170e6f7e2SDan WilliamsWhat: /sys/kernel/config/tsm/report/$name/inblob 270e6f7e2SDan WilliamsDate: September, 2023 370e6f7e2SDan WilliamsKernelVersion: v6.7 470e6f7e2SDan WilliamsContact: linux-coco@lists.linux.dev 570e6f7e2SDan WilliamsDescription: 670e6f7e2SDan Williams (WO) Up to 64 bytes of user specified binary data. For replay 770e6f7e2SDan Williams protection this should include a nonce, but the kernel does not 870e6f7e2SDan Williams place any restrictions on the content. 970e6f7e2SDan Williams 1070e6f7e2SDan WilliamsWhat: /sys/kernel/config/tsm/report/$name/outblob 1170e6f7e2SDan WilliamsDate: September, 2023 1270e6f7e2SDan WilliamsKernelVersion: v6.7 1370e6f7e2SDan WilliamsContact: linux-coco@lists.linux.dev 1470e6f7e2SDan WilliamsDescription: 1570e6f7e2SDan Williams (RO) Binary attestation report generated from @inblob and other 1670e6f7e2SDan Williams options The format of the report is implementation specific 1770e6f7e2SDan Williams where the implementation is conveyed via the @provider 1870e6f7e2SDan Williams attribute. 1970e6f7e2SDan Williams 2070e6f7e2SDan WilliamsWhat: /sys/kernel/config/tsm/report/$name/auxblob 2170e6f7e2SDan WilliamsDate: October, 2023 2270e6f7e2SDan WilliamsKernelVersion: v6.7 2370e6f7e2SDan WilliamsContact: linux-coco@lists.linux.dev 2470e6f7e2SDan WilliamsDescription: 2570e6f7e2SDan Williams (RO) Optional supplemental data that a TSM may emit, visibility 2670e6f7e2SDan Williams of this attribute depends on TSM, and may be empty if no 2770e6f7e2SDan Williams auxiliary data is available. 2870e6f7e2SDan Williams 2970e6f7e2SDan Williams When @provider is "sev_guest" this file contains the 3070e6f7e2SDan Williams "cert_table" from SEV-ES Guest-Hypervisor Communication Block 3170e6f7e2SDan Williams Standardization v2.03 Section 4.1.8.1 MSG_REPORT_REQ. 3270e6f7e2SDan Williams https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf 3370e6f7e2SDan Williams 34627dc671STom LendackyWhat: /sys/kernel/config/tsm/report/$name/manifestblob 35627dc671STom LendackyDate: January, 2024 36627dc671STom LendackyKernelVersion: v6.10 37627dc671STom LendackyContact: linux-coco@lists.linux.dev 38627dc671STom LendackyDescription: 39627dc671STom Lendacky (RO) Optional supplemental data that a TSM may emit, visibility 40627dc671STom Lendacky of this attribute depends on TSM, and may be empty if no 41627dc671STom Lendacky manifest data is available. 42627dc671STom Lendacky 43627dc671STom Lendacky See 'service_provider' for information on the format of the 44627dc671STom Lendacky manifest blob. 45627dc671STom Lendacky 4670e6f7e2SDan WilliamsWhat: /sys/kernel/config/tsm/report/$name/provider 4770e6f7e2SDan WilliamsDate: September, 2023 4870e6f7e2SDan WilliamsKernelVersion: v6.7 4970e6f7e2SDan WilliamsContact: linux-coco@lists.linux.dev 5070e6f7e2SDan WilliamsDescription: 5170e6f7e2SDan Williams (RO) A name for the format-specification of @outblob like 5270e6f7e2SDan Williams "sev_guest" [1] or "tdx_guest" [2] in the near term, or a 5370e6f7e2SDan Williams common standard format in the future. 5470e6f7e2SDan Williams 5570e6f7e2SDan Williams [1]: SEV Secure Nested Paging Firmware ABI Specification 5670e6f7e2SDan Williams Revision 1.55 Table 22 5770e6f7e2SDan Williams https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56860.pdf 5870e6f7e2SDan Williams 5970e6f7e2SDan Williams [2]: Intel® Trust Domain Extensions Data Center Attestation 6070e6f7e2SDan Williams Primitives : Quote Generation Library and Quote Verification 6170e6f7e2SDan Williams Library Revision 0.8 Appendix 4,5 6270e6f7e2SDan Williams https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf 6370e6f7e2SDan Williams 6470e6f7e2SDan WilliamsWhat: /sys/kernel/config/tsm/report/$name/generation 6570e6f7e2SDan WilliamsDate: September, 2023 6670e6f7e2SDan WilliamsKernelVersion: v6.7 6770e6f7e2SDan WilliamsContact: linux-coco@lists.linux.dev 6870e6f7e2SDan WilliamsDescription: 6970e6f7e2SDan Williams (RO) The value in this attribute increments each time @inblob or 7070e6f7e2SDan Williams any option is written. Userspace can detect conflicts by 7170e6f7e2SDan Williams checking generation before writing to any attribute and making 7270e6f7e2SDan Williams sure the number of writes matches expectations after reading 7370e6f7e2SDan Williams @outblob, or it can prevent conflicts by creating a report 7470e6f7e2SDan Williams instance per requesting context. 