On Mon, 2022-09-12 at 15:06 -0700, Sathyanarayanan Kuppuswamy wrote: > Hi Kai, > > On 9/12/22 12:17 AM, Huang, Kai wrote: > > On Fri, 2022-09-09 at 12:27 -0700, Kuppuswamy Sathyanarayanan wrote: > > > Attestation is used to verify the trustworthiness of a TDX guest. > > > During the guest bring-up, Intel TDX module measures and records > > > the initial contents and configuration of the guest, and at runtime, > > > guest software uses runtime measurement registers (RMTRs) to measure > > > and record details related to kernel image, command line params, ACPI > > > tables, initrd, etc. At TDX guest runtime, Intel SGX attestation > > > infrastructure is re-used to attest to these measurement data. > > > > Similar the comment to patch 3, I don't particularly like "to attest" part as > > only the verification service can truly _attest_ somthing (I suppose the "SGX > > infrastructure" here you mean SGX QE to generate the Quote). > > > > I think you can just say something like "TDX leverages SGX Quote mechanism to > > support remote attestation of TDX guests". And you can combine this with below > > paragraph. > > The part about leveraging the SGX infrastructure is not very important. We can > even drop it. But I want to add some details about what we do with this measurement > data. In the first paragraph, we have started with collection of measurements data. > If we directly jump to attestation process without explaining the need for collecting > measurements, it will be a bit confusing. > > How about following version? > > Attestation is used to verify the trustworthiness of a TDX guest. > > During the guest bring-up, Intel TDX module measures and records > > the initial contents and configuration of the guest, and at runtime, > > guest software uses runtime measurement registers (RMTRs) to measure > > and record details related to kernel image, command line params, ACPI > > tables, initrd, etc. At guest runtime, the attestation process is used > to > attest to these measurements. Yeah fine to me.
