| Message ID | 20230928224645.19768-1-graf@amazon.com |
|---|---|
| Headers | show |
| Series | Add Nitro Secure Module support | expand |
On Thu, Sep 28, 2023 at 10:46:44PM +0000, Alexander Graf wrote: > +/* Register this as a misc driver */ > +#define NSM_DEV_NAME "nsm" > +#define NSM_IOCTL_MAGIC 0x0A > +#define NSM_IO_REQUEST _IOWR(NSM_IOCTL_MAGIC, 0, struct nsm_message) You have an ioctl for this driver, yet no include/uapi/ file for it? How is userspace supposed to know about this and use it? thanks, greg k-h
Hey Greg, On 29.09.23 07:44, Greg Kroah-Hartman wrote: > > On Thu, Sep 28, 2023 at 10:46:44PM +0000, Alexander Graf wrote: >> When running Linux inside a Nitro Enclave, the hypervisor provides a >> special virtio device called "NSM". This device has 2 main functions: >> >> 1) Provide attestation reports >> 2) Modify PCR state >> 3) Provide entropy >> >> This patch adds the core NSM driver that exposes a /dev/nsm device node >> which user space can use to request attestation documents and influence >> PCR states. A follow up patch will add a hwrng driver to feed its entropy >> into the kernel. >> >> Originally-by: Petre Eftime <petre.eftime@gmail.com> > Hasn't this been submitted a long time ago? What changed from that > submission? Or am I mis-remembering things? With Nitro Enclaves, there are 2 parties: Parent and Enclave. The parent launches the Enclave. To do so, it creates a sibling VM using a special Enclaves PCI device. The driver for that is in drivers/virt/nitro_enclaves and you helped to upstream that back then. The enclave is what is running inside the sibling VM. It sees a Firecracker like device model with virtio-vsock to communicate to the parent as well as a special virtio-mmio device called "NSM" to communicate to the hypervisor. This driver is for the latter. I'm now aware of previous attempts to upstream it. > >> --- /dev/null >> +++ b/drivers/misc/nsm.c >> @@ -0,0 +1,470 @@ >> +// SPDX-License-Identifier: GPL-2.0 >> +/* >> + * Amazon Nitro Secure Module driver. >> + * >> + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. >> + * >> + * This program is free software; you can redistribute it and/or modify it >> + * under the terms and conditions of the GNU General Public License, >> + * version 2, as published by the Free Software Foundation. >> + * >> + * This program is distributed in the hope that it will be useful, >> + * but WITHOUT ANY WARRANTY; without even the implied warranty of >> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >> + * GNU General Public License for more details. >> + * >> + * You should have received a copy of the GNU General Public License >> + * along with this program; if not, see <http://www.gnu.org/licenses/>. > Please drop the license "boiler-plate" text, the SPDX line is > sufficient. Sure, happy to! :) Alex Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879