On Mon, 2023-08-14 at 14:42 -0700, Sush Shringarputale wrote: > > This design seems overly complex and requires synchronization between > > the "snapshot" record and exporting the records from the measurement > > list. None of this would be necessary if the measurements were copied > > from kernel memory to a backing file (e.g. tmpfs), as described in [1]. > > > > What is the real problem - kernel memory pressure, memory pressure in > > general, or disk space? Is the intention to remove or offload the > > exported measurements? > The main concern is the memory pressure on both the kernel and the > attestation client > when it sends the request. The concern you bring up is valid and we are > working on > creating a prototype. There is no intention to remove the exported > measurements. Glad to hear that you're not intending to remove the exported measurements. Defining and including a new record in the measurement list measurement is fine, if it helps with attestation and doesn't require pausing the measurements. -- thanks, Mimi
