include/linux/tsm.h at master · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / include / linux / tsm.h
at master 4.5 kB view raw
  1/* SPDX-License-Identifier: GPL-2.0 */
  2#ifndef __TSM_H
  3#define __TSM_H
  4
  5#include <linux/sizes.h>
  6#include <linux/types.h>
  7#include <linux/uuid.h>
  8#include <linux/device.h>
  9
 10#define TSM_REPORT_INBLOB_MAX 64
 11#define TSM_REPORT_OUTBLOB_MAX SZ_32K
 12
 13/*
 14 * Privilege level is a nested permission concept to allow confidential
 15 * guests to partition address space, 4-levels are supported.
 16 */
 17#define TSM_REPORT_PRIVLEVEL_MAX 3
 18
 19/**
 20 * struct tsm_report_desc - option descriptor for generating tsm report blobs
 21 * @privlevel: optional privilege level to associate with @outblob
 22 * @inblob_len: sizeof @inblob
 23 * @inblob: arbitrary input data
 24 * @service_provider: optional name of where to obtain the tsm report blob
 25 * @service_guid: optional service-provider service guid to attest
 26 * @service_manifest_version: optional service-provider service manifest version requested
 27 */
 28struct tsm_report_desc {
 29	unsigned int privlevel;
 30	size_t inblob_len;
 31	u8 inblob[TSM_REPORT_INBLOB_MAX];
 32	char *service_provider;
 33	guid_t service_guid;
 34	unsigned int service_manifest_version;
 35};
 36
 37/**
 38 * struct tsm_report - track state of report generation relative to options
 39 * @desc: input parameters to @report_new()
 40 * @outblob_len: sizeof(@outblob)
 41 * @outblob: generated evidence to provider to the attestation agent
 42 * @auxblob_len: sizeof(@auxblob)
 43 * @auxblob: (optional) auxiliary data to the report (e.g. certificate data)
 44 * @manifestblob_len: sizeof(@manifestblob)
 45 * @manifestblob: (optional) manifest data associated with the report
 46 */
 47struct tsm_report {
 48	struct tsm_report_desc desc;
 49	size_t outblob_len;
 50	u8 *outblob;
 51	size_t auxblob_len;
 52	u8 *auxblob;
 53	size_t manifestblob_len;
 54	u8 *manifestblob;
 55};
 56
 57/**
 58 * enum tsm_attr_index - index used to reference report attributes
 59 * @TSM_REPORT_GENERATION: index of the report generation number attribute
 60 * @TSM_REPORT_PROVIDER: index of the provider name attribute
 61 * @TSM_REPORT_PRIVLEVEL: index of the desired privilege level attribute
 62 * @TSM_REPORT_PRIVLEVEL_FLOOR: index of the minimum allowed privileg level attribute
 63 * @TSM_REPORT_SERVICE_PROVIDER: index of the service provider identifier attribute
 64 * @TSM_REPORT_SERVICE_GUID: index of the service GUID attribute
 65 * @TSM_REPORT_SERVICE_MANIFEST_VER: index of the service manifest version attribute
 66 */
 67enum tsm_attr_index {
 68	TSM_REPORT_GENERATION,
 69	TSM_REPORT_PROVIDER,
 70	TSM_REPORT_PRIVLEVEL,
 71	TSM_REPORT_PRIVLEVEL_FLOOR,
 72	TSM_REPORT_SERVICE_PROVIDER,
 73	TSM_REPORT_SERVICE_GUID,
 74	TSM_REPORT_SERVICE_MANIFEST_VER,
 75};
 76
 77/**
 78 * enum tsm_bin_attr_index - index used to reference binary report attributes
 79 * @TSM_REPORT_INBLOB: index of the binary report input attribute
 80 * @TSM_REPORT_OUTBLOB: index of the binary report output attribute
 81 * @TSM_REPORT_AUXBLOB: index of the binary auxiliary data attribute
 82 * @TSM_REPORT_MANIFESTBLOB: index of the binary manifest data attribute
 83 */
 84enum tsm_bin_attr_index {
 85	TSM_REPORT_INBLOB,
 86	TSM_REPORT_OUTBLOB,
 87	TSM_REPORT_AUXBLOB,
 88	TSM_REPORT_MANIFESTBLOB,
 89};
 90
 91/**
 92 * struct tsm_report_ops - attributes and operations for tsm_report instances
 93 * @name: tsm id reflected in /sys/kernel/config/tsm/report/$report/provider
 94 * @privlevel_floor: convey base privlevel for nested scenarios
 95 * @report_new: Populate @report with the report blob and auxblob
 96 * (optional), return 0 on successful population, or -errno otherwise
 97 * @report_attr_visible: show or hide a report attribute entry
 98 * @report_bin_attr_visible: show or hide a report binary attribute entry
 99 *
100 * Implementation specific ops, only one is expected to be registered at
101 * a time i.e. only one of "sev-guest", "tdx-guest", etc.
102 */
103struct tsm_report_ops {
104	const char *name;
105	unsigned int privlevel_floor;
106	int (*report_new)(struct tsm_report *report, void *data);
107	bool (*report_attr_visible)(int n);
108	bool (*report_bin_attr_visible)(int n);
109};
110
111struct pci_tsm_ops;
112struct tsm_dev {
113	struct device dev;
114	int id;
115	const struct pci_tsm_ops *pci_ops;
116};
117
118DEFINE_FREE(put_tsm_dev, struct tsm_dev *,
119	    if (!IS_ERR_OR_NULL(_T)) put_device(&_T->dev))
120
121int tsm_report_register(const struct tsm_report_ops *ops, void *priv);
122int tsm_report_unregister(const struct tsm_report_ops *ops);
123struct tsm_dev *tsm_register(struct device *parent, struct pci_tsm_ops *ops);
124void tsm_unregister(struct tsm_dev *tsm_dev);
125struct tsm_dev *find_tsm_dev(int id);
126struct pci_ide;
127int tsm_ide_stream_register(struct pci_ide *ide);
128void tsm_ide_stream_unregister(struct pci_ide *ide);
129#endif /* __TSM_H */