On Wed, Jan 05, 2022 at 08:07:04PM +0000, Dr. David Alan Gilbert wrote: > I thought I saw something in their patch series where they also had a > secret that got passed down from EFI? Probably. I've seen so many TDX patchsets so that I'm completely confused what is what. > As I remember they had it with an ioctl and something; but it felt to > me if it would be great if it was shared. I guess we could try to share https://lore.kernel.org/r/20211210154332.11526-28-brijesh.singh@xxxxxxx for SNP and TDX. > I'd love to hear from those other cloud vendors; I've not been able to > find any detail on how their SEV(-ES) systems actually work. Same here. > However, this aims to be just a comms mechanism to pass that secret; > so it's pretty low down in the stack and is there for them to use - > hopefully it's general enough. Exactly! > (An interesting question is what exactly gets passed in this key and > what it means). > > All the contentious stuff I've seen seems to be further up the stack - like > who does the attestation and where they get the secrets and how they > know what a valid measurement looks like. It would be much much better if all the parties involved would sit down and decide on a common scheme so that implementation can be shared but getting everybody to agree is likely hard... -- Regards/Gruss, Boris. SUSE Software Solutions Germany GmbH, GF: Ivo Totev, HRB 36809, AG Nürnberg
