Attester: remove libtdx feature for TDX attester#1470
Conversation
|
Thanks! Just one quick comment: I know at least Openshift does not have RTMRs available so Could this PR be about dropping |
|
@mythi Thanks for the information. Do you mean that
|
|
Yes. mrconfigid for initdata is read from report0 ioctl which is available without the DCAP wrapper in the default configuration. Another clarification: the rtmr abi is not related to configfs reports abi |
Xynnn007
force-pushed
the
attester/tdx-remove-ioctl
branch
3 times, most recently
from
5d91279 to
0397f03
Compare
This patch adds the initdata (mr_configid) reading and RTMR reading/writes via sysfs on TDX platform. This is a feature of kernel >= 6.16 version. Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
Xynnn007
force-pushed
the
attester/tdx-remove-ioctl
branch
from
0397f03 to
c2e5040
Compare
Now with new version of guest kernel it's practical to use TSM to do quote generation and use sysfs to do initdata reading/rtmr read-writing. This patch deprecates legacy libtdx related features to get quotes. Also, natively use ioctl to get reports for initdata/rtmr reading on kernel version < 6.16 and use sysfs to do initdata reading/rtmr read-writing on kernel version >= 6.16. Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
The tests are ignored because they require to be run inside a TDX guest. Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
Xynnn007
force-pushed
the
attester/tdx-remove-ioctl
branch
from
c2e5040 to
dccb63e
Compare
Xynnn007
changed the title
|
Intel's DCAP internally has a compiler switch called V3_DRIVER that controls the type of ioctl writes for RTMR. I've implemented support for this in my PR. For IOR scenarios, the iocuddle crate can only make read requests with the req parameter using |
|
Test with all configfs/sysfs/ioctl scenarios. |
2 participants
No description provided.