Re: [ANNOUNCEMENT] COCONUT Secure VM Service Module for SEV-SNP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Mar 22, 2023 at 10:15:33AM +0100, Jörg Rödel wrote:
> There is of course work building on linux-svsm out there, too. It would
> be interesting to get an overview of that. We are already looking into
> porting over the attestation code IBM wrote for linux-svsm (although we
> would prefer IBM submitting it :) ). The vTPM code out there can not be
> ported over as-is, as COCONUT will not link a whole TPM library in its
> code-base. But maybe it can be the base for a separate vTPM binary run
> by COCONUT.

For whichever SVSM impl becomes the dominant, the vTPM support with
persistence, is something I see as a critical component. It lets the
guest OS boot process at least be largely decoupled from the CVM
attestation process, and instead rely on the pre-existing support for
TPMs, SecureBoot & secret sealing which is common to bare metal and
non-confidential VM deployments alike. 

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|




[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux