On Tue, Mar 21, 2023 at 07:53:58PM +0000, Dr. David Alan Gilbert wrote: > OK; the other thing that needs to get nailed down for the vTPM's is the > relationship between the vTPM attestation and the SEV attestation. > i.e. how to prove that the vTPM you're dealing with is from an SNP host. > (Azure have a hack of putting an SNP attestation report into the vTPM > NVRAM; see > https://github.com/Azure/confidential-computing-cvm-guest-attestation/blob/main/cvm-guest-attestation.md > ) When using the SVSM TPM protocol it should be proven already that the vTPM is part of the SNP trusted base, no? The TPM communication is implicitly encrypted by the VMs memory key and the SEV attestation report proves that the correct vTPM is executing. Regards, -- Jörg Rödel jroedel@xxxxxxx SUSE Software Solutions Germany GmbH Frankenstraße 146 90461 Nürnberg Germany (HRB 36809, AG Nürnberg) Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman
