diff options
| author | Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> | 2026-02-10 16:17:12 -0800 |
|---|---|---|
| committer | Dan Williams <dan.j.williams@intel.com> | 2026-02-10 18:24:09 -0800 |
| commit | 43185067c6fd55b548ecb648a69d9569fcf622b5 (patch) | |
| tree | e496fc0c348fb326d3a859e3d069e1cfb60826d7 | |
| parent | 9342bf3d670b1b3d3cfc77a9dc1cd0d6574e5cc6 (diff) | |
configfs-tsm-report: tdx_guest: Increase Quote buffer size to 128KB
Intel platforms are transitioning from traditional SGX-based
attestation toward DICE-based attestation as part of a broader move
toward open and standardized attestation models. DICE enables layered
and extensible attestation, where evidence is accumulated across
multiple boot stages.
With SGX-based attestation, Quote sizes are typically under 8KB, as the
payload consists primarily of Quote data and a small certificate bundle.
Existing TDX guest code sizes the Quote buffer accordingly.
DICE-based attestation produces significantly larger Quotes due to the
inclusion of evidence (certificate chains) from multiple boot layers.
The cumulative Quote size can reach approximately 100KB.
Increase GET_QUOTE_BUF_SIZE to 128KB to ensure sufficient buffer
capacity for DICE-based Quote payloads.
Reviewed-by: Fang Peter <peter.fang@intel.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Link: https://patch.msgid.link/20260211001712.1531955-4-sathyanarayanan.kuppuswamy@linux.intel.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
| -rw-r--r-- | Documentation/ABI/testing/configfs-tsm-report | 4 | ||||
| -rw-r--r-- | drivers/virt/coco/tdx-guest/tdx-guest.c | 4 |
2 files changed, 7 insertions, 1 deletions
diff --git a/Documentation/ABI/testing/configfs-tsm-report b/Documentation/ABI/testing/configfs-tsm-report index ca3352cfd2f1..7a6a5045a7d5 100644 --- a/Documentation/ABI/testing/configfs-tsm-report +++ b/Documentation/ABI/testing/configfs-tsm-report @@ -73,6 +73,10 @@ Description: Library Revision 0.8 Appendix 4,5 https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf + Intel TDX platforms with DICE-based attestation use CBOR Web Token + (CWT) format for the Quote payload. This is indicated by the Quote + size exceeding 8KB. + What: /sys/kernel/config/tsm/report/$name/generation Date: September, 2023 KernelVersion: v6.7 diff --git a/drivers/virt/coco/tdx-guest/tdx-guest.c b/drivers/virt/coco/tdx-guest/tdx-guest.c index 4e239ec960c9..4252b147593a 100644 --- a/drivers/virt/coco/tdx-guest/tdx-guest.c +++ b/drivers/virt/coco/tdx-guest/tdx-guest.c @@ -160,8 +160,10 @@ static void tdx_mr_deinit(const struct attribute_group *mr_grp) /* * Intel's SGX QE implementation generally uses Quote size less * than 8K (2K Quote data + ~5K of certificate blob). + * DICE-based attestation uses layered evidence that requires + * larger Quote size (~100K). */ -#define GET_QUOTE_BUF_SIZE SZ_8K +#define GET_QUOTE_BUF_SIZE SZ_128K #define GET_QUOTE_CMD_VER 1 |