xref: /linux-6.15/include/linux/tsm.h (revision 20dfee95) 
1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef __TSM_H
3 #define __TSM_H
4 
5 #include <linux/sizes.h>
6 #include <linux/types.h>
7 
8 #define TSM_INBLOB_MAX 64
9 #define TSM_OUTBLOB_MAX SZ_32K
10 
11 /*
12  * Privilege level is a nested permission concept to allow confidential
13  * guests to partition address space, 4-levels are supported.
14  */
15 #define TSM_PRIVLEVEL_MAX 3
16 
17 /**
18  * struct tsm_desc - option descriptor for generating tsm report blobs
19  * @privlevel: optional privilege level to associate with @outblob
20  * @inblob_len: sizeof @inblob
21  * @inblob: arbitrary input data
22  */
23 struct tsm_desc {
24 	unsigned int privlevel;
25 	size_t inblob_len;
26 	u8 inblob[TSM_INBLOB_MAX];
27 };
28 
29 /**
30  * struct tsm_report - track state of report generation relative to options
31  * @desc: input parameters to @report_new()
32  * @outblob_len: sizeof(@outblob)
33  * @outblob: generated evidence to provider to the attestation agent
34  * @auxblob_len: sizeof(@auxblob)
35  * @auxblob: (optional) auxiliary data to the report (e.g. certificate data)
36  */
37 struct tsm_report {
38 	struct tsm_desc desc;
39 	size_t outblob_len;
40 	u8 *outblob;
41 	size_t auxblob_len;
42 	u8 *auxblob;
43 };
44 
45 /**
46  * enum tsm_attr_index - index used to reference report attributes
47  * @TSM_REPORT_GENERATION: index of the report generation number attribute
48  * @TSM_REPORT_PROVIDER: index of the provider name attribute
49  * @TSM_REPORT_PRIVLEVEL: index of the desired privilege level attribute
50  * @TSM_REPORT_PRIVLEVEL_FLOOR: index of the minimum allowed privileg level attribute
51  */
52 enum tsm_attr_index {
53 	TSM_REPORT_GENERATION,
54 	TSM_REPORT_PROVIDER,
55 	TSM_REPORT_PRIVLEVEL,
56 	TSM_REPORT_PRIVLEVEL_FLOOR,
57 };
58 
59 /**
60  * enum tsm_bin_attr_index - index used to reference binary report attributes
61  * @TSM_REPORT_INBLOB: index of the binary report input attribute
62  * @TSM_REPORT_OUTBLOB: index of the binary report output attribute
63  * @TSM_REPORT_AUXBLOB: index of the binary auxiliary data attribute
64  */
65 enum tsm_bin_attr_index {
66 	TSM_REPORT_INBLOB,
67 	TSM_REPORT_OUTBLOB,
68 	TSM_REPORT_AUXBLOB,
69 };
70 
71 /**
72  * struct tsm_ops - attributes and operations for tsm instances
73  * @name: tsm id reflected in /sys/kernel/config/tsm/report/$report/provider
74  * @privlevel_floor: convey base privlevel for nested scenarios
75  * @report_new: Populate @report with the report blob and auxblob
76  * (optional), return 0 on successful population, or -errno otherwise
77  * @report_attr_visible: show or hide a report attribute entry
78  * @report_bin_attr_visible: show or hide a report binary attribute entry
79  *
80  * Implementation specific ops, only one is expected to be registered at
81  * a time i.e. only one of "sev-guest", "tdx-guest", etc.
82  */
83 struct tsm_ops {
84 	const char *name;
85 	unsigned int privlevel_floor;
86 	int (*report_new)(struct tsm_report *report, void *data);
87 	bool (*report_attr_visible)(int n);
88 	bool (*report_bin_attr_visible)(int n);
89 };
90 
91 int tsm_register(const struct tsm_ops *ops, void *priv);
92 int tsm_unregister(const struct tsm_ops *ops);
93 #endif /* __TSM_H */
94