Changes since v4 [1]: - Rebased on v6.17-rc2 plus a new pci_bus_find_emul_domain_nr() implementation after feedback from Michael - Update all spec references to PCIe r7.0 (Bjorn) - Alphabetize includes (Bjorn) - Drop "_MASK" from register field definitions (Bjorn) - Add explicit includes for used functionality (Bjorn) - Fix some misspellings, punctuation, and capitalization (Bjorn) - Drop whitespace out of the TDISP setup success debug print (Bjorn) - Make the "Device 3 Extended Capability" changelog more concise (Bjorn) - Clarify abbreviations in documentation for the IDE stream sysfs symlink (Bjorn) - Drop pci_ide_domain() export (Bjorn) - Do or do not, there is no try for pci_ide_stream_enable() (Bjorn) - Prefix register offset definitions with 0 (Jonathan) - Rename PCI_IDE_SEL_STS_RECVD_INTEGRITY_CHECK to PCI_IDE_SEL_STS_IDE_FAIL per latest spec (Jonathan) - Replace call_cb_put() with scope-based-cleanup (Jonathan) - Move the sample emulation devices to a known unused device-id, 0xffff which is the value conveyed in an error case (Jonathan) - Reflow line breaks in tsm_ide_stream_register() (Jonathan) - Drop @groups passed to tsm_register() and tsm_pci_group() (Alexey) - Simplify __sel_ide_offset() (Alexey) - Have PCI_TSM select TSM (Alexey) - Move DOE definitions to pci-doe.h (Alexey) - Remove pci_tsm_doe_transfer() (Alexey) - Reorder pci_tsm_link_constructor() to skip init actions when the function is going to fail (Alexey) - Rename the core 'struct pci_tsm' context as "base" (Alexey) - Pick up Bjorn's acks - Fix Documentation to reflect passing the name of the TSM device to @connect and @disconnect - Rename pci_tsm_pf0_attr_group to pci_tsm_attr_group since it will be shared with the guest side - Fix SRIOV function tsm sysfs init, add pci_tsm_init() - Clarify why pci_tsm_destroy() occurs before device_del() - Cleanup link_tsm vs devsec_tsm confusion, prepare for more devsec_tsm enabling - Hold pci_tsm_rwsem for write over connect and disconnect flows - Rework "tsm" group attributes to prep for devsec_tsm attributes - Fix find_dsm_dev() to be more careful to not walk past root ports - Drop @sec_probe and @sec_remove add @lock and @unlock in preparation for devsec_tsm enabling - Require samples/devsec to be built as a module - Fix bridge and device MMIO setup in samples/devsec/bus.c - Move samples/devsec/bus.c to faux_device - constify pci_ide_attr_group() [1]: http://lore.kernel.org/20250717183358.1332417-1-dan.j.williams@xxxxxxxxx This set is available at tsm.git#staging (rebasing branch) or tsm.git#devsec-20250826 (immutable tag). It passes a basic smoke test that exercises load/unload of the samples/devsec/ modules and connect/disconnect of the emulated device. Status (further "link" vs "devsec" TSM clarity): ------------------------------------------------ The bulk of the change this round is driven by further preparation for the "guest side" / device security state manipulation infrastructure. I.e. the support for the PCI core within the TEE to ask the TSM to transition a device from UNLOCKED to LOCKED, and LOCKED to RUN. A set implementing that to be posted immediately following this with the subject: "PCI/TSM: TEE I/O infrastructure" Otherwise the feedback has appeared to complete the transition from fundamental concerns to matters of polish. Next steps: ----------- With "[RFC PATCH v1 00/38] ARM CCA Device Assignment support" [2] this effort got one step closer to the criteria of "samples/devsec/ + 1 vendor implementation, or 2 vendor implementations can demonstrate the end-to-end flow (minus attestation)" for starting the push into mainline. See, and review, the "PCI/TSM: TEE I/O infrastructure" posting for the next batch of consensus building. [2]: http://lore.kernel.org/20250728135216.48084-1-aneesh.kumar@xxxxxxxxxx Original Cover letter: ---------------------- Trusted execution