)]}' { "commit": "01dd9c6c381c89705170b8723f2acbf5ae4994ae", "tree": "4270cbacd58f8abc22f282e2d4e8b7a42dc698e2", "parents": [ "a87b4e50aa0b9d00a40aaebee51169bc76b100b7" ], "author": { "name": "Dan Williams", "email": "dan.j.williams@intel.com", "time": "Thu Oct 09 19:37:37 2025 -0700" }, "committer": { "name": "Dan Williams", "email": "dan.j.williams@intel.com", "time": "Fri Nov 14 15:08:15 2025 -0800" }, "message": "PCI/TSM: Add Device Security (TVM Guest) operations support\n\nPCIe Trusted Execution Environment Device Interface Security Protocol\n(TDISP) has two distinct sets of operations. The first, currently enabled\nin driver/pci/tsm.c, enables the VMM to authenticate the physical function\n(PCIe Component Measurement and Authentication (CMA)), establish a secure\nmessage passing session (DMTF SPDM), and establish physical link security\n(PCIe Integrity and Data Encryption (IDE)). The second set lets the TVM\nmanage the security state of assigned devices (TEE Device Interfaces\n(TDIs)). Enable the latter with three new \u0027struct pci_tsm_ops\u0027 operations:\n\n - lock(): Transition the device to the TDISP state. In this mode\n the device is responsible for validating that it is in a secure\n configuration and will transition to the TDISP ERROR state if those\n settings are modified. Device Security Manager (DSM) and the TEE\n Security Manager (TSM) enforce that the device is not permitted to issue\n T\u003d1 traffic in this mode.\n\n - accept(): After validating device measurements, the launch state of the\n TVM, or any other pertinent information about the state of the TVM or\n TDI a relying party authorizes a device to enter the TEE. Transition the\n device to the TDISP RUN state and mark its PCI MMIO ranges as\n \"encrypted\".\n\n - unlock(): From the RUN state the only other TDISP states that can be\n moved to are ERROR or UNLOCKED. Voluntarily move the device to the\n UNLOCKED state.\n\nOnly the mechanism for these operations is included, all of the policy and\ninfrastructure to support making the \u0027accept\u0027 decision are left to\nfollow-on work.\n\nCo-developed-by: Xu Yilun \u003cyilun.xu@linux.intel.com\u003e\nSigned-off-by: Xu Yilun \u003cyilun.xu@linux.intel.com\u003e\nCo-developed-by: Aneesh Kumar K.V (Arm) \u003caneesh.kumar@kernel.org\u003e\nSigned-off-by: Aneesh Kumar K.V (Arm) \u003caneesh.kumar@kernel.org\u003e\nSigned-off-by: Dan Williams \u003cdan.j.williams@intel.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "b767db2c52cb70dec5117921176d406773375d6e", "old_mode": 33188, "old_path": "Documentation/ABI/testing/sysfs-bus-pci", "new_id": "b17f2117f6dc1de873f0c2893000e81a973b6386", "new_mode": 33188, "new_path": "Documentation/ABI/testing/sysfs-bus-pci" }, { "type": "modify", "old_id": "6fc1a5ac6da1af76e88e5be3edf1b7ce4830fe18", "old_mode": 33188, "old_path": "Documentation/ABI/testing/sysfs-class-tsm", "new_id": "d1bcc1a266cac075a35bd356aa32d16fc79ce89c", "new_mode": 33188, "new_path": "Documentation/ABI/testing/sysfs-class-tsm" }, { "type": "modify", "old_id": "00b0210e1f1de0dafb5df7fbdd4d2912319b9414", "old_mode": 33188, "old_path": "drivers/pci/Kconfig", "new_id": "378b67a259b5d3acafb314a76dce3548e077c31e", "new_mode": 33188, "new_path": "drivers/pci/Kconfig" }, { "type": "modify", "old_id": "5fdcd7f2e82075ce71bd95d5d53e2293ab615e86", "old_mode": 33188, "old_path": "drivers/pci/tsm.c", "new_id": "4827465df1925b33d4ed05fd1a180f737af820d6", "new_mode": 33188, "new_path": "drivers/pci/tsm.c" }, { "type": "modify", "old_id": "f027876a2f198746ad79f90e099b36be0ae581dd", "old_mode": 33188, "old_path": "drivers/virt/coco/tsm-core.c", "new_id": "e65ab3461d14a71acc1b294bab1a41a336f3f915", "new_mode": 33188, "new_path": "drivers/virt/coco/tsm-core.c" }, { "type": "modify", "old_id": "260b3aedd6539b44c50c7701c43e4d5e8e82ee11", "old_mode": 33188, "old_path": "include/linux/device.h", "new_id": "835847af2d657c8b7fd1003ba9795be758e136a0", "new_mode": 33188, "new_path": "include/linux/device.h" }, { "type": "modify", "old_id": "a6435aba03f9b17d6afb1b1049720cd77a363b6f", "old_mode": 33188, "old_path": "include/linux/pci-tsm.h", "new_id": "b984711fa91f7172d83c72e9a2d393a4dff676de", "new_mode": 33188, "new_path": "include/linux/pci-tsm.h" } ] }