From: James Bottomley <jejb@linux.ibm.com>
To: linux-coco@lists.linux.dev
Subject: [RFC 0/3] Enlightened vTPM support for SVSM on SEV-SNP
Date: Tue, 03 Jan 2023 16:01:33 -0500 [thread overview]
Message-ID: <acb06bc7f329dfee21afa1b2ff080fe29b799021.camel@linux.ibm.com> (raw)
This is a sketch for how a fully enlightened vTPM driver would work.
The idea is that the SVSM responds on function 8 to vTPM requests, so
we use that to send down a buffer which is modified on return (the
buffer must be big enough, so the agreed protocol is it should be a
page in length, which is larger than any possible TPM command or
response). The protocol used is the MSSIM one which is self describing
in terms of length, so there's no need to transmit sizes (it also
leaves room for expansion to localities and cancellation, which is
useful in the light of discussions). A NULL in place of the buffer is
a probe and the SVSM call simply returns SVSM_SUCCESS without doing
anything. This can be used to probe for vTPM support because any other
return would indicate no vTPM present.
Hopefully IBM will publish the new svsm-vtpm repo shortly, but we're
still working with the old CRB based one at the moment, so it may take
some time.
The three following patches are for two different repos. Patch 1 will
apply to any upstream Linux kernel, Patch 2 requires the non-upstream
sev-snp repo and patch 3 is against the non upstream sev-snp edk repo.
James
next reply other threads:[~2023-01-03 21:01 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-03 21:01 James Bottomley [this message]
2023-01-03 21:02 ` [RFC 1/3] tpm: add generic platform device James Bottomley
2023-01-05 8:08 ` Dov Murik
2023-01-05 12:28 ` James Bottomley
2023-01-03 21:04 ` [RFC 2/2] x86/sev: add a SVSM vTPM " James Bottomley
2023-01-03 21:05 ` [RFC 3/3] edk2: Add SVSM based vTPM James Bottomley
2023-01-04 22:44 ` [RFC 0/3] Enlightened vTPM support for SVSM on SEV-SNP Tom Lendacky
2023-01-04 22:59 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=acb06bc7f329dfee21afa1b2ff080fe29b799021.camel@linux.ibm.com \
--to=jejb@linux.ibm.com \
--cc=linux-coco@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).