1 What: /sys/kernel/config/tsm/report/ 1 What: /sys/kernel/config/tsm/report/$name/inblob
2 Date: September, 2023 2 Date: September, 2023
3 KernelVersion: v6.7 3 KernelVersion: v6.7
4 Contact: linux-coco@lists.linux.dev 4 Contact: linux-coco@lists.linux.dev
5 Description: 5 Description:
6 (WO) Up to 64 bytes of user sp 6 (WO) Up to 64 bytes of user specified binary data. For replay
7 protection this should include 7 protection this should include a nonce, but the kernel does not
8 place any restrictions on the 8 place any restrictions on the content.
9 9
10 What: /sys/kernel/config/tsm/report/ 10 What: /sys/kernel/config/tsm/report/$name/outblob
11 Date: September, 2023 11 Date: September, 2023
12 KernelVersion: v6.7 12 KernelVersion: v6.7
13 Contact: linux-coco@lists.linux.dev 13 Contact: linux-coco@lists.linux.dev
14 Description: 14 Description:
15 (RO) Binary attestation report 15 (RO) Binary attestation report generated from @inblob and other
16 options The format of the repo 16 options The format of the report is implementation specific
17 where the implementation is co 17 where the implementation is conveyed via the @provider
18 attribute. 18 attribute.
19 19
20 What: /sys/kernel/config/tsm/report/ 20 What: /sys/kernel/config/tsm/report/$name/auxblob
21 Date: October, 2023 21 Date: October, 2023
22 KernelVersion: v6.7 22 KernelVersion: v6.7
23 Contact: linux-coco@lists.linux.dev 23 Contact: linux-coco@lists.linux.dev
24 Description: 24 Description:
25 (RO) Optional supplemental dat 25 (RO) Optional supplemental data that a TSM may emit, visibility
26 of this attribute depends on T 26 of this attribute depends on TSM, and may be empty if no
27 auxiliary data is available. 27 auxiliary data is available.
28 28
29 When @provider is "sev_guest" 29 When @provider is "sev_guest" this file contains the
30 "cert_table" from SEV-ES Guest 30 "cert_table" from SEV-ES Guest-Hypervisor Communication Block
31 Standardization v2.03 Section 31 Standardization v2.03 Section 4.1.8.1 MSG_REPORT_REQ.
32 https://www.amd.com/content/da 32 https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf
33 33
34 What: /sys/kernel/config/tsm/report/ <<
35 Date: January, 2024 <<
36 KernelVersion: v6.10 <<
37 Contact: linux-coco@lists.linux.dev <<
38 Description: <<
39 (RO) Optional supplemental dat <<
40 of this attribute depends on T <<
41 manifest data is available. <<
42 <<
43 See 'service_provider' for inf <<
44 manifest blob. <<
45 <<
46 What: /sys/kernel/config/tsm/report/ 34 What: /sys/kernel/config/tsm/report/$name/provider
47 Date: September, 2023 35 Date: September, 2023
48 KernelVersion: v6.7 36 KernelVersion: v6.7
49 Contact: linux-coco@lists.linux.dev 37 Contact: linux-coco@lists.linux.dev
50 Description: 38 Description:
51 (RO) A name for the format-spe 39 (RO) A name for the format-specification of @outblob like
52 "sev_guest" [1] or "tdx_guest" 40 "sev_guest" [1] or "tdx_guest" [2] in the near term, or a
53 common standard format in the 41 common standard format in the future.
