On Tue, Mar 11, 2025 at 06:37:13PM -0700, Dan Williams wrote:
There is a use case for using TDISP and getting devices up into an ecrypted/attested state on pure bare metal without any KVM, VFIO should work in that use case too.
Are you sure you are not confusing the use case for native PCI CMA plus PCIe IDE *without* PCIe TDISP?
Oh maybe, who knows with all this complexity :\
I see there is a crossover point, once you start getting T=1 traffic then you need a KVM handle to process it, yes, but everything prior to T=0, including all the use cases with T=0 IDE, attestation and so on, still need to be working.
In other words validate device measurements over a secure session and set up link encryption, but not enable DMA to private memory. Without a cVM there is no private memory for the device to talk to in the TDISP run state, but you can certainly encrypt the PCIe link.
Right. But can you do that all without touching tdisp?
However that pretty much only gets you an extension of a secure session to a PCIe link state. It does not enable end-to-end MMIO and DMA integrity+confidentiality.
But that is the point, right? You want to bind your IDE encryption to the device attestation and get all of those things. I thought you needed some TDISP for that?
Note that to my knowledge all but the Intel TEE I/O implementation disallow routing T=0 traffic over IDE.
I'm not sure that will hold up long term, I hear alot of people talking about using IDE to solve all kinds of PCI problems that have nothing to do with CC.
The uapi proposed in the PCI/TSM series [1] is all about the setup of PCI CMA + PCIe IDE without KVM as a precuror to all the VFIO + KVM + IOMMUFD work needed to get the TDI able to publish private MMIO and DMA to private memory.
That seems reasonable
Jason