All of lore.kernel.org
 help / color / mirror / Atom feed
From: Nicolai Stange <nstange@suse.de>
To: Tyler Fanelli <tfanelli@redhat.com>
Cc: Oliver Steffen <osteffen@redhat.com>,
	Stefano Garzarella <sgarzare@redhat.com>,
	coconut-svsm@lists.linux.dev
Subject: [DISCUSSION] svsm: attestation + CocoonFs:
Date: Wed, 11 Mar 2026 05:29:30 +0100	[thread overview]
Message-ID: <873427gf9x.fsf@> (raw)

Hi Tyler,

I've been told in one of the svsm devel calls that a capability for
storing some info in plaintext in CocoonFs would be helpful for your
attestation efforts.

Before I go and implement something, let me ask about the nature of that
data.
- What exactly are you planning to store there?
- Presumably the filesystem salt from the image header, supposed to also
  serve as a filesystem ID ([1]), is not sufficient?
- Is the data considered immutable over the lifetime of the FS?
- Is it Ok if that data is not authenticated?

Thanks!

Nicolai

[1] https://coconut-svsm.github.io/cocoon-tpm/cocoonfs/cocoonfs-format.html#image-header

             reply	other threads:[~2026-03-11  4:29 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-11  4:29 Nicolai Stange [this message]
2026-03-19 12:00 ` [DISCUSSION] svsm: attestation + CocoonFs: Arun Menon
2026-03-19 14:04   ` James Bottomley
2026-03-19 16:38     ` Tyler Fanelli
     [not found] <73724.126031100351500114@us-mta-457.us.mimecast.lan>
2026-03-20  3:22 ` Tyler Fanelli

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=873427gf9x.fsf@ \
    --to=nstange@suse.de \
    --cc=coconut-svsm@lists.linux.dev \
    --cc=osteffen@redhat.com \
    --cc=sgarzare@redhat.com \
    --cc=tfanelli@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.