1What: /sys/kernel/config/tsm/report/$name/inblob 2Date: September, 2023 3KernelVersion: v6.7 4Contact: linux-coco@lists.linux.dev 5Description: 6 (WO) Up to 64 bytes of user specified binary data. For replay 7 protection this should include a nonce, but the kernel does not 8 place any restrictions on the content. 9 10What: /sys/kernel/config/tsm/report/$name/outblob 11Date: September, 2023 12KernelVersion: v6.7 13Contact: linux-coco@lists.linux.dev 14Description: 15 (RO) Binary attestation report generated from @inblob and other 16 options The format of the report is implementation specific 17 where the implementation is conveyed via the @provider 18 attribute. 19 20 This interface fails reads and sets errno to EFBIG when the 21 report generated by @provider exceeds the configfs-tsm-report 22 internal maximums. Contact the platform provider for the 23 compatible security module, driver, and attestation library 24 combination. 25 26What: /sys/kernel/config/tsm/report/$name/auxblob 27Date: October, 2023 28KernelVersion: v6.7 29Contact: linux-coco@lists.linux.dev 30Description: 31 (RO) Optional supplemental data that a TSM may emit, visibility 32 of this attribute depends on TSM, and may be empty if no 33 auxiliary data is available. 34 35 When @provider is "sev_guest" this file contains the 36 "cert_table" from SEV-ES Guest-Hypervisor Communication Block 37 Standardization v2.03 Section 4.1.8.1 MSG_REPORT_REQ. 38 https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf 39 40 See "EFBIG" comment in the @outblob description for potential 41 error conditions. 42 43What: /sys/kernel/config/tsm/report/$name/manifestblob 44Date: January, 2024 45KernelVersion: v6.10 46Contact: linux-coco@lists.linux.dev 47Description: 48 (RO) Optional supplemental data that a TSM may emit, visibility 49 of this attribute depends on TSM, and may be empty if no 50 manifest data is available. 51 52 See 'service_provider' for information on the format of the 53 manifest blob. 54 55 See "EFBIG" comment in the @outblob description for potential 56 error conditions. 57 58What: /sys/kernel/config/tsm/report/$name/provider 59Date: September, 2023 60KernelVersion: v6.7 61Contact: linux-coco@lists.linux.dev 62Description: 63 (RO) A name for the format-specification of @outblob like 64 "sev_guest" [1] or "tdx_guest" [2] in the near term, or a 65 common standard format in the future. 66 67 [1]: SEV Secure Nested Paging Firmware ABI Specification 68 Revision 1.55 Table 22 69 https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56860.pdf 70 71 [2]: Intel® Trust Domain Extensions Data Center Attestation 72 Primitives : Quote Generation Library and Quote Verification 73 Library Revision 0.8 Appendix 4,5 74 https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf 75 76 Intel TDX platforms with DICE-based attestation use CBOR Web Token 77 (CWT) format for the Quote payload. This is indicated by the Quote 78 size exceeding 8KB. 79 80What: /sys/kernel/config/tsm/report/$name/generation 81Date: September, 2023 82KernelVersion: v6.7 83Contact: linux-coco@lists.linux.dev 84Description: 85 (RO) The value in this attribute increments each time @inblob or 86 any option is written. Userspace can detect conflicts by 87 checking generation before writing to any attribute and making 88 sure the number of writes matches expectations after reading 89 @outblob, or it can prevent conflicts by creating a report 90 instance per requesting context. 91 92What: /sys/kernel/config/tsm/report/$name/privlevel 93Date: September, 2023 94KernelVersion: v6.7 95Contact: linux-coco@lists.linux.dev 96Description: 97 (WO) Attribute is visible if a TSM implementation provider 98 supports the concept of attestation reports for TVMs running at 99 different privilege levels, like SEV-SNP "VMPL", specify the 100 privilege level via this attribute. The minimum acceptable 101 value is conveyed via @privlevel_floor and the maximum 102 acceptable value is TSM_PRIVLEVEL_MAX (3). 103 104What: /sys/kernel/config/tsm/report/$name/privlevel_floor 105Date: September, 2023 106KernelVersion: v6.7 107Contact: linux-coco@lists.linux.dev 108Description: 109 (RO) Indicates the minimum permissible value that can be written 110 to @privlevel. 111 112What: /sys/kernel/config/tsm/report/$name/service_provider 113Date: January, 2024 114KernelVersion: v6.10 115Contact: linux-coco@lists.linux.dev 116Description: 117 (WO) Attribute is visible if a TSM implementation provider 118 supports the concept of attestation reports from a service 119 provider for TVMs, like SEV-SNP running under an SVSM. 120 Specifying the service provider via this attribute will create 121 an attestation report as specified by the service provider. 122 The only currently supported service provider is "svsm". 123 124 For the "svsm" service provider, see the Secure VM Service Module 125 for SEV-SNP Guests v1.00 Section 7. For the doc, search for 126 "site:amd.com "Secure VM Service Module for SEV-SNP 127 Guests", docID: 58019" 128 129What: /sys/kernel/config/tsm/report/$name/service_guid 130Date: January, 2024 131KernelVersion: v6.10 132Contact: linux-coco@lists.linux.dev 133Description: 134 (WO) Attribute is visible if a TSM implementation provider 135 supports the concept of attestation reports from a service 136 provider for TVMs, like SEV-SNP running under an SVSM. 137 Specifying an empty/null GUID (00000000-0000-0000-0000-000000) 138 requests all active services within the service provider be 139 part of the attestation report. Specifying a GUID request 140 an attestation report of just the specified service using the 141 manifest form specified by the service_manifest_version 142 attribute. 143 144 See 'service_provider' for information on the format of the 145 service guid. 146 147What: /sys/kernel/config/tsm/report/$name/service_manifest_version 148Date: January, 2024 149KernelVersion: v6.10 150Contact: linux-coco@lists.linux.dev 151Description: 152 (WO) Attribute is visible if a TSM implementation provider 153 supports the concept of attestation reports from a service 154 provider for TVMs, like SEV-SNP running under an SVSM. 155 Indicates the service manifest version requested for the 156 attestation report (default 0). If this field is not set by 157 the user, the default manifest version of the service (the 158 service's initial/first manifest version) is returned. 159 160 See 'service_provider' for information on the format of the 161 service manifest version. 162