Huang, Kai wrote: > On Thu, 2023-06-22 at 16:31 -0700, Erdem Aktas wrote: > > So while I like the suggested direction, I am not sure how much it is > > possible to come up with a common ABI even with just only for 2 > > vendors (AMD and Intel) without doing spec changes which is a multi > > year effort imho. > > I don't want to intervene the discussion around whether this direction is > correct or not, however I want to say request_key() may not be the right place > to fit Quote (or remote verifiable data blob in general for attestation). > > > request_key(coco_quote, "description", "<uuencoded tdreport>") > > Although both key and Quote are data blob in some way, Quote certainly is not a > key but have much more information. The man page of request_key() seems to > suggest it's just for key: > > request_key - request a key from the kernel's key management > facility > Read further in that man page and see the example of generic user defined value stored as a "key". A "key" is just a blob that has meaning to access other resources / instantiate other keys.
