On 5/6/21 6:51 AM, Daniel P. Berrangé wrote: >> It looks like QEMU will expose commands needed for attestation via QMP [3]. > > As mentioned in my reply to that thread, I believe we can already do > pretty much all of that via a combination of libvirt APIs & guest XML. This is not a good user experience. The entire attestation process should be made ephemeral, taking place 100% over a socket. Enabling a fully socket-based attestation workflow will decouple it from the domain XML and the host file system and make it easier for guest-owner tooling to facilitate attestation. Connor
