Linux 6.7 Adds A Cross-Vendor Solution For Confidential Computing Attestation Reports

Written by Michael Larabel in Virtualization on 3 November 2023 at 06:36 AM EDT. Add A Comment
VIRTUALIZATION
While confidential computing is a hot area right now, there's been a limited amount of cross-vendor cooperation with AMD having their own route with Secure Encrypted Virtualization (SEV) and Intel designing the Trusted Domain Extensions (TDX) that is still available in limited form. As one improvement coming with Linux 6.7, "configfs-tsm" has been submitted for pulling as a cross-vendor solution for confidential computing attestation reports.

Intel Linux engineer Dan Williams submitted the CONFIGFS-TSM pull request for the cross-vendor CoCo attestation reports. He summed it up in the pull request as:
As for what this is...

In an ideal world there would be a cross-vendor standard attestation report format for confidential guests along with a common device definition to act as the transport.

In the real world the situation ended up with multiple platform vendors inventing their own attestation report formats with the SEV-SNP implementation being a first mover to define a custom sev-guest character device and corresponding ioctl(). Later, this configfs-tsm proposal intercepted an attempt to add a tdx-guest character device and a corresponding new ioctl(). It also anticipated ARM and RISC-V showing up with more chardevs and more ioctls().

The proposal takes for granted that Linux tolerates the vendor report format differentiation until a standard arrives. From talking with folks involved, it sounds like that standardization work is unlikely to resolve anytime soon. It also takes the position that kernfs ABIs are easier to maintain than ioctl(). The result is a shared configfs mechanism to return per-vendor report-blobs with the option to later support a standard when that arrives.

Part of the goal here also is to get the community into the "uncomfortable, but beneficial to the long term maintainability of the kernel" state of talking to each other about their differentiation and opportunities to collaborate. Think of this like the device-driver equivalent of the common memory-management infrastructure for confidential-computing being built up in KVM.

As for establishing an "upstream path for cross-vendor confidential-computing device driver infrastructure" this is something I want to discuss at Plumbers. At present, the multiple vendor proposals for assigning devices to confidential computing VMs likely needs a new dedicated repository and maintainer team, but that is a discussion for v6.8.

For now, Greg and Thomas have acked this approach and this is passing is AMD, Intel, and Google tests.

We'll see how this goes and how much cross-vendor collaboration improves moving forward for confidential computing and similar areas. AMD SEV is supporting CONFIGFS-TSM alongside its vendor-specific ioctl. The Intel TDX guest driver is also wired up only to this new solution in 6.7.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week