On Thu, Jul 17, 2025 at 11:33:50AM -0700, Dan Williams wrote: > Link encryption is a new PCIe feature enumerated by "PCIe 6.2 section > 7.9.26 IDE Extended Capability". > > It is both a standalone port + endpoint capability, and a building block > for the security protocol defined by "PCIe 6.2 section 11 TEE Device > Interface Security Protocol (TDISP)". That protocol coordinates device > security setup between a platform TSM (TEE Security Manager) and a > device DSM (Device Security Manager). While the platform TSM can > allocate resources like Stream ID and manage keys, it still requires > system software to manage the IDE capability register block. > > Add register definitions and basic enumeration in preparation for > Selective IDE Stream establishment. A follow on change selects the new > CONFIG_PCI_IDE symbol. Note that while the IDE specification defines > both a point-to-point "Link Stream" and a Root Port to endpoint > "Selective Stream", only "Selective Stream" is considered for Linux as > that is the predominant mode expected by Trusted Execution Environment > Security Managers (TSMs), and it is the security model that limits the > number of PCI components within the TCB in a PCIe topology with > switches. > > Cc: Yilun Xu <yilun.xu@xxxxxxxxx> > Cc: Jonathan Cameron <Jonathan.Cameron@xxxxxxxxxx> > Cc: Aneesh Kumar K.V <aneesh.kumar@xxxxxxxxxx> > Co-developed-by: Alexey Kardashevskiy <aik@xxxxxxx> > Signed-off-by: Alexey Kardashevskiy <aik@xxxxxxx> > Co-developed-by: Yilun Xu <yilun.xu@xxxxxxxxx> > Signed-off-by: Yilun Xu <yilun.xu@xxxxxxxxx> > Signed-off-by: Dan Williams <dan.j.williams@xxxxxxxxx> Acked-by: Bjorn Helgaas <bhelgaas@xxxxxxxxxx> > +++ b/drivers/pci/Kconfig > @@ -122,6 +122,20 @@ config XEN_PCIDEV_FRONTEND > config PCI_ATS > bool > > +config PCI_IDE > + bool > + > +config PCI_IDE_STREAM_MAX > + int "Maximum number of Selective IDE Streams supported per host bridge" if EXPERT > + depends on PCI_IDE > + range 1 256 > + default 64 > + help > + Set a kernel max for the number of IDE streams the PCI core supports > + per device. While the PCI specification max is 256, the hardware > + platform capability for the foreseeable future is 4 to 8 streams. Bump > + this value up if you have an expert testing need. Maybe worth expanding IDE once as we did for DOE: > + > config PCI_DOE > bool "Enable PCI Data Object Exchange (DOE) support"
