Linux is running at to 3 are
> valid. In order to allow userspace to determine the minimum VMPL value
> that can be supplied to an attestation report, create a sysfs entry that
> can be used to retrieve the current VMPL level of Linux.

Is this not the intended meaning of privlevel_floor in
/sys/kernel/config/tsm/report/$report0/privlevel_floor?

>
> Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx>
> ---
> arch/x86/kernel/sev.c | 37 +++++++++++++++++++++++++++++++++++++
> 1 file changed, 37 insertions(+)
>
> diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c
> index 121a9bad86c9..9844c772099c 100644
> --- a/arch/x86/kernel/sev.c
> +++ b/arch/x86/kernel/sev.c
> @@ -2479,3 +2479,40 @@ void __init snp_remap_svsm_ca(void)
> /* Update the CAA to a proper kernel address */
> boot_svsm_caa = &boot_svsm_ca_page;
> }
> +
> +static ssize_t vmpl_show(struct kobject *kobj,
> + struct kobj_attribute *attr, char *buf)
> +{
> + return sysfs_emit(buf, "%d\n", vmpl);
> +}
> +
> +static struct kobj_attribute vmpl_attr = __ATTR_RO(vmpl);
> +
> +static struct attribute *vmpl_attrs[] = {
> + &vmpl_attr.attr,
> + NULL
> +};
> +
> +static struct attribute_group sev_attr_group = {
> + .attrs = vmpl_attrs,
> +};
> +
> +static int __init sev_sysfs_init(void)
> +{
> + struct kobject *sev_kobj;
> + int ret;
> +
> + if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP))
> + return -ENODEV;
> +
> + sev_kobj = kobject_create_and_add("sev", kernel_kobj);
> + if (!sev_kobj)
> + return -ENOMEM;
> +
> + ret = sysfs_create_group(sev_kobj, &sev_attr_group);
> + if (ret)
> + kobject_put(sev_kobj);
> +
> + return ret;
> +}
> +arch_initcall(sev_sysfs_init);
> --
> 2.42.0
>
>

--
-Dionna Glaze, PhD (she/her)

Next message: Dionna Amalie Glaze: "Re: [PATCH 10/11] x86/sev: Extend the config-fs attestation support for an SVSM"
Previous message: Dionna Amalie Glaze: "Re: [PATCH 05/11] x86/sev: Perform PVALIDATE using the SVSM when not at VMPL0"
In reply to: Tom Lendacky: "[PATCH 08/11] x86/sev: Provide guest VMPL level to userspace"
Next in thread: Tom Lendacky: "Re: [PATCH 08/11] x86/sev: Provide guest VMPL level to userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]