On Wed, Nov 16, 2022 at 10:28 AM Borislav Petkov <bp@xxxxxxx> wrote: > > On Wed, Nov 16, 2022 at 10:10:58AM -0700, Peter Gonda wrote: > > I think another comment above the first snp_issue_guest_request() > > could help too. Saying once we call this function we either need to > > increment the sequence number or wipe the VMPCK to ensure the > > encryption scheme is safe. > > And make that explicit pls: > > /* > * If the extended guest request fails due to having to small of a > * certificate data buffer retry the same guest request without the > * extended data request... > > ... in order to not have to reuse the IV. > > > I have to admit, the flow in that function is still not optimal but I > haven't stared at it long enough to have a better idea... Thanks for all the feedback Tom and Boris. I've sent out a V5. I hope I've gotten the grammar correct in these comments.