environment (TEE) Device Interface Security Protocol (TDISP) is a chapter name in the PCI specification. It describes an alphabet soup of mechanisms, SPDM, CMA, IDE, TSM/DSM, that system software uses to establish trust in a device and assign it to a confidential virtual machine (CVM). It is protocol for dynamically extending the trusted computing boundary (TCB) of a CVM with a PCI device interface that can issue DMA to CVM private memory. The acronym soup problem is enhanced by every major platform vendor having distinct TEE Security Manager (TSM) API implementations / capabilities, and to a lesser extent, every potential endpoint Device Security Manager (DSM) having its own idiosyncratic behaviors around TDISP state transitions. Despite all that opportunity for differentiation, there is a significant portion of the implementation that is cross-vendor common. However, it is difficult to develop, debate, test and settle all those pieces absent a low level TSM driver implementation to pull it all together. The proposal, of which this set is the first phase, is incrementally develop the shared infrastructure on top of a sample TSM driver implementation to enable clean vendor agnostic discussions about the commons. "samples/devsec/" is meant to be: just enough emulation to exercise all the core infrastructure, a reference implementation, and a simple unit test. The sample also enables coordination with the native PCI device security effort [3]. [3]: http://lore.kernel.org/cover.1719771133.git.lukas@xxxxxxxxx Dan Williams (10): coco/tsm: Introduce a core device for TEE Security Managers PCI/IDE: Enumerate Selective Stream IDE capabilities PCI: Introduce pci_walk_bus_reverse(), for_each_pci_dev_reverse() PCI/TSM: Authenticate devices via platform TSM samples/devsec: Introduce a PCI device-security bus + endpoint sample PCI: Add PCIe Device 3 Extended Capability enumeration PCI/IDE: Add IDE establishment helpers PCI/IDE: Report available IDE streams PCI/TSM: Report active IDE streams samples/devsec: Add sample IDE establishment Documentation/ABI/testing/sysfs-bus-pci | 51 ++ Documentation/ABI/testing/sysfs-class-tsm | 19 + .../ABI/testing/sysfs-devices-pci-host-bridge | 26 + Documentation/driver-api/pci/index.rst | 1 + Documentation/driver-api/pci/tsm.rst | 12 + MAINTAINERS | 7 +- drivers/base/bus.c | 38 + drivers/pci/Kconfig | 29 + drivers/pci/Makefile | 2 + drivers/pci/bus.c | 38 + drivers/pci/doe.c | 2 - drivers/pci/ide.c | 582 ++++++++++++++ drivers/pci/pci-sysfs.c | 4 + drivers/pci/pci.h | 19 + drivers/pci/probe.c | 28 +- drivers/pci/remove.c | 6 + drivers/pci/search.c | 62 +- drivers/pci/tsm.c | 601 ++++++++++++++ drivers/virt/coco/Kconfig | 3 + drivers/virt/coco/Makefile | 1 + drivers/virt/coco/tsm-core.c | 183 +++++ include/linux/device/bus.h | 3 + include/linux/pci-doe.h | 4 + include/linux/pci-ide.h | 72 ++ include/linux/pci-tsm.h | 143 ++++ include/linux/pci.h | 36 + include/linux/tsm.h | 11 + include/uapi/linux/pci_regs.h | 89 +++ samples/Kconfig | 19 + samples/Makefile | 1 + samples/devsec/Makefile | 10 + samples/devsec/bus.c | 737 ++++++++++++++++++ samples/devsec/common.c | 26 + samples/devsec/devsec.h | 40 + samples/devsec/link_tsm.c | 242 ++++++ 35 files changed, 3134 insertions(+), 13 deletions(-) create mode 100644 Documentation/ABI/testing/sysfs-class-tsm create mode 100644 Documentation/driver-api/pci/tsm.rst create mode 100644 drivers/pci/ide.c create mode 100644 drivers/pci/tsm.c create mode 100644 drivers/virt/coco/tsm-core.c create mode 100644 include/linux/pci-ide.h create mode 100644 include/linux/pci-tsm.h create mode 100644 samples/devsec/Makefile create mode 100644 samples/devsec/bus.c create mode 100644 samples/devsec/common.c create mode 100644 samples/devsec/devsec.h create mode 100644 samples/devsec/link_tsm.c base-commit: 650d64cdd69122cc60d309f2f5fd72bbc080dbd7 -- 2.50.1
