On Wed, Nov 16, 2022 at 10:10:58AM -0700, Peter Gonda wrote:
> I think another comment above the first snp_issue_guest_request()
> could help too. Saying once we call this function we either need to
> increment the sequence number or wipe the VMPCK to ensure the
> encryption scheme is safe.
And make that explicit pls:
/*
* If the extended guest request fails due to having to small of a
* certificate data buffer retry the same guest request without the
* extended data request...
... in order to not have to reuse the IV.
I have to admit, the flow in that function is still not optimal but I
haven't stared at it long enough to have a better idea...
Thx.
--
Regards/Gruss,
Boris.
SUSE Software Solutions Germany GmbH
GF: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman
(HRB 36809, AG Nürnberg)
