| blob | 534408bc1408fdeccf31e68041e317bc27430147 |
1 What: /sys/kernel/config/tsm/report/$name/inblob
2 Date: September, 2023
3 KernelVersion: v6.7
4 Contact: linux-coco@lists.linux.dev
5 Description:
6 (WO) Up to 64 bytes of user specified binary data. For replay
7 protection this should include a nonce, but the kernel does not
8 place any restrictions on the content.
10 What: /sys/kernel/config/tsm/report/$name/outblob
11 Date: September, 2023
12 KernelVersion: v6.7
13 Contact: linux-coco@lists.linux.dev
14 Description:
15 (RO) Binary attestation report generated from @inblob and other
16 options The format of the report is implementation specific
17 where the implementation is conveyed via the @provider
18 attribute.
20 What: /sys/kernel/config/tsm/report/$name/auxblob
21 Date: October, 2023
22 KernelVersion: v6.7
23 Contact: linux-coco@lists.linux.dev
24 Description:
25 (RO) Optional supplemental data that a TSM may emit, visibility
26 of this attribute depends on TSM, and may be empty if no
27 auxiliary data is available.
29 When @provider is "sev_guest" this file contains the
30 "cert_table" from SEV-ES Guest-Hypervisor Communication Block
31 Standardization v2.03 Section 4.1.8.1 MSG_REPORT_REQ.
32 https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf
34 What: /sys/kernel/config/tsm/report/$name/manifestblob
35 Date: January, 2024
36 KernelVersion: v6.10
37 Contact: linux-coco@lists.linux.dev
38 Description:
39 (RO) Optional supplemental data that a TSM may emit, visibility
40 of this attribute depends on TSM, and may be empty if no
41 manifest data is available.
43 See 'service_provider' for information on the format of the
44 manifest blob.
46 What: /sys/kernel/config/tsm/report/$name/provider
47 Date: September, 2023
48 KernelVersion: v6.7
49 Contact: linux-coco@lists.linux.dev
50 Description:
51 (RO) A name for the format-specification of @outblob like
52 "sev_guest" [1] or "tdx_guest" [2] in the near term, or a
53 common standard format in the future.
55 [1]: SEV Secure Nested Paging Firmware ABI Specification
56 Revision 1.55 Table 22
57 https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56860.pdf
59 [2]: IntelĀ® Trust Domain Extensions Data Center Attestation
60 Primitives : Quote Generation Library and Quote Verification
61 Library Revision 0.8 Appendix 4,5
62 https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf
64 What: /sys/kernel/config/tsm/report/$name/generation
65 Date: September, 2023
66 KernelVersion: v6.7
67 Contact: linux-coco@lists.linux.dev
68 Description:
69 (RO) The value in this attribute increments each time @inblob or
70 any option is written. Userspace can detect conflicts by
71 checking generation before writing to any attribute and making
72 sure the number of writes matches expectations after reading
73 @outblob, or it can prevent conflicts by creating a report
74 instance per requesting context.
76 What: /sys/kernel/config/tsm/report/$name/privlevel
77 Date: September, 2023
78 KernelVersion: v6.7
79 Contact: linux-coco@lists.linux.dev
80 Description:
81 (WO) Attribute is visible if a TSM implementation provider
82 supports the concept of attestation reports for TVMs running at
83 different privilege levels, like SEV-SNP "VMPL", specify the
84 privilege level via this attribute. The minimum acceptable
85 value is conveyed via @privlevel_floor and the maximum
86 acceptable value is TSM_PRIVLEVEL_MAX (3).
88 What: /sys/kernel/config/tsm/report/$name/privlevel_floor
89 Date: September, 2023
90 KernelVersion: v6.7
91 Contact: linux-coco@lists.linux.dev
92 Description:
93 (RO) Indicates the minimum permissible value that can be written
94 to @privlevel.
96 What: /sys/kernel/config/tsm/report/$name/service_provider
97 Date: January, 2024
98 KernelVersion: v6.10
99 Contact: linux-coco@lists.linux.dev
100 Description:
101 (WO) Attribute is visible if a TSM implementation provider
102 supports the concept of attestation reports from a service
103 provider for TVMs, like SEV-SNP running under an SVSM.
104 Specifying the service provider via this attribute will create
105 an attestation report as specified by the service provider.
106 The only currently supported service provider is "svsm".
108 For the "svsm" service provider, see the Secure VM Service Module
109 for SEV-SNP Guests v1.00 Section 7. For the doc, search for
110 "site:amd.com "Secure VM Service Module for SEV-SNP
111 Guests", docID: 58019"
113 What: /sys/kernel/config/tsm/report/$name/service_guid
114 Date: January, 2024
115 KernelVersion: v6.10
116 Contact: linux-coco@lists.linux.dev
117 Description:
118 (WO) Attribute is visible if a TSM implementation provider
119 supports the concept of attestation reports from a service
120 provider for TVMs, like SEV-SNP running under an SVSM.
121 Specifying an empty/null GUID (00000000-0000-0000-0000-000000)
122 requests all active services within the service provider be
123 part of the attestation report. Specifying a GUID request
124 an attestation report of just the specified service using the
125 manifest form specified by the service_manifest_version
126 attribute.
128 See 'service_provider' for information on the format of the
129 service guid.
131 What: /sys/kernel/config/tsm/report/$name/service_manifest_version
132 Date: January, 2024
133 KernelVersion: v6.10
134 Contact: linux-coco@lists.linux.dev
135 Description:
136 (WO) Attribute is visible if a TSM implementation provider
137 supports the concept of attestation reports from a service
138 provider for TVMs, like SEV-SNP running under an SVSM.
139 Indicates the service manifest version requested for the
140 attestation report (default 0). If this field is not set by
141 the user, the default manifest version of the service (the
142 service's initial/first manifest version) is returned.
144 See 'service_provider' for information on the format of the
145 service manifest version.