Re: [PATCH v3 3/3] selftests/tdx: Test GetQuote TDX attestation feature

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Huang, Kai wrote:
> On Thu, 2023-06-22 at 16:31 -0700, Erdem Aktas wrote:
> > So while I like the suggested direction, I am not sure how much it is
> > possible to come up with a common ABI even with just only for 2
> > vendors (AMD and Intel) without doing spec changes which is a multi
> > year effort imho.
> 
> I don't want to intervene the discussion around whether this direction is
> correct or not, however I want to say request_key() may not be the right place
> to fit Quote (or remote verifiable data blob in general for attestation).
> 
> > request_key(coco_quote, "description", "<uuencoded tdreport>")
> 
> Although both key and Quote are data blob in some way, Quote certainly is not a
> key but have much more information.  The man page of request_key() seems to
> suggest it's just for key:
> 
>        request_key - request a key from the kernel's key management
>        facility
> 

Read further in that man page and see the example of generic user
defined value stored as a "key". A "key" is just a blob that has meaning
to access other resources / instantiate other keys.



[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux