Commit ae5ec8ad authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'tsm-for-6.16' of git://git.kernel.org/pub/scm/linux/kernel/git/devsec/tsm 

Pull trusted security manager (TSM) updates from Dan Williams:

 - Add a general sysfs scheme for publishing "Measurement" values
   provided by the architecture's TEE Security Manager. Use it to
   publish TDX "Runtime Measurement Registers" ("RTMRs") that either
   maintain a hash of stored values (similar to a TPM PCR) or provide
   statically provisioned data. These measurements are validated by a
   relying party.

 - Reorganize the drivers/virt/coco/ directory for "host" and "guest"
   shared infrastructure.

 - Fix a configfs-tsm-report unregister bug

 - With CONFIG_TSM_MEASUREMENTS joining CONFIG_TSM_REPORTS and in
   anticipation of more shared "TSM" infrastructure arriving, rename the
   maintainer entry to "TRUSTED SECURITY MODULE (TSM) INFRASTRUCTURE".

* tag 'tsm-for-6.16' of git://git.kernel.org/pub/scm/linux/kernel/git/devsec/tsm:
  tsm-mr: Fix init breakage after bin_attrs constification by scoping non-const pointers to init phase
  sample/tsm-mr: Fix missing static for sample_report
  virt: tdx-guest: Transition to scoped_cond_guard for mutex operations
  virt: tdx-guest: Refactor and streamline TDREPORT generation
  virt: tdx-guest: Expose TDX MRs as sysfs attributes
  x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error
  x86/tdx: Add tdx_mcall_extend_rtmr() interface
  tsm-mr: Add tsm-mr sample code
  tsm-mr: Add TVM Measurement Register support
  configfs-tsm-report: Fix NULL dereference of tsm_ops
  coco/guest: Move shared guest CC infrastructure to drivers/virt/coco/guest/
  configfs-tsm: Namespace TSM report symbols
parents bbd9c366 9d948b88

Documentation/ABI/testing/sysfs-devices-virtual-misc-tdx_guest

0 → 100644
+63 −0
Original line number Diff line number Diff line 
What:		/sys/devices/virtual/misc/tdx_guest/measurements/MRNAME[:HASH]

Date:		April, 2025

KernelVersion:	v6.16

Contact:	linux-coco@lists.linux.dev

Description:

		Value of a TDX measurement register (MR). MRNAME and HASH above

		are placeholders. The optional suffix :HASH is used for MRs

		that have associated hash algorithms. See below for a complete

		list of TDX MRs exposed via sysfs. Refer to Intel TDX Module

		ABI Specification for the definition of TDREPORT and the full

		list of TDX measurements.



		Intel TDX Module ABI Specification can be found at:

		https://www.intel.com/content/www/us/en/developer/tools/trust-domain-extensions/documentation.html#architecture



		See also:

		https://docs.kernel.org/driver-api/coco/measurement-registers.html



What:		/sys/devices/virtual/misc/tdx_guest/measurements/mrconfigid

Date:		April, 2025

KernelVersion:	v6.16

Contact:	linux-coco@lists.linux.dev

Description:

		(RO) MRCONFIGID - 48-byte immutable storage typically used for

		software-defined ID for non-owner-defined configuration of the

		guest TD – e.g., run-time or OS configuration.



What:		/sys/devices/virtual/misc/tdx_guest/measurements/mrowner

Date:		April, 2025

KernelVersion:	v6.16

Contact:	linux-coco@lists.linux.dev

Description:

		(RO) MROWNER - 48-byte immutable storage typically used for

		software-defined ID for the guest TD’s owner.



What:		/sys/devices/virtual/misc/tdx_guest/measurements/mrownerconfig

Date:		April, 2025

KernelVersion:	v6.16

Contact:	linux-coco@lists.linux.dev

Description:

		(RO) MROWNERCONFIG - 48-byte immutable storage typically used

		for software-defined ID for owner-defined configuration of the

		guest TD – e.g., specific to the workload rather than the

		run-time or OS.



What:		/sys/devices/virtual/misc/tdx_guest/measurements/mrtd:sha384

Date:		April, 2025

KernelVersion:	v6.16

Contact:	linux-coco@lists.linux.dev

Description:

		(RO) MRTD - Measurement of the initial contents of the TD.



What:		/sys/devices/virtual/misc/tdx_guest/measurements/rtmr[0123]:sha384

Date:		April, 2025

KernelVersion:	v6.16

Contact:	linux-coco@lists.linux.dev

Description:

		(RW) RTMR[0123] - 4 Run-Time extendable Measurement Registers.

		Read from any of these returns the current value of the

		corresponding RTMR. Write extends the written buffer to the

		RTMR. All writes must start at offset 0 and be 48 bytes in

		size. Partial writes will result in EINVAL returned by the

		write() syscall.

Documentation/driver-api/coco/index.rst

0 → 100644
+12 −0
Original line number Diff line number Diff line 
.. SPDX-License-Identifier: GPL-2.0



======================

Confidential Computing

======================



.. toctree::

   :maxdepth: 1



   measurement-registers



.. only::  subproject and html

Documentation/driver-api/coco/measurement-registers.rst

0 → 100644
+12 −0
Original line number Diff line number Diff line 
.. SPDX-License-Identifier: GPL-2.0

.. include:: <isonum.txt>



=====================

Measurement Registers

=====================



.. kernel-doc:: include/linux/tsm-mr.h

   :internal:



.. kernel-doc:: drivers/virt/coco/guest/tsm-mr.c

   :export:

Documentation/driver-api/index.rst

+1 −0
Original line number Diff line number Diff line
@@ -81,6 +81,7 @@ Subsystem-specific APIs 
   acpi/index

   backlight/lp855x-driver.rst

   clk

   coco/index

   console

   crypto/index

   dmaengine/index