Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v7.0-rc7 2026-02-15T18:20:37+00:00 2026-02-15T18:20:37+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-15T18:20:37+00:00 urn:sha1:c4f414becb6ac9c71ea80dd8b28478d357c62bb7 Pull TSM updates from Dan Williams: "A couple of updates to the maximum buffer sizes supported for the configfs-tsm-reports interface. This interface is a common transport that conveys the varied architecture specific launch attestation reports for confidential VMs. - Prepare the configfs-tsm-reports interface for passing larger attestation evidence blobs for "Device Identifier Composition Engine" (DICE) and Post Quantum Crypto (PQC) - Update the tdx-guest driver for DICE evidence (larger certificate chains and the CBOR Web Token schema)" * tag 'tsm-for-7.0' of git://git.kernel.org/pub/scm/linux/kernel/git/devsec/tsm: configfs-tsm-report: tdx_guest: Increase Quote buffer size to 128KB configfs-tsm-report: Increase TSM_REPORT_OUTBLOB_MAX to 16MB configfs-tsm-report: Document size limits for outblob attributes 2026-02-11T02:21:21+00:00 Kuppuswamy Sathyanarayanan sathyanarayanan.kuppuswamy@linux.intel.com 2026-02-11T00:17:11+00:00 urn:sha1:9342bf3d670b1b3d3cfc77a9dc1cd0d6574e5cc6 Confidential Computing (CoCo) attestation is evolving toward standardized models such as DICE (Device Identifier Composition Engine) and Post-Quantum Cryptography (PQC), which rely on layered certificate chains and larger cryptographic signatures. A typical PQC certificate can range from 5KB to 15KB, and DICE-based architectures accumulate these certificates across multiple boot stages. In such configurations, the total attestation evidence can reach several megabytes, exceeding the current 32KB limit. Increase TSM_REPORT_OUTBLOB_MAX to 16MB to accommodate these larger certificate chains. This provides sufficient headroom to handle evolving requirements without requiring frequent updates to the limit. TSM_REPORT_OUTBLOB_MAX is used by the configfs read interface to cap the maximum allowed binary blob size for outblob, auxblob and manifestblob attributes. Hence, the per-open-file worst case memory allocation increases from 32KB to 16MB. Multiple concurrent readers multiply this cost (e.g., N readers of an M-byte blob incur NxM bytes of vmalloc-backed memory). However, allocations are performed on demand and remain proportional to the actual blob length, not the configured maximum. Reviewed-by: Fang Peter <peter.fang@intel.com> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> Link: https://patch.msgid.link/20260211001712.1531955-3-sathyanarayanan.kuppuswamy@linux.intel.com Signed-off-by: Dan Williams <dan.j.williams@intel.com> 2026-01-23T01:46:44+00:00 Dan Williams dan.j.williams@intel.com 2026-01-23T00:35:56+00:00 urn:sha1:731bb3118f859d2a68444a9ae580681522d32bc0 The proposed ABI failed to account for multiple host bridges with the same stream name. The fix needs to namespace streams or otherwise link back to the host bridge, but a change like that is too big for a fix. Given this ABI never saw a released kernel, delete it for now and bring it back later with this issue addressed. Reported-by: Xu Yilun <yilun.xu@linux.intel.com> Reported-by: Yi Lai <yi1.lai@intel.com> Closes: http://lore.kernel.org/20251223085601.2607455-1-yilun.xu@linux.intel.com Link: http://patch.msgid.link/6972c872acbb9_1d3310035@dwillia2-mobl4.notmuch Signed-off-by: Dan Williams <dan.j.williams@intel.com> 2025-11-04T03:27:41+00:00 Dan Williams dan.j.williams@intel.com 2025-10-31T21:29:01+00:00 urn:sha1:a4438f06b1db15ce3d831ce82b8767665638aa2a Given that the platform TSM owns IDE Stream ID allocation, report the active streams via the TSM class device. Establish a symlink from the class device to the PCI endpoint device consuming the stream, named by the Stream ID. Acked-by: Bjorn Helgaas <bhelgaas@google.com> Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com> Reviewed-by: Alexey Kardashevskiy <aik@amd.com> Link: https://patch.msgid.link/20251031212902.2256310-10-dan.j.williams@intel.com Signed-off-by: Dan Williams <dan.j.williams@intel.com> 2025-11-04T03:27:41+00:00 