1 What: /sys/kernel/config/tsm/report/$name/inblob
4 Contact: linux-coco@lists.linux.dev
6 (WO) Up to 64 bytes of user specified binary data. For replay
7 protection this should include a nonce, but the kernel does not
8 place any restrictions on the content.
10 What: /sys/kernel/config/tsm/report/$name/outblob
13 Contact: linux-coco@lists.linux.dev
15 (RO) Binary attestation report generated from @inblob and other
16 options The format of the report is implementation specific
17 where the implementation is conveyed via the @provider
20 What: /sys/kernel/config/tsm/report/$name/auxblob
23 Contact: linux-coco@lists.linux.dev
25 (RO) Optional supplemental data that a TSM may emit, visibility
26 of this attribute depends on TSM, and may be empty if no
27 auxiliary data is available.
29 When @provider is "sev_guest" this file contains the
30 "cert_table" from SEV-ES Guest-Hypervisor Communication Block
31 Standardization v2.03 Section 4.1.8.1 MSG_REPORT_REQ.
32 https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf
34 What: /sys/kernel/config/tsm/report/$name/provider
37 Contact: linux-coco@lists.linux.dev
39 (RO) A name for the format-specification of @outblob like
40 "sev_guest" [1] or "tdx_guest" [2] in the near term, or a
41 common standard format in the future.
43 [1]: SEV Secure Nested Paging Firmware ABI Specification
44 Revision 1.55 Table 22
45 https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56860.pdf
47 [2]: IntelĀ® Trust Domain Extensions Data Center Attestation
48 Primitives : Quote Generation Library and Quote Verification
49 Library Revision 0.8 Appendix 4,5
50 https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf
52 What: /sys/kernel/config/tsm/report/$name/generation
55 Contact: linux-coco@lists.linux.dev
57 (RO) The value in this attribute increments each time @inblob or
58 any option is written. Userspace can detect conflicts by
59 checking generation before writing to any attribute and making
60 sure the number of writes matches expectations after reading
61 @outblob, or it can prevent conflicts by creating a report
62 instance per requesting context.
64 What: /sys/kernel/config/tsm/report/$name/privlevel
67 Contact: linux-coco@lists.linux.dev
69 (WO) Attribute is visible if a TSM implementation provider
70 supports the concept of attestation reports for TVMs running at
71 different privilege levels, like SEV-SNP "VMPL", specify the
72 privilege level via this attribute. The minimum acceptable
73 value is conveyed via @privlevel_floor and the maximum
74 acceptable value is TSM_PRIVLEVEL_MAX (3).
76 What: /sys/kernel/config/tsm/report/$name/privlevel_floor
79 Contact: linux-coco@lists.linux.dev
81 (RO) Indicates the minimum permissible value that can be written