Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
x86/tdx: Add Quote generation support
In TDX guest, the second stage in attestation process is to send the TDREPORT to QE/QGS to generate the TD Quote. For platforms that does not support communication channels like vsock or TCP/IP, implement support to get TD Quote using hypercall. GetQuote hypercall can be used by the TD guest to request VMM facilitate the Quote generation via QE/QGS. More details about GetQuote hypercall can be found in TDX Guest-Host Communication Interface (GHCI) for Intel TDX 1.0, section titled "TDG.VP.VMCALL<GetQuote>. Since GetQuote is an asynchronous request hypercall, it will not block till the TD Quote is generated. So VMM uses callback interrupt vector configured by SetupEventNotifyInterrupt hypercall to notify the guest about Quote generation completion or failure. GetQuote TDVMCALL requires TD guest pass a 4K aligned shared buffer with TDREPORT data as input, which is further used by the VMM to copy the TD Quote result after successful Quote generation. To create the shared buffer without breaking the direct map, allocate physically contiguous kernel memory and create a virtual mapping for it using vmap(). set_memory_*crypted_noalias() functions can be used to share or unshare the vmapped page without affecting the direct map. Also note that, shared buffer allocation is currently handled in IOCTL handler, although it will increase the TDX_CMD_GET_QUOTE IOCTL response time, it is negligible compared to the time required for the quote generation completion. So IOCTL performance optimization is not considered at this time. For shared buffer allocation, alternatives like using the DMA API is also considered. Although it simpler to use, it is not preferred because dma_alloc_*() APIs require a valid bus device as argument, which would need converting the attestation driver into a platform device driver. This is unnecessary, and since the attestation driver does not do real DMA, there is no need to use real DMA APIs. Add support for TDX_CMD_GET_QUOTE IOCTL to allow attestation agent submit GetQuote requests from the user space. Since Quote generation is an asynchronous request, IOCTL will block indefinitely for the VMM response in wait_for_completion_interruptible() call. Using this call will also add an option for the user to end the current request prematurely by raising any signals. This can be used by attestation agent to implement Quote generation timeout feature. If attestation agent is aware of time it can validly wait for QE/QGS response, then a possible timeout support can be implemented in the user application using signals. Quote generation timeout feature is currently not implemented in the driver because the current TDX specification does not have any recommendation for it. After submitting the GetQuote request using hypercall, the shared buffer allocated for the current request is owned by the VMM. So, during this wait window, if the user terminates the request by raising a signal or by terminating the application, add a logic to do the memory cleanup after receiving the VMM response at a later time. Such memory cleanup support requires accepting the page again using TDX_ACCEPT_PAGE TDX Module call. So to not overload the callback IRQ handler, move the callback handler logic to a separate work queue. To support parallel GetQuote requests, use linked list to track the active GetQuote requests and upon receiving the callback IRQ, loop through the active requests and mark the processed requests complete. Users can open multiple instances of the attestation device and send GetQuote requests in parallel. Reviewed-by: Tony Luck <tony.luck@intel.com> Reviewed-by: Andi Kleen <ak@linux.intel.com> Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
- Loading branch information