linux/arch/x86
Linus Torvalds 5e2cb28dd7 configfs-tsm for v6.7
- Introduce configfs-tsm as a shared ABI for confidential computing
   attestation reports
 
 - Convert sev-guest to additionally support configfs-tsm alongside its
   vendor specific ioctl()
 
 - Added signed attestation report retrieval to the tdx-guest driver
   forgoing a new vendor specific ioctl()
 
 - Misc. cleanups and a new __free() annotation for kvfree()
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQSbo+XnGs+rwLz9XGXfioYZHlFsZwUCZUQhiQAKCRDfioYZHlFs
 Z2gMAQCJdtP0f2kH+pvf3oxAkA1OubKBqJqWOppeyrhTsNMpDQEA9ljXH9h7eRB/
 2NQ6USrU6jqcdu3gB5Tzq8J/ZZabMQU=
 =1Eiv
 -----END PGP SIGNATURE-----

Merge tag 'tsm-for-6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/linux

Pull unified attestation reporting from Dan Williams:
 "In an ideal world there would be a cross-vendor standard attestation
  report format for confidential guests along with a common device
  definition to act as the transport.

  In the real world the situation ended up with multiple platform
  vendors inventing their own attestation report formats with the
  SEV-SNP implementation being a first mover to define a custom
  sev-guest character device and corresponding ioctl(). Later, this
  configfs-tsm proposal intercepted an attempt to add a tdx-guest
  character device and a corresponding new ioctl(). It also anticipated
  ARM and RISC-V showing up with more chardevs and more ioctls().

  The proposal takes for granted that Linux tolerates the vendor report
  format differentiation until a standard arrives. From talking with
  folks involved, it sounds like that standardization work is unlikely
  to resolve anytime soon. It also takes the position that kernfs ABIs
  are easier to maintain than ioctl(). The result is a shared configfs
  mechanism to return per-vendor report-blobs with the option to later
  support a standard when that arrives.

  Part of the goal here also is to get the community into the
  "uncomfortable, but beneficial to the long term maintainability of the
  kernel" state of talking to each other about their differentiation and
  opportunities to collaborate. Think of this like the device-driver
  equivalent of the common memory-management infrastructure for
  confidential-computing being built up in KVM.

  As for establishing an "upstream path for cross-vendor
  confidential-computing device driver infrastructure" this is something
  I want to discuss at Plumbers. At present, the multiple vendor
  proposals for assigning devices to confidential computing VMs likely
  needs a new dedicated repository and maintainer team, but that is a
  discussion for v6.8.

  For now, Greg and Thomas have acked this approach and this is passing
  is AMD, Intel, and Google tests.

  Summary:

   - Introduce configfs-tsm as a shared ABI for confidential computing
     attestation reports

   - Convert sev-guest to additionally support configfs-tsm alongside
     its vendor specific ioctl()

   - Added signed attestation report retrieval to the tdx-guest driver
     forgoing a new vendor specific ioctl()

   - Misc cleanups and a new __free() annotation for kvfree()"

* tag 'tsm-for-6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/linux:
  virt: tdx-guest: Add Quote generation support using TSM_REPORTS
  virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT
  mm/slab: Add __free() support for kvfree
  virt: sevguest: Prep for kernel internal get_ext_report()
  configfs-tsm: Introduce a shared ABI for attestation reports
  virt: coco: Add a coco/Makefile and coco/Kconfig
  virt: sevguest: Fix passing a stack buffer as a scatterlist target
2023-11-04 15:58:13 -10:00
..
boot * Refactor and clean up TDX hypercall/module call infrastructure 2023-11-01 10:28:32 -10:00
coco configfs-tsm for v6.7 2023-11-04 15:58:13 -10:00
configs hardening updates for v6.7-rc1 2023-10-30 19:09:55 -10:00
crypto crypto: x86/nhpoly1305 - implement ->digest 2023-10-20 13:39:25 +08:00
entry Kbuild updates for v6.7 2023-11-04 08:07:19 -10:00
events X86 core code updates: 2023-10-30 17:37:47 -10:00
hyperv * Refactor and clean up TDX hypercall/module call infrastructure 2023-11-01 10:28:32 -10:00
ia32
include configfs-tsm for v6.7 2023-11-04 15:58:13 -10:00
kernel Major microcode loader restructuring, cleanup and improvements by Thomas 2023-11-04 08:46:37 -10:00
kvm Many singleton patches against the MM code. The patch series which are 2023-11-02 19:38:47 -10:00
lib x86 assembly code improvements for v6.7 are: 2023-10-30 14:18:00 -10:00
math-emu
mm Many singleton patches against the MM code. The patch series which are 2023-11-02 19:38:47 -10:00
net bpf: Disable exceptions when CONFIG_UNWINDER_FRAME_POINTER=y 2023-09-19 02:07:36 -07:00
pci x86/PCI: Avoid PME from D3hot/D3cold for AMD Rembrandt and Phoenix USB4 2023-10-06 09:09:47 -05:00
platform x86/platform/uv: Annotate struct uv_rtc_timer_head with __counted_by 2023-09-24 12:02:58 +02:00
power
purgatory x86/purgatory: Remove LTO flags 2023-09-17 09:49:03 +02:00
ras
realmode
tools
um UML: remove unused cmd_vdso_install 2023-10-18 17:16:09 +09:00
video fbdev: Replace fb_pgprotect() with pgprot_framebuffer() 2023-10-12 09:20:46 +02:00
virt x86/virt/tdx: Make TDX_MODULE_CALL handle SEAMCALL #UD and #GP 2023-09-12 16:30:27 -07:00
xen X86 core code updates: 2023-10-30 17:37:47 -10:00
.gitignore
Kbuild
Kconfig Major microcode loader restructuring, cleanup and improvements by Thomas 2023-11-04 08:46:37 -10:00
Kconfig.assembler x86/shstk: Add Kconfig option for shadow stack 2023-07-11 14:12:18 -07:00
Kconfig.cpu
Kconfig.debug
Makefile Kbuild updates for v6.7 2023-11-04 08:07:19 -10:00
Makefile_32.cpu
Makefile.postlink kbuild: remove ARCH_POSTLINK from module builds 2023-10-28 21:10:08 +09:00
Makefile.um