I'm still struggling with the "new root of trust" concept. Something - a user space agent, a third party, etc. - has to retain the entire log from event 0, because a new verifier needs all measurements. Therefore, the snapshot aggregate seems redundant. It has to be verified to match the snapshotted events. A redundancy is an attack surface. A badly written verifier might not do that verification, and this permits snapshotted events to be forged. No aggregate means the verifier can't make a mistake. On 11/22/2023 9:22 AM, Paul Moore wrote:
I believe the intent is to only pause the measurements while the snapshot_aggregate is generated, not for the duration of the entire snapshot process. The purpose of the snapshot_aggregate is to establish a new root of trust, similar to the boot_aggregate, to help improve attestation performance.
