On Tue, 2022-04-19 at 07:13 -0700, Dave Hansen wrote: > On 4/19/22 00:47, Kai Huang wrote: > > > From security's perspective, attestation is an essential part of TDX. That > > being said, w/o attestation support in TD guest, I guess nobody will seriously > > use TD guest. > > Are you saying you can't think of a single threat model where there's a > benefit to running a TDX guest without attestation? Will TDX only be > used in environments where secrets are provisioned to guests on the > basis of attestation? > > > I don't think anyone should provision secret to a TD before it get attested that it is a genuine TD that he/she expected. If someone does that, he/she takes the risk of losing the secret. Of course if someone just want to try a TD then w/o attestation is totally fine. -- Thanks, -Kai
