Skip to content

Commit 4318506

Browse files
Kuppuswamy Sathyanarayanandjbw
Kuppuswamy Sathyanarayanan
authored and
djbw
committed
configfs-tsm-report: tdx_guest: Increase Quote buffer size to 128KB
Intel platforms are transitioning from traditional SGX-based attestation toward DICE-based attestation as part of a broader move toward open and standardized attestation models. DICE enables layered and extensible attestation, where evidence is accumulated across multiple boot stages. With SGX-based attestation, Quote sizes are typically under 8KB, as the payload consists primarily of Quote data and a small certificate bundle. Existing TDX guest code sizes the Quote buffer accordingly. DICE-based attestation produces significantly larger Quotes due to the inclusion of evidence (certificate chains) from multiple boot layers. The cumulative Quote size can reach approximately 100KB. Increase GET_QUOTE_BUF_SIZE to 128KB to ensure sufficient buffer capacity for DICE-based Quote payloads. Reviewed-by: Fang Peter <peter.fang@intel.com> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> Link: https://patch.msgid.link/20260211001712.1531955-4-sathyanarayanan.kuppuswamy@linux.intel.com Signed-off-by: Dan Williams <dan.j.williams@intel.com>
1 parent 9342bf3 commit 4318506

2 files changed

Lines changed: 7 additions & 1 deletion

File tree

Documentation/ABI/testing/configfs-tsm-report

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,10 @@ Description:
7373
Library Revision 0.8 Appendix 4,5
7474
https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf
7575

76+
Intel TDX platforms with DICE-based attestation use CBOR Web Token
77+
(CWT) format for the Quote payload. This is indicated by the Quote
78+
size exceeding 8KB.
79+
7680
What: /sys/kernel/config/tsm/report/$name/generation
7781
Date: September, 2023
7882
KernelVersion: v6.7

drivers/virt/coco/tdx-guest/tdx-guest.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -160,8 +160,10 @@ static void tdx_mr_deinit(const struct attribute_group *mr_grp)
160160
/*
161161
* Intel's SGX QE implementation generally uses Quote size less
162162
* than 8K (2K Quote data + ~5K of certificate blob).
163+
* DICE-based attestation uses layered evidence that requires
164+
* larger Quote size (~100K).
163165
*/
164-
#define GET_QUOTE_BUF_SIZE SZ_8K
166+
#define GET_QUOTE_BUF_SIZE SZ_128K
165167

166168
#define GET_QUOTE_CMD_VER 1
167169

0 commit comments

Comments
 (0)