| Age | Commit message (Collapse) | Author | Lines |
|---|
|
Given that tsm_mr_sample has a particular set of algorithms that it
wants, just use the library APIs for those algorithms rather than
crypto_shash. This is more straightforward and more efficient.
This also fixes a bug where this module failed to build if it was
enabled without CRYPTO_HASH happening to be set elsewhere in the
kconfig. (With the concurrent change to make TSM_MEASUREMENTS stop
selecting CRYPTO, this existing build error would have become easier to
encounter, as well.) Also, even if it built, crypto_alloc_shash() could
fail at runtime due to the needed algorithms not being available.
The library functions simply use direct linking. So if it builds, which
it will due to the kconfig options being selected, they are available.
Fixes: f6953f1f9ec4 ("tsm-mr: Add tsm-mr sample code")
Acked-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Dan Williams <dan.j.williams@intel.com>
Link: https://lore.kernel.org/r/20260318164233.19800-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
|
|
0day robot reports 'sample_report' can be static, fix it up.
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202505090938.avfIhLsl-lkp@intel.com/
Signed-off-by: Cedric Xing <cedric.xing@intel.com>
Link: https://patch.msgid.link/20250509030350.22363-1-cedric.xing@intel.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
|
This sample kernel module demonstrates how to make MRs accessible to user
mode through the tsm-mr library.
Once loaded, this module registers a `miscdevice` that host a set of
emulated measurement registers as shown in the directory tree below.
/sys/class/misc/tsm_mr_sample
└── measurements
├── config_mr
├── report_digest:sha512
├── rtmr0:sha256
├── rtmr1:sha384
├── rtmr_crypto_agile:sha256
├── rtmr_crypto_agile:sha384
└── static_mr:sha384
Among the MRs in this example:
- `config_mr` demonstrates a hashless MR, like MRCONFIGID in Intel TDX or
HOSTDATA in AMD SEV.
- `static_mr` demonstrates a static MR. The suffix `:sha384` indicates its
value is a sha384 digest.
- `rtmr0` is an RTMR with `TSM_MR_F_WRITABLE` **cleared**, preventing
direct extensions; as a result, the attribute `rtmr0:sha256` is
read-only.
- `rtmr1` is an RTMR with `TSM_MR_F_WRITABLE` **set**, permitting direct
extensions; thus, the attribute `rtmr1:sha384` is writable.
- `rtmr_crypto_agile` demonstrates a "single" MR that supports multiple
hash algorithms. Each supported algorithm has a corresponding digest,
usually referred to as a "bank" in TCG terminology. In this specific
sample, the 2 banks are aliased to `rtmr0` and `rtmr1`, respectively.
- `report_digest` contains the digest of the internal report structure
living in this sample module's memory. It is to demonstrate the use of
the `TSM_MR_F_LIVE` flag. Its value changes each time an RTMR is
extended.
Signed-off-by: Cedric Xing <cedric.xing@intel.com>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Acked-by: Dionna Amalie Glaze <dionnaglaze@google.com>
Link: https://patch.msgid.link/20250506-tdx-rtmr-v6-2-ac6ff5e9d58a@intel.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
