On 11/3/22 20:23, Kuppuswamy Sathyanarayanan wrote:
To support TDX attestation, the TDX guest driver exposes an IOCTL interface to allow userspace to get the TDREPORT from the TDX module via TDG.MR.TDREPORT TDCALL.
This all acts and is named like this is *THE* way to do a TD report. This is the only type of TD report.
Is it?
If so, why is there a subtype in the TDX module ABI? It's easy to miss in the kernel code, btw:
+int tdx_mcall_get_report(u8 *reportdata, u8 *tdreport) +{
- u64 ret;
- ret = __tdx_module_call(TDX_GET_REPORT, virt_to_phys(tdreport),
virt_to_phys(reportdata), 0, 0, NULL);
subtype here ^
mixed in next to another magic 0.
- if (ret) {
if (TDCALL_RETURN_CODE(ret) == TDCALL_INVALID_OPERAND)return -EINVAL;return -EIO;- }
- return 0;
+} +EXPORT_SYMBOL_GPL(tdx_mcall_get_report);
What happens to this interface when subtype 1 is added?
TDX_CMD_GET_REPORT can only get subtype 0. So, we'll have, what, a new ioctl()? TDX_CMD_GET_REPORT_SUBTYPE1?
This is why I was pushing for a more generic ABI that would actually work for more than one subtype. Other folks thought that was a bad idea. I can live with that. But, what I can't live with is just pretending that this is the one and only forever "tdreport" interface.
This is *NOT* "a wrapper to get TDREPORT from the TDX Module", this is at best "a wrapper to get TDREPORT sub type 0 from the TDX Module".
It also occurs to me that "sub type 0" could use an actual name. Could we give it one, please?