From 43185067c6fd55b548ecb648a69d9569fcf622b5 Mon Sep 17 00:00:00 2001 From: Kuppuswamy Sathyanarayanan Date: Tue, 10 Feb 2026 16:17:12 -0800 Subject: configfs-tsm-report: tdx_guest: Increase Quote buffer size to 128KB Intel platforms are transitioning from traditional SGX-based attestation toward DICE-based attestation as part of a broader move toward open and standardized attestation models. DICE enables layered and extensible attestation, where evidence is accumulated across multiple boot stages. With SGX-based attestation, Quote sizes are typically under 8KB, as the payload consists primarily of Quote data and a small certificate bundle. Existing TDX guest code sizes the Quote buffer accordingly. DICE-based attestation produces significantly larger Quotes due to the inclusion of evidence (certificate chains) from multiple boot layers. The cumulative Quote size can reach approximately 100KB. Increase GET_QUOTE_BUF_SIZE to 128KB to ensure sufficient buffer capacity for DICE-based Quote payloads. Reviewed-by: Fang Peter Signed-off-by: Kuppuswamy Sathyanarayanan Link: https://patch.msgid.link/20260211001712.1531955-4-sathyanarayanan.kuppuswamy@linux.intel.com Signed-off-by: Dan Williams --- drivers/virt/coco/tdx-guest/tdx-guest.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'drivers/virt') diff --git a/drivers/virt/coco/tdx-guest/tdx-guest.c b/drivers/virt/coco/tdx-guest/tdx-guest.c index 4e239ec960c9..4252b147593a 100644 --- a/drivers/virt/coco/tdx-guest/tdx-guest.c +++ b/drivers/virt/coco/tdx-guest/tdx-guest.c @@ -160,8 +160,10 @@ static void tdx_mr_deinit(const struct attribute_group *mr_grp) /* * Intel's SGX QE implementation generally uses Quote size less * than 8K (2K Quote data + ~5K of certificate blob). + * DICE-based attestation uses layered evidence that requires + * larger Quote size (~100K). */ -#define GET_QUOTE_BUF_SIZE SZ_8K +#define GET_QUOTE_BUF_SIZE SZ_128K #define GET_QUOTE_CMD_VER 1 -- cgit v1.2.3