| What: /sys/kernel/config/tsm/report/$name/inblob |
| Date: September, 2023 |
| KernelVersion: v6.7 |
| Contact: linux-coco@lists.linux.dev |
| Description: |
| (WO) Up to 64 bytes of user specified binary data. For replay |
| protection this should include a nonce, but the kernel does not |
| place any restrictions on the content. |
| |
| What: /sys/kernel/config/tsm/report/$name/outblob |
| Date: September, 2023 |
| KernelVersion: v6.7 |
| Contact: linux-coco@lists.linux.dev |
| Description: |
| (RO) Binary attestation report generated from @inblob and other |
| options The format of the report is implementation specific |
| where the implementation is conveyed via the @provider |
| attribute. |
| |
| What: /sys/kernel/config/tsm/report/$name/auxblob |
| Date: October, 2023 |
| KernelVersion: v6.7 |
| Contact: linux-coco@lists.linux.dev |
| Description: |
| (RO) Optional supplemental data that a TSM may emit, visibility |
| of this attribute depends on TSM, and may be empty if no |
| auxiliary data is available. |
| |
| When @provider is "sev_guest" this file contains the |
| "cert_table" from SEV-ES Guest-Hypervisor Communication Block |
| Standardization v2.03 Section 4.1.8.1 MSG_REPORT_REQ. |
| https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf |
| |
| What: /sys/kernel/config/tsm/report/$name/provider |
| Date: September, 2023 |
| KernelVersion: v6.7 |
| Contact: linux-coco@lists.linux.dev |
| Description: |
| (RO) A name for the format-specification of @outblob like |
| "sev_guest" [1] or "tdx_guest" [2] in the near term, or a |
| common standard format in the future. |
| |
| [1]: SEV Secure Nested Paging Firmware ABI Specification |
| Revision 1.55 Table 22 |
| https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56860.pdf |
| |
| [2]: Intel® Trust Domain Extensions Data Center Attestation |
| Primitives : Quote Generation Library and Quote Verification |
| Library Revision 0.8 Appendix 4,5 |
| https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf |
| |
| What: /sys/kernel/config/tsm/report/$name/generation |
| Date: September, 2023 |
| KernelVersion: v6.7 |
| Contact: linux-coco@lists.linux.dev |
| Description: |
| (RO) The value in this attribute increments each time @inblob or |
| any option is written. Userspace can detect conflicts by |
| checking generation before writing to any attribute and making |
| sure the number of writes matches expectations after reading |
| @outblob, or it can prevent conflicts by creating a report |
| instance per requesting context. |
| |
| What: /sys/kernel/config/tsm/report/$name/privlevel |
| Date: September, 2023 |
| KernelVersion: v6.7 |
| Contact: linux-coco@lists.linux.dev |
| Description: |
| (WO) Attribute is visible if a TSM implementation provider |
| supports the concept of attestation reports for TVMs running at |
| different privilege levels, like SEV-SNP "VMPL", specify the |
| privilege level via this attribute. The minimum acceptable |
| value is conveyed via @privlevel_floor and the maximum |
| acceptable value is TSM_PRIVLEVEL_MAX (3). |
| |
| What: /sys/kernel/config/tsm/report/$name/privlevel_floor |
| Date: September, 2023 |
| KernelVersion: v6.7 |
| Contact: linux-coco@lists.linux.dev |
| Description: |
| (RO) Indicates the minimum permissible value that can be written |
| to @privlevel. |
