On Tuesday, 5 July 2022 17:26:40 BST Sharpened Blade via devel wrote: > How can you know if this interface is not emulated, and you never talk to > the real cpu The TDX white papers address how this is meant to work - it's based around the same "measurement" concept as TPM measured boot (see https://bootlin.com/blog/ measured-boot-with-a-tpm-2-0-in-u-boot/ for an explanation). While the VM itself cannot avoid being compromised by the hoster, if you emulate the TDX interface, you'll not be able to send the "correct" measurements with an Intel signature - the measurements that can be sent have either the wrong hash, or the wrong signature (similar applies to AMD's version, but with an AMD signature). In turn, this means that you reduce your trust chain down to the CPU maker, because if the VM platform tampers with TDX trust chains, you can observe this and refuse to (e.g.) send the VM platform the encryption key it needs to unlock private data. -- Simon Farnsworth _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure