Merged back in late 2023 for Linux 6.7 was [1]a cross-vendor solution for confidential computing attestation reports with the Linux Trusted Security Manager (TSM). In the succeeding kernel releases there weren't any further TSM updates issued but now for Linux 6.16 there finally is renewed work on this confidential computing code.

Dan Willians with Intel sent out the new Trusted Security Manager updates for Linux 6.16 and acknowledged the long time since the last pull request for Linux 6.7. But moving forward more development work on TSM is anticipated with plans to work on being able to assign PCI devices to confidential computing guests with PCI Device Security.

As for what is new with TSM in Linux 6.16 there is a new sysfs interface for publishing measurement values, reorganizing driver code, and other work:

"- Add a general sysfs scheme for publishing "Measurement" values provided by the architecture's TEE Security Manager. Use it to publish TDX "Runtime Measurement Registers" ("RTMRs") that either maintain a hash of stored values (similar to a TPM PCR) or provide statically provisioned data. These measurements are validated by a relying party.

- Reorganize the drivers/virt/coco/ directory for "host" and "guest" shared infrastructure.

- Fix a configfs-tsm-report unregister bug

- With CONFIG_TSM_MEASUREMENTS joining CONFIG_TSM_REPORTS and in anticipation of more shared "TSM" infrastructure arriving, rename the maintainer entry to "TRUSTED SECURITY MODULE (TSM) INFRASTRUCTURE"."

More details on these Trusted Security Manager updates for Linux 6.16 via [2]this pull .



[1] https://www.phoronix.com/news/Linux-6.7-configfs-tsm

[2] https://lore.kernel.org/lkml/683902e2e98df_218f10017@dwillia2-mobl4.notmuch/