Public bug reported:
[Impact]
Intel has requested to support the TDX (trust domain extension) guest
attestation driver interface. In a TDX guest "attestation" is used to
verify the trustworthiness of a TD (trusted domain) before provisioning
secrets to the TD (i.e, encrypted keys to mount an encrypted rootfs,
etc.).
During the TD boot the initial contents and configurations are recorded
by the Intel TDX module in the build time measurement register (MRTD).
At TD runtime, the Intel TDX module reuses the Intel SGX attestation
infrastructure to provide support for attesting to these information.
This driver is targeting 6.x upstream, so we need to backport the
upstream patches as SAUCE patches to properly support this feature in
5.19.
[Fix]
Backport upstream TDX attestation driver.
[Test case]
Tests have been performed by IBM, a test-case is included in the patch
set as a kernel selftest (called 'tdx').
TODO: consider to integrate this test in our testing infrastructure once
this feature has been merged.
[Regression potential]
This feature is self-contained, it's only available on amd64 and it
doesn't affect any other amd64 code. So we could only experience
regressions on amd64 systems that are using the TDX feature.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu Kinetic)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Kinetic)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1988120
Title:
Support Intel TDX guest attestation driver
Status in linux package in Ubuntu:
New
Status in linux source package in Kinetic:
New
Bug description:
[Impact]
Intel has requested to support the TDX (trust domain extension) guest
attestation driver interface. In a TDX guest "attestation" is used to
verify the trustworthiness of a TD (trusted domain) before
provisioning secrets to the TD (i.e, encrypted keys to mount an
encrypted rootfs, etc.).
During the TD boot the initial contents and configurations are
recorded by the Intel TDX module in the build time measurement
register (MRTD). At TD runtime, the Intel TDX module reuses the Intel
SGX attestation infrastructure to provide support for attesting to
these information.
This driver is targeting 6.x upstream, so we need to backport the
upstream patches as SAUCE patches to properly support this feature in
5.19.
[Fix]
Backport upstream TDX attestation driver.
[Test case]
Tests have been performed by IBM, a test-case is included in the patch
set as a kernel selftest (called 'tdx').
TODO: consider to integrate this test in our testing infrastructure
once this feature has been merged.
[Regression potential]
This feature is self-contained, it's only available on amd64 and it
doesn't affect any other amd64 code. So we could only experience
regressions on amd64 systems that are using the TDX feature.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1988120/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
