Commit 43185067 authored by Kuppuswamy Sathyanarayanan's avatar Kuppuswamy Sathyanarayanan Committed by Dan Williams
Browse files

configfs-tsm-report: tdx_guest: Increase Quote buffer size to 128KB 



Intel platforms are transitioning from traditional SGX-based
attestation toward DICE-based attestation as part of a broader move
toward open and standardized attestation models. DICE enables layered
and extensible attestation, where evidence is accumulated across
multiple boot stages.

With SGX-based attestation, Quote sizes are typically under 8KB, as the
payload consists primarily of Quote data and a small certificate bundle.
Existing TDX guest code sizes the Quote buffer accordingly.

DICE-based attestation produces significantly larger Quotes due to the
inclusion of evidence (certificate chains) from multiple boot layers.
The cumulative Quote size can reach approximately 100KB.

Increase GET_QUOTE_BUF_SIZE to 128KB to ensure sufficient buffer
capacity for DICE-based Quote payloads.

Reviewed-by: default avatarFang Peter <peter.fang@intel.com>
Signed-off-by: default avatarKuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Link: https://patch.msgid.link/20260211001712.1531955-4-sathyanarayanan.kuppuswamy@linux.intel.com


Signed-off-by: default avatarDan Williams <dan.j.williams@intel.com>
parent 9342bf3d

Documentation/ABI/testing/configfs-tsm-report

+4 −0
Original line number Diff line number Diff line
@@ -73,6 +73,10 @@ Description: 
		Library Revision 0.8 Appendix 4,5

		https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf



		Intel TDX platforms with DICE-based attestation use CBOR Web Token

		(CWT) format for the Quote payload. This is indicated by the Quote

		size exceeding 8KB.



What:		/sys/kernel/config/tsm/report/$name/generation

Date:		September, 2023

KernelVersion:	v6.7

drivers/virt/coco/tdx-guest/tdx-guest.c

+3 −1
Original line number Diff line number Diff line
@@ -160,8 +160,10 @@ static void tdx_mr_deinit(const struct attribute_group *mr_grp) 
/*

 * Intel's SGX QE implementation generally uses Quote size less

 * than 8K (2K Quote data + ~5K of certificate blob).

 * DICE-based attestation uses layered evidence that requires

 * larger Quote size (~100K).

 */

#define GET_QUOTE_BUF_SIZE		SZ_8K

#define GET_QUOTE_BUF_SIZE		SZ_128K



#define GET_QUOTE_CMD_VER		1