This bug is missing log files that will aid in diagnosing the problem.
While running an Ubuntu kernel (not a mainline or third-party kernel)
please enter the following command in a terminal window:
apport-collect 2009437
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable
to run this command, please add a comment stating that fact and change
the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the
Ubuntu Kernel Team.
** Changed in: linux (Ubuntu)
Status: New => Incomplete
** Changed in: linux (Ubuntu Kinetic)
Status: New => Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2009437
Title:
apply the latest TDX attestation driver from Intel
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Kinetic:
Incomplete
Bug description:
[Impact]
TDX guest attestation has been merged as SAUCE patches in the kinetic
kernel with the following commits:
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/kinetic/commit/?h=master-next&id=285d6d8136ebadcee7fd6452b9e4223996a2a0af
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/kinetic/commit/?h=master-next&id=0b78a71c7d7630ab7c3c8a03cbe4f78f1361fb45
However, Intel released a new TDX attestation driver that will be
submitted upstream. We should align with the new version that will
likely end upstream.
See also LP: #1971027
[Test case]
Testing this feature requires a special hardware in the host, special
firmware and special configuration of a guest. Right now it can only
be tested by Intel.
[Fix]
Apply the new driver provided by Intel in LP: #1971027.
[Regression potential]
The new driver can potentially break user-space applications that are
relying on the TDX attestation feature. This is because of this struct
(used in the user-space/kernel communication, via ioctl):
+ * Used in TDX_CMD_GET_REPORT IOCTL request.
+ */
+struct tdx_report_req {
+ __u8 subtype;
+ __u64 reportdata;
+ __u32 rpd_len;
+ __u64 tdreport;
+ __u32 tdr_len;
+};
The new patch changed the struct as following:
+struct tdx_report_req {
+ __u8 reportdata[TDX_REPORTDATA_LEN];
+ __u8 tdreport[TDX_REPORT_LEN];
+};
In general we should never apply changes that are breaking user-space like
this (especially for non-devel kernels), but realistically we can probably say
that nobody is using this feature yet, so nobody has any user-space program
that is relying on the old struct (and if they do,
they're probably in touch with Intel, so they're aware of this change).
In conclusion, this change should be considered pretty safe, despite
the potential user-space brekage.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2009437/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
