Documentation/ABI/testing/configfs-tsm-report at master

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / Documentation / ABI / testing / configfs-tsm-report
at master 161 lines 6.3 kB view raw
wrap content
  1What:		/sys/kernel/config/tsm/report/$name/inblob
  2Date:		September, 2023
  3KernelVersion:	v6.7
  4Contact:	linux-coco@lists.linux.dev
  5Description:
  6		(WO) Up to 64 bytes of user specified binary data. For replay
  7		protection this should include a nonce, but the kernel does not
  8		place any restrictions on the content.
  9
 10What:		/sys/kernel/config/tsm/report/$name/outblob
 11Date:		September, 2023
 12KernelVersion:	v6.7
 13Contact:	linux-coco@lists.linux.dev
 14Description:
 15		(RO) Binary attestation report generated from @inblob and other
 16		options The format of the report is implementation specific
 17		where the implementation is conveyed via the @provider
 18		attribute.
 19
 20		This interface fails reads and sets errno to EFBIG when the
 21		report generated by @provider exceeds the configfs-tsm-report
 22		internal maximums. Contact the platform provider for the
 23		compatible security module, driver, and attestation library
 24		combination.
 25
 26What:		/sys/kernel/config/tsm/report/$name/auxblob
 27Date:		October, 2023
 28KernelVersion:	v6.7
 29Contact:	linux-coco@lists.linux.dev
 30Description:
 31		(RO) Optional supplemental data that a TSM may emit, visibility
 32		of this attribute depends on TSM, and may be empty if no
 33		auxiliary data is available.
 34
 35		When @provider is "sev_guest" this file contains the
 36		"cert_table" from SEV-ES Guest-Hypervisor Communication Block
 37		Standardization v2.03 Section 4.1.8.1 MSG_REPORT_REQ.
 38		https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf
 39
 40		See "EFBIG" comment in the @outblob description for potential
 41		error conditions.
 42
 43What:		/sys/kernel/config/tsm/report/$name/manifestblob
 44Date:		January, 2024
 45KernelVersion:	v6.10
 46Contact:	linux-coco@lists.linux.dev
 47Description:
 48		(RO) Optional supplemental data that a TSM may emit, visibility
 49		of this attribute depends on TSM, and may be empty if no
 50		manifest data is available.
 51
 52		See 'service_provider' for information on the format of the
 53		manifest blob.
 54
 55		See "EFBIG" comment in the @outblob description for potential
 56		error conditions.
 57
 58What:		/sys/kernel/config/tsm/report/$name/provider
 59Date:		September, 2023
 60KernelVersion:	v6.7
 61Contact:	linux-coco@lists.linux.dev
 62Description:
 63		(RO) A name for the format-specification of @outblob like
 64		"sev_guest" [1] or "tdx_guest" [2] in the near term, or a
 65		common standard format in the future.
 66
 67		[1]: SEV Secure Nested Paging Firmware ABI Specification
 68		Revision 1.55 Table 22
 69		https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56860.pdf
 70
 71		[2]: Intel® Trust Domain Extensions Data Center Attestation
 72		Primitives : Quote Generation Library and Quote Verification
 73		Library Revision 0.8 Appendix 4,5
 74		https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf
 75
 76		Intel TDX platforms with DICE-based attestation use CBOR Web Token
 77		(CWT) format for the Quote payload. This is indicated by the Quote
 78		size exceeding 8KB.
 79
 80What:		/sys/kernel/config/tsm/report/$name/generation
 81Date:		September, 2023
 82KernelVersion:	v6.7
 83Contact:	linux-coco@lists.linux.dev
 84Description:
 85		(RO) The value in this attribute increments each time @inblob or
 86		any option is written. Userspace can detect conflicts by
 87		checking generation before writing to any attribute and making
 88		sure the number of writes matches expectations after reading
 89		@outblob, or it can prevent conflicts by creating a report
 90		instance per requesting context.
 91
 92What:		/sys/kernel/config/tsm/report/$name/privlevel
 93Date:		September, 2023
 94KernelVersion:	v6.7
 95Contact:	linux-coco@lists.linux.dev
 96Description:
 97		(WO) Attribute is visible if a TSM implementation provider
 98		supports the concept of attestation reports for TVMs running at
 99		different privilege levels, like SEV-SNP "VMPL", specify the
100		privilege level via this attribute.  The minimum acceptable
101		value is conveyed via @privlevel_floor and the maximum
102		acceptable value is TSM_PRIVLEVEL_MAX (3).
103
104What:		/sys/kernel/config/tsm/report/$name/privlevel_floor
105Date:		September, 2023
106KernelVersion:	v6.7
107Contact:	linux-coco@lists.linux.dev
108Description:
109		(RO) Indicates the minimum permissible value that can be written
110		to @privlevel.
111
112What:		/sys/kernel/config/tsm/report/$name/service_provider
113Date:		January, 2024
114KernelVersion:	v6.10
115Contact:	linux-coco@lists.linux.dev
116Description:
117		(WO) Attribute is visible if a TSM implementation provider
118		supports the concept of attestation reports from a service
119		provider for TVMs, like SEV-SNP running under an SVSM.
120		Specifying the service provider via this attribute will create
121		an attestation report as specified by the service provider.
122		The only currently supported service provider is "svsm".
123
124		For the "svsm" service provider, see the Secure VM Service Module
125		for SEV-SNP Guests v1.00 Section 7. For the doc, search for
126		"site:amd.com "Secure VM Service Module for SEV-SNP
127		Guests", docID: 58019"
128
129What:		/sys/kernel/config/tsm/report/$name/service_guid
130Date:		January, 2024
131KernelVersion:	v6.10
132Contact:	linux-coco@lists.linux.dev
133Description:
134		(WO) Attribute is visible if a TSM implementation provider
135		supports the concept of attestation reports from a service
136		provider for TVMs, like SEV-SNP running under an SVSM.
137		Specifying an empty/null GUID (00000000-0000-0000-0000-000000)
138		requests all active services within the service provider be
139		part of the attestation report. Specifying a GUID request
140		an attestation report of just the specified service using the
141		manifest form specified by the service_manifest_version
142		attribute.
143
144		See 'service_provider' for information on the format of the
145		service guid.
146
147What:		/sys/kernel/config/tsm/report/$name/service_manifest_version
148Date:		January, 2024
149KernelVersion:	v6.10
150Contact:	linux-coco@lists.linux.dev
151Description:
152		(WO) Attribute is visible if a TSM implementation provider
153		supports the concept of attestation reports from a service
154		provider for TVMs, like SEV-SNP running under an SVSM.
155		Indicates the service manifest version requested for the
156		attestation report (default 0). If this field is not set by
157		the user, the default manifest version of the service (the
158		service's initial/first manifest version) is returned.
159
160		See 'service_provider' for information on the format of the
161		service manifest version.
Configure Feed

Configure Feed
