On Fri, May 05, 2023 at 05:34:20PM +0200, Jörg Rödel wrote: > Hi Claudio, > > On Wed, May 03, 2023 at 12:51:17PM -0400, Claudio Carvalho wrote: > > Thanks. I would be happy to collaborate in that discussion. > > Great, I will send out that email early next week to get the discussion > rolling. > > > I think the crypto support requires more design discussion since it is required > > in multiple places. > > > > The experience I've had adding SVSM-vTPM support is that the SVSM needs crypto > > for requesting an attestation report (SNP_GUEST_REQUEST messages sent to the > > security processor PSP have to be encrypted with AES_GCM) and the vTPM also > > needs crypto for the TPM crypto operations. We could just duplicate the crypto > > library, or find a way to share it (e.g. vdso approach). > > > > For the SVSM, it would be rust code talking to the crypto library; for the vTPM > > it would be the vTPM (most likely an existing C implementation) talking to the > > crypto library. > > Right, where to place and how to share the crypto code needs more > discussion, there are multiple possible approaches. I have seen that you > have a talk at KVM Forum, so we can meet there in a larger group and > discuss those and other questions in person. Yep, we should probably do a BoF session on the topic of SVSM for anyone interested who's attending KVM Forum. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