Dan Williams dan.j.williams@intel.com 2025-10-31T21:28:56+00:00 urn:sha1:3225f52cde56f46789a4972d3c54df8a4d75f022 The PCIe 7.0 specification, section 11, defines the Trusted Execution Environment (TEE) Device Interface Security Protocol (TDISP). This protocol definition builds upon Component Measurement and Authentication (CMA), and link Integrity and Data Encryption (IDE). It adds support for assigning devices (PCI physical or virtual function) to a confidential VM such that the assigned device is enabled to access guest private memory protected by technologies like Intel TDX, AMD SEV-SNP, RISCV COVE, or ARM CCA. The "TSM" (TEE Security Manager) is a concept in the TDISP specification of an agent that mediates between a "DSM" (Device Security Manager) and system software in both a VMM and a confidential VM. A VMM uses TSM ABIs to setup link security and assign devices. A confidential VM uses TSM ABIs to transition an assigned device into the TDISP "RUN" state and validate its configuration. From a Linux perspective the TSM abstracts many of the details of TDISP, IDE, and CMA. Some of those details leak through at times, but for the most part TDISP is an internal implementation detail of the TSM. CONFIG_PCI_TSM adds an "authenticated" attribute and "tsm/" subdirectory to pci-sysfs. Consider that the TSM driver may itself be a PCI driver. Userspace can watch for the arrival of a "TSM" device, /sys/class/tsm/tsm0/uevent KOBJ_CHANGE, to know when the PCI core has initialized TSM services. The operations that can be executed against a PCI device are split into two mutually exclusive operation sets, "Link" and "Security" (struct pci_tsm_{link,security}_ops). The "Link" operations manage physical link security properties and communication with the device's Device Security Manager firmware. These are the host side operations in TDISP. The "Security" operations coordinate the security state of the assigned virtual device (TDI). These are the guest side operations in TDISP. Only "link" (Secure Session and physical Link Encryption) operations are defined at this stage. There are placeholders for the device security (Trusted Computing Base entry / exit) operations. The locking allows for multiple devices to be executing commands simultaneously, one outstanding command per-device and an rwsem synchronizes the implementation relative to TSM registration/unregistration events. Thanks to Wu Hao for his work on an early draft of this support. Cc: Lukas Wunner <lukas@wunner.de> Cc: Samuel Ortiz <sameo@rivosinc.com> Acked-by: Bjorn Helgaas <bhelgaas@google.com> Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com> Reviewed-by: Alexey Kardashevskiy <aik@amd.com> Co-developed-by: Xu Yilun <yilun.xu@linux.intel.com> Signed-off-by: Xu Yilun <yilun.xu@linux.intel.com> Link: https://patch.msgid.link/20251031212902.2256310-5-dan.j.williams@intel.com Signed-off-by: Dan Williams <dan.j.williams@intel.com> 2025-11-04T03:27:40+00:00 Dan Williams dan.j.williams@intel.com 2025-10-31T21:28:53+00:00 urn:sha1:603c646f001008eaf8b5a7a888043e5cc8c494a2 A "TSM" is a platform component that provides an API for securely provisioning resources for a confidential guest (TVM) to consume. The name originates from the PCI specification for platform agent that carries out operations for PCIe TDISP (TEE Device Interface Security Protocol). Instances of this core device are parented by a device representing the platform security function like CONFIG_CRYPTO_DEV_CCP or CONFIG_INTEL_TDX_HOST. This device interface is a frontend to the aspects of a TSM and TEE I/O that are cross-architecture common. This includes mechanisms like enumerating available platform TEE I/O capabilities and provisioning connections between the platform TSM and device DSMs (Device Security Manager (TDISP)). For now this is just the scaffolding for registering a TSM device sysfs interface. Cc: Xu Yilun <yilun.xu@linux.intel.com> Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com> Co-developed-by: Aneesh Kumar K.V (Arm) <aneesh.kumar@kernel.org> Signed-off-by: Aneesh Kumar K.V (Arm) <aneesh.kumar@kernel.org> Acked-by: Bjorn Helgaas <bhelgaas@google.com> Reviewed-by: Alexey Kardashevskiy <aik@amd.com> Link: https://patch.msgid.link/20251031212902.2256310-2-dan.j.williams@intel.com Signed-off-by: Dan Williams <dan.j.williams@intel.com> 2025-05-02T19:52:16+00:00 Dan Williams dan.j.williams@intel.com 2025-03-04T07:14:20+00:00 urn:sha1:71ded61bee2af97a218f9dfa0f4019cc4cd3b029 In preparation for new + common TSM (TEE Security Manager) infrastructure, namespace the TSM report symbols in tsm.h with an _REPORT suffix to differentiate them from other incoming tsm work. Cc: Yilun Xu <yilun.xu@intel.com> Cc: Samuel Ortiz <sameo@rivosinc.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Sami Mujawar <sami.mujawar@arm.com> Cc: Steven Price <steven.price@arm.com> Reviewed-by: Alexey Kardashevskiy <aik@amd.com> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com> Reviewed-by: Kai Huang <kai.huang@intel.com> Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> Reviewed-by: Steven Price <steven.price@arm.com> Link: https://patch.msgid.link/174107246021.1288555.7203769833791489618.stgit@dwillia2-xfh.jf.intel.com Signed-off-by: Dan Williams <dan.j.williams@intel.com> 2024-06-17T18:42:57+00:00 Tom Lendacky thomas.lendacky@amd.com 2024-06-05T15:18:55+00:00 urn:sha1:627dc671518b7f004ce04c45e8711f8dca94a57c When an SVSM is present, the guest can also request attestation reports from it. These SVSM attestation reports can be used to attest the SVSM and any services running within the SVSM. Extend the config-fs attestation support to provide such. This involves creating four new config-fs attributes: - 'service-provider' (input) This attribute is used to determine whether the attestation request should be sent to the specified service provider or to the SEV firmware. The SVSM service provider is represented by the value 'svsm'. - 'service_guid' (input) Used for requesting the attestation of a single service within the service provider. A null GUID implies that the SVSM_ATTEST_SERVICES call should be used to request the attestation report. A non-null GUID implies that the SVSM_ATTEST_SINGLE_SERVICE call should be used. - 'service_manifest_version' (input) Used with the SVSM_ATTEST_SINGLE_SERVICE call, the service version represents a specific service manifest version be used for the attestation report. - 'manifestblob' (output) Used to return the service manifest associated with the attestation report. Only display these new attributes when running under an SVSM. [ bp: Massage. - s/svsm_attestation_call/svsm_attest_call/g ] Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Link: https://lore.kernel.org/r/965015dce3c76bb8724839d50c5dea4e4b5d598f.1717600736.git.thomas.lendacky@amd.com 2024-06-17T18:42:57+00:00 Tom Lendacky thomas.lendacky@amd.com 2024-06-05T15:18:54+00:00 urn:sha1:20dfee95936413708701eb151f419597fdd9d948 The TSM attestation report support provides multiple configfs attribute types (both for standard and binary attributes) to allow for additional attributes to be displayed for SNP as compared to TDX. With the ability to hide attributes via configfs, consolidate the multiple attribute groups into a single standard attribute group and a single binary attribute group. Modify the TDX support to hide the attributes that were previously "hidden" as a result of registering the selective attribute groups. Co-developed-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> Link: https://lore.kernel.org/r/8873c45d0c8abc35aaf01d7833a55788a6905727.1717600736.git.thomas.lendacky@amd.com 2024-06-17T18:42:57+00:00 Tom Lendacky thomas.lendacky@amd.com 2024-06-05T15:18:52+00:00 urn:sha1:614dc0fb76327dbd81abd4612fbc2e4ba8f205e6 With the introduction of an SVSM, Linux will be running at a non-zero VMPL. Any request for an attestation report at a higher privilege VMPL than what Linux is currently running will result in an error. Allow for the privlevel_floor attribute to be updated dynamically. [ bp: Trim commit message. ] Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Link: https://lore.kernel.org/r/5a736be9384aebd98a0b7c929660f8a97cbdc366.1717600736.git.thomas.lendacky@amd.com