Expand description
TDISP is a standardized interface for end-to-end encryption and attestation of trusted assigned devices to confidential/isolated partitions. This crate implements structures and interfaces for the host and guest to prepare and assign trusted devices. Examples of technologies that implement TDISP include:
- Intel® TDX Connect
- AMD® SEV-TIO
This crate is primarily used to implement the host side of the guest-to-host interface for TDISP as well as the serialization of guest-to-host commands for both the host and HCL.
These structures and interfaces are used by the host virtualization stack to prepare and assign trusted devices to guest partitions.
The host is responsible for dispatching guest commands to this machinery by
creating a TdispHostDeviceTargetEmulator and calling through appropriate
trait methods to pass guest commands received from the guest to the emulator.
This crate will handle incoming guest message structs and manage the state transitions
of the TDISP device and ensure valid transitions are made. Once a valid transition is made, the
TdispHostDeviceTargetEmulator will call back into the host through the
TdispHostDeviceInterface trait to allow the host to perform platform actions
such as binding the device to a guest partition or retrieving attestation reports.
It is the responsibility of the host to provide a TdispHostDeviceInterface
implementation that performs the necessary platform actions.
Modules§
- devicereport
- Serialization code from PCI standard structures reported from the TDISP device directly.
- serialize_
proto - Protobuf serialization of guest commands and responses.
Protobuf serialization of TDISP guest-to-host commands and responses using
the types defined in [
tdisp_proto]. - test_
helpers - Mocks for the host interface and the emulator.
Structs§
- Guest
ToHost Command - Represents a TDISP command sent from the guest to the host. The active
variant of
commandidentifies the command type and carries any payload specific to that command. - Guest
ToHost Response - Represents a response from a TDISP command sent to the host by a guest. The
active variant of
responseidentifies the command that was processed and carries any payload returned by that command. - Tdisp
Command Response Bind - Response to TdispCommandRequestBind. Carries no payload.
- Tdisp
Command Response GetDevice Interface Info - Response to TdispCommandRequestGetDeviceInterfaceInfo.
- Tdisp
Command Response GetTdi Report - Response to TdispCommandRequestGetTdiReport.
- Tdisp
Command Response Start Tdi - Response to TdispCommandRequestStartTdi. Carries no payload.
- Tdisp
Command Response Unbind - Response to TdispCommandRequestUnbind. Carries no payload.
- Tdisp
Device Interface Info - Represents the TDISP device interface information, such as the version and supported features.
- Tdisp
Host Device Target Emulator - An emulator which runs the TDISP state machine for a synthetic device.
- Tdisp
Host State Machine - The state machine for the TDISP assignment flow for a device on the host. Both the guest and host synchronize this state machine with each other as they move through the assignment flow.
Enums§
- Command
- The command and its payload. Exactly one variant must be set.
- Response
- The response and its payload. Exactly one variant must be set.
- Tdisp
Guest Operation Error - Error returned by TDISP operations dispatched by the guest.
- Tdisp
Guest Operation Error Code - Error code returned by TDISP operations dispatched by the guest. Corresponds to TdispGuestOperationErrorCode in lib.rs.
- Tdisp
Guest Protocol Type - Represents the type of CVM technology the guest requests to use. As new features are added by respective OEMs, this enum will be extended if these protocols change.
- Tdisp
Guest Unbind Reason - For a guest-initiated unbind, the guest can provide a reason.
- Tdisp
Report Type - Represents a type of report that can be requested from the TDI (VF).
- Tdisp
TdiState - Represents the state of the TDISP host device emulator.
- Tdisp
Unbind Reason - The reason for an
Unbindcall. This can be guest or host initiated.Unbindcan be called any time during the assignment flow. This is used for telemetry and debugging.
Traits§
- Guest
ToHost Command Ext - Guest
ToHost Response Ext - Provides helper methods for common operations on
GuestToHostResponse. - Tdisp
Client Device - Trait implemented by TDISP-capable devices on the client side. This includes devices that are assigned to isolated partitions other than the host.
- Tdisp
Guest Request Interface - Represents an interface by which guest commands can be dispatched to a backing TDISP state handler in the host. This could be an emulated TDISP device or an assigned TDISP device that is actually connected to the guest.
- Tdisp
Host Device Interface - Describes the interface that host software should implement to provide TDISP functionality for a device. These interfaces might dispatch to a physical device, or might be implemented by a software emulator.
- Tdisp
Host Device Target - Trait added to host virtual devices to dispatch TDISP commands from guests.
Type Aliases§
- Tdisp
Command Callback - Callback for receiving TDISP commands from the guest.