On 3/29/24 17:58, Michael Roth wrote:
These commands can be used to pause servicing of guest attestation requests. This useful when updating the reported TCB or signing key with commands such as SNP_SET_CONFIG/SNP_COMMIT/SNP_VLEK_LOAD, since they may in turn require updates to userspace-supplied certificates, and if an attestation request happens to be in-flight at the time those updates are occurring there is potential for a guest to receive a certificate blob that is out of sync with the effective signing key for the attestation report. These interfaces also provide some versatility with how similar firmware/certificate update activities can be handled in the future. Signed-off-by: Michael Roth <michael.roth@xxxxxxx>
Reviewed-by: Tom Lendacky <thomas.lendacky@xxxxxxx>
---
