]> git.ipfire.org Git - thirdparty/linux.git/commit
configfs-tsm-report: Increase TSM_REPORT_OUTBLOB_MAX to 16MB
authorKuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Wed, 11 Feb 2026 00:17:11 +0000 (16:17 -0800)
committerDan Williams <dan.j.williams@intel.com>
Wed, 11 Feb 2026 02:21:21 +0000 (18:21 -0800)
commit9342bf3d670b1b3d3cfc77a9dc1cd0d6574e5cc6
tree4cf69cfa2da82d868b8c4479b06fd06c7926ddcc
parent5f486958bfae4e2059a26b947661a60efedd092d
configfs-tsm-report: Increase TSM_REPORT_OUTBLOB_MAX to 16MB

Confidential Computing (CoCo) attestation is evolving toward
standardized models such as DICE (Device Identifier Composition Engine)
and Post-Quantum Cryptography (PQC), which rely on layered certificate
chains and larger cryptographic signatures.

A typical PQC certificate can range from 5KB to 15KB, and DICE-based
architectures accumulate these certificates across multiple boot
stages. In such configurations, the total attestation evidence can
reach several megabytes, exceeding the current 32KB limit.

Increase TSM_REPORT_OUTBLOB_MAX to 16MB to accommodate these larger
certificate chains. This provides sufficient headroom to handle
evolving requirements without requiring frequent updates to the limit.

TSM_REPORT_OUTBLOB_MAX is used by the configfs read interface to cap
the maximum allowed binary blob size for outblob, auxblob and
manifestblob attributes. Hence, the per-open-file worst case memory
allocation increases from 32KB to 16MB. Multiple concurrent readers
multiply this cost (e.g., N readers of an M-byte blob incur NxM bytes
of vmalloc-backed memory). However, allocations are performed on demand
and remain proportional to the actual blob length, not the configured
maximum.

Reviewed-by: Fang Peter <peter.fang@intel.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Link: https://patch.msgid.link/20260211001712.1531955-3-sathyanarayanan.kuppuswamy@linux.intel.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
include/linux/tsm.h