54 42
55 [1]: SEV Secure Nested Paging 43 [1]: SEV Secure Nested Paging Firmware ABI Specification
56 Revision 1.55 Table 22 44 Revision 1.55 Table 22
57 https://www.amd.com/content/da 45 https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56860.pdf
58 46
59 [2]: IntelĀ® Trust Domain Exte 47 [2]: IntelĀ® Trust Domain Extensions Data Center Attestation
60 Primitives : Quote Generation 48 Primitives : Quote Generation Library and Quote Verification
61 Library Revision 0.8 Appendix 49 Library Revision 0.8 Appendix 4,5
62 https://download.01.org/intel- 50 https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf
63 51
64 What: /sys/kernel/config/tsm/report/ 52 What: /sys/kernel/config/tsm/report/$name/generation
65 Date: September, 2023 53 Date: September, 2023
66 KernelVersion: v6.7 54 KernelVersion: v6.7
67 Contact: linux-coco@lists.linux.dev 55 Contact: linux-coco@lists.linux.dev
68 Description: 56 Description:
69 (RO) The value in this attribu 57 (RO) The value in this attribute increments each time @inblob or
70 any option is written. Userspa 58 any option is written. Userspace can detect conflicts by
71 checking generation before wri 59 checking generation before writing to any attribute and making
72 sure the number of writes matc 60 sure the number of writes matches expectations after reading
73 @outblob, or it can prevent co 61 @outblob, or it can prevent conflicts by creating a report
74 instance per requesting contex 62 instance per requesting context.
75 63
76 What: /sys/kernel/config/tsm/report/ 64 What: /sys/kernel/config/tsm/report/$name/privlevel
77 Date: September, 2023 65 Date: September, 2023
78 KernelVersion: v6.7 66 KernelVersion: v6.7
79 Contact: linux-coco@lists.linux.dev 67 Contact: linux-coco@lists.linux.dev
80 Description: 68 Description:
81 (WO) Attribute is visible if a 69 (WO) Attribute is visible if a TSM implementation provider
82 supports the concept of attest 70 supports the concept of attestation reports for TVMs running at
83 different privilege levels, li 71 different privilege levels, like SEV-SNP "VMPL", specify the
84 privilege level via this attri 72 privilege level via this attribute. The minimum acceptable
85 value is conveyed via @privlev 73 value is conveyed via @privlevel_floor and the maximum
86 acceptable value is TSM_PRIVLE 74 acceptable value is TSM_PRIVLEVEL_MAX (3).
87 75
88 What: /sys/kernel/config/tsm/report/ 76 What: /sys/kernel/config/tsm/report/$name/privlevel_floor
89 Date: September, 2023 77 Date: September, 2023
90 KernelVersion: v6.7 78 KernelVersion: v6.7
91 Contact: linux-coco@lists.linux.dev 79 Contact: linux-coco@lists.linux.dev
92 Description: 80 Description:
93 (RO) Indicates the minimum per 81 (RO) Indicates the minimum permissible value that can be written
94 to @privlevel. 82 to @privlevel.
95 <<
96 What: /sys/kernel/config/tsm/report/ <<
97 Date: January, 2024 <<
98 KernelVersion: v6.10 <<
99 Contact: linux-coco@lists.linux.dev <<
100 Description: <<
101 (WO) Attribute is visible if a <<
102 supports the concept of attest <<
103 provider for TVMs, like SEV-SN <<
104 Specifying the service provide <<
105 an attestation report as speci <<
106 The only currently supported s <<
107 <<
108 For the "svsm" service provide <<
109 for SEV-SNP Guests v1.00 Secti <<
110 "site:amd.com "Secure VM Servi <<
111 Guests", docID: 58019" <<
112 <<
113 What: /sys/kernel/config/tsm/report/ <<
114 Date: January, 2024 <<
115 KernelVersion: v6.10 <<
116 Contact: linux-coco@lists.linux.dev <<
117 Description: <<
118 (WO) Attribute is visible if a <<
119 supports the concept of attest <<
120 provider for TVMs, like SEV-SN <<
121 Specifying an empty/null GUID <<
122 requests all active services w <<
123 part of the attestation report <<
124 an attestation report of just <<
125 manifest form specified by the <<
126 attribute. <<
127 <<
128 See 'service_provider' for inf <<
129 service guid. <<
130 <<
131 What: /sys/kernel/config/tsm/report/ <<
132 Date: January, 2024 <<
133 KernelVersion: v6.10 <<
134 Contact: linux-coco@lists.linux.dev <<
135 Description: <<
136 (WO) Attribute is visible if a <<
137 supports the concept of attest <<
138 provider for TVMs, like SEV-SN <<
139 Indicates the service manifest <<
140 attestation report (default 0) <<
141 the user, the default manifest <<
142 service's initial/first manife <<
143 <<
144 See 'service_provider' for inf <<
145 service manifest version. <<
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.