7570e6f7e2SDan Williams 7670e6f7e2SDan WilliamsWhat: /sys/kernel/config/tsm/report/$name/privlevel 7770e6f7e2SDan WilliamsDate: September, 2023 7870e6f7e2SDan WilliamsKernelVersion: v6.7 7970e6f7e2SDan WilliamsContact: linux-coco@lists.linux.dev 8070e6f7e2SDan WilliamsDescription: 8170e6f7e2SDan Williams (WO) Attribute is visible if a TSM implementation provider 8270e6f7e2SDan Williams supports the concept of attestation reports for TVMs running at 8370e6f7e2SDan Williams different privilege levels, like SEV-SNP "VMPL", specify the 8470e6f7e2SDan Williams privilege level via this attribute. The minimum acceptable 8570e6f7e2SDan Williams value is conveyed via @privlevel_floor and the maximum 8670e6f7e2SDan Williams acceptable value is TSM_PRIVLEVEL_MAX (3). 8770e6f7e2SDan Williams 8870e6f7e2SDan WilliamsWhat: /sys/kernel/config/tsm/report/$name/privlevel_floor 8970e6f7e2SDan WilliamsDate: September, 2023 9070e6f7e2SDan WilliamsKernelVersion: v6.7 9170e6f7e2SDan WilliamsContact: linux-coco@lists.linux.dev 9270e6f7e2SDan WilliamsDescription: 9370e6f7e2SDan Williams (RO) Indicates the minimum permissible value that can be written 9470e6f7e2SDan Williams to @privlevel. 95627dc671STom Lendacky 96627dc671STom LendackyWhat: /sys/kernel/config/tsm/report/$name/service_provider 97627dc671STom LendackyDate: January, 2024 98627dc671STom LendackyKernelVersion: v6.10 99627dc671STom LendackyContact: linux-coco@lists.linux.dev 100627dc671STom LendackyDescription: 101627dc671STom Lendacky (WO) Attribute is visible if a TSM implementation provider 102627dc671STom Lendacky supports the concept of attestation reports from a service 103627dc671STom Lendacky provider for TVMs, like SEV-SNP running under an SVSM. 104627dc671STom Lendacky Specifying the service provider via this attribute will create 105627dc671STom Lendacky an attestation report as specified by the service provider. 106*5fa96c7aSBorislav Petkov (AMD) The only currently supported service provider is "svsm". 107627dc671STom Lendacky 108627dc671STom Lendacky For the "svsm" service provider, see the Secure VM Service Module 109627dc671STom Lendacky for SEV-SNP Guests v1.00 Section 7. For the doc, search for 110627dc671STom Lendacky "site:amd.com "Secure VM Service Module for SEV-SNP 111627dc671STom Lendacky Guests", docID: 58019" 112627dc671STom Lendacky 113627dc671STom LendackyWhat: /sys/kernel/config/tsm/report/$name/service_guid 114627dc671STom LendackyDate: January, 2024 115627dc671STom LendackyKernelVersion: v6.10 116627dc671STom LendackyContact: linux-coco@lists.linux.dev 117627dc671STom LendackyDescription: 118627dc671STom Lendacky (WO) Attribute is visible if a TSM implementation provider 119627dc671STom Lendacky supports the concept of attestation reports from a service 120627dc671STom Lendacky provider for TVMs, like SEV-SNP running under an SVSM. 121627dc671STom Lendacky Specifying an empty/null GUID (00000000-0000-0000-0000-000000) 122627dc671STom Lendacky requests all active services within the service provider be 123627dc671STom Lendacky part of the attestation report. Specifying a GUID request 124627dc671STom Lendacky an attestation report of just the specified service using the 125627dc671STom Lendacky manifest form specified by the service_manifest_version 126627dc671STom Lendacky attribute. 127627dc671STom Lendacky 128627dc671STom Lendacky See 'service_provider' for information on the format of the 129627dc671STom Lendacky service guid. 130627dc671STom Lendacky 131627dc671STom LendackyWhat: /sys/kernel/config/tsm/report/$name/service_manifest_version 132627dc671STom LendackyDate: January, 2024 133627dc671STom LendackyKernelVersion: v6.10 134627dc671STom LendackyContact: linux-coco@lists.linux.dev 135627dc671STom LendackyDescription: 136627dc671STom Lendacky (WO) Attribute is visible if a TSM implementation provider 137627dc671STom Lendacky supports the concept of attestation reports from a service 138627dc671STom Lendacky provider for TVMs, like SEV-SNP running under an SVSM. 139627dc671STom Lendacky Indicates the service manifest version requested for the 140627dc671STom Lendacky attestation report (default 0). If this field is not set by 141627dc671STom Lendacky the user, the default manifest version of the service (the 142627dc671STom Lendacky service's initial/first manifest version) is returned. 143627dc671STom Lendacky 144627dc671STom Lendacky See 'service_provider' for information on the format of the 145627dc671STom Lendacky service manifest version. 146