What: /sys/kernel/config/tsm/report/$name/inblob Date: September, 2023 KernelVersion: v6.7 Contact: linux-coco@lists.linux.dev Description: (WO) Up to 64 bytes of user specified binary data. For replay protection this should include a nonce, but the kernel does not place any restrictions on the content. What: /sys/kernel/config/tsm/report/$name/outblob Date: September, 2023 KernelVersion: v6.7 Contact: linux-coco@lists.linux.dev Description: (RO) Binary attestation report generated from @inblob and other options The format of the report is implementation specific where the implementation is conveyed via the @provider attribute. What: /sys/kernel/config/tsm/report/$name/auxblob Date: October, 2023 KernelVersion: v6.7 Contact: linux-coco@lists.linux.dev Description: (RO) Optional supplemental data that a TSM may emit, visibility of this attribute depends on TSM, and may be empty if no auxiliary data is available. When @provider is "sev_guest" this file contains the "cert_table" from SEV-ES Guest-Hypervisor Communication Block Standardization v2.03 Section 4.1.8.1 MSG_REPORT_REQ. https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf What: /sys/kernel/config/tsm/report/$name/provider Date: September, 2023 KernelVersion: v6.7 Contact: linux-coco@lists.linux.dev Description: (RO) A name for the format-specification of @outblob like "sev_guest" [1] or "tdx_guest" [2] in the near term, or a common standard format in the future. [1]: SEV Secure Nested Paging Firmware ABI Specification Revision 1.55 Table 22 https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56860.pdf [2]: IntelĀ® Trust Domain Extensions Data Center Attestation Primitives : Quote Generation Library and Quote Verification Library Revision 0.8 Appendix 4,5 https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf What: /sys/kernel/config/tsm/report/$name/generation Date: September, 2023 KernelVersion: v6.7 Contact: linux-coco@lists.linux.dev Description: (RO) The value in this attribute increments each time @inblob or any option is written. Userspace can detect conflicts by checking generation before writing to any attribute and making sure the number of writes matches expectations after reading @outblob, or it can prevent conflicts by creating a report instance per requesting context. What: /sys/kernel/config/tsm/report/$name/privlevel Date: September, 2023 KernelVersion: v6.7 Contact: linux-coco@lists.linux.dev Description: (WO) Attribute is visible if a TSM implementation provider supports the concept of attestation reports for TVMs running at different privilege levels, like SEV-SNP "VMPL", specify the privilege level via this attribute. The minimum acceptable value is conveyed via @privlevel_floor and the maximum acceptable value is TSM_PRIVLEVEL_MAX (3). What: /sys/kernel/config/tsm/report/$name/privlevel_floor Date: September, 2023 KernelVersion: v6.7 Contact: linux-coco@lists.linux.dev Description: (RO) Indicates the minimum permissible value that can be written to @privlevel.