Hi Claudio, On Wed, May 03, 2023 at 12:51:17PM -0400, Claudio Carvalho wrote: > Thanks. I would be happy to collaborate in that discussion. Great, I will send out that email early next week to get the discussion rolling. > I think the crypto support requires more design discussion since it is required > in multiple places. > > The experience I've had adding SVSM-vTPM support is that the SVSM needs crypto > for requesting an attestation report (SNP_GUEST_REQUEST messages sent to the > security processor PSP have to be encrypted with AES_GCM) and the vTPM also > needs crypto for the TPM crypto operations. We could just duplicate the crypto > library, or find a way to share it (e.g. vdso approach). > > For the SVSM, it would be rust code talking to the crypto library; for the vTPM > it would be the vTPM (most likely an existing C implementation) talking to the > crypto library. Right, where to place and how to share the crypto code needs more discussion, there are multiple possible approaches. I have seen that you have a talk at KVM Forum, so we can meet there in a larger group and discuss those and other questions in person. I think from this thread and other discussions happening it became clear that there are currently a lot of different opinions on what the SVSM should do and how it should look like. It would be great if we as a community can get closer together on those questions (which is certainly helpful for combining efforts). Regards, -- Jörg Rödel jroedel@xxxxxxx SUSE Software Solutions Germany GmbH Frankenstraße 146 90461 Nürnberg Germany (HRB 36809, AG Nürnberg) Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman
