Linux 6.19 brings exciting new features, including PCIe link encryption and device authentication, along with AMD SEV-TIO support. This merge is a significant development for the Linux kernel, enhancing security and performance.
The pull request, sent by Dan Williams of Intel, focuses on establishing a new PCI infrastructure for PCIe link encryption and device authentication. The initial implementation is AMD SEV-TIO for Trusted I/O support, which is a result of collaboration among multiple vendors.
PCIe link encryption is made possible through a combination of protocols and technologies. Link Integrity and Data Encryption (IDE) ensures secure key installation at both ends of a link, utilizing Data Object Exchange (DOE) mailboxes and PCI configuration requests. The key innovation lies in the coordination of this process through a Trusted Execution Environment (TEE) Security Manager (TSM). This TSM can be either firmware in a coprocessor (AMD SEV-TIO) or quasi-hypervisor software (Intel TDX Connect / ARM CCA) in a protected CPU mode.
The primary benefit of using a TSM is the ability for a confidential VM to request device certification directly from the TSM. This approach ensures that host Linux, operating outside the VM's trust domain, cannot provision its own keys. Interestingly, most architectures lack a mechanism for OSs to establish keys in the root port, making TSM-established link encryption the preferred cross-architecture solution.
The acceptance of this pull request enables other architectures to follow suit in v6.20/v7.0, once they address certain dependencies. It also paves the way for the next phase of work, which involves implementing the end-to-end flow of confidential device assignment, known as the PCIe specification's TEE Device Interface Security Protocol (TDISP).
In the meantime, Linux gains a link encryption facility that offers practical advantages similar to memory encryption. It authenticates devices using certificates and provides protection against interposer attacks that attempt to capture clear-text PCIe traffic.
This is just the beginning, and further code contributions are expected for the Linux 6.20~7.0 cycle. The initial 4K lines of code and sysfs interface documentation related to the TEE Security Manager can be explored in the merge commit. AMD SEV-TIO is currently supported on AMD EPYC 9005 'Turin' platforms, enabling PCIe device protection for NICs, accelerators, storage, and more as part of the TEE Device Interface Security Protocol.
