From: "Daniel P. Berrangé" <berrange@redhat.com>
To: "Jörg Rödel" <jroedel@suse.de>
Cc: Claudio Carvalho <cclaudio@linux.ibm.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
amd-sev-snp@lists.suse.com, linux-coco@lists.linux.dev,
kvm@vger.kernel.org, Carlos Bilbao <carlos.bilbao@amd.com>,
Klaus Kiwi <kkiwi@redhat.com>
Subject: Re: [ANNOUNCEMENT] COCONUT Secure VM Service Module for SEV-SNP
Date: Fri, 5 May 2023 16:47:48 +0100 [thread overview]
Message-ID: <ZFUlJOFZvrNEjV1N@redhat.com> (raw)
In-Reply-To: <ZFUh/KlLXJF+2hoJ@suse.de>
On Fri, May 05, 2023 at 05:34:20PM +0200, Jörg Rödel wrote:
> Hi Claudio,
>
> On Wed, May 03, 2023 at 12:51:17PM -0400, Claudio Carvalho wrote:
> > Thanks. I would be happy to collaborate in that discussion.
>
> Great, I will send out that email early next week to get the discussion
> rolling.
>
> > I think the crypto support requires more design discussion since it is required
> > in multiple places.
> >
> > The experience I've had adding SVSM-vTPM support is that the SVSM needs crypto
> > for requesting an attestation report (SNP_GUEST_REQUEST messages sent to the
> > security processor PSP have to be encrypted with AES_GCM) and the vTPM also
> > needs crypto for the TPM crypto operations. We could just duplicate the crypto
> > library, or find a way to share it (e.g. vdso approach).
> >
> > For the SVSM, it would be rust code talking to the crypto library; for the vTPM
> > it would be the vTPM (most likely an existing C implementation) talking to the
> > crypto library.
>
> Right, where to place and how to share the crypto code needs more
> discussion, there are multiple possible approaches. I have seen that you
> have a talk at KVM Forum, so we can meet there in a larger group and
> discuss those and other questions in person.
Yep, we should probably do a BoF session on the topic of SVSM
for anyone interested who's attending KVM Forum.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2023-05-05 15:47 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-21 9:29 [ANNOUNCEMENT] COCONUT Secure VM Service Module for SEV-SNP Jörg Rödel
2023-03-21 11:09 ` James Bottomley
2023-03-21 12:43 ` Jörg Rödel
2023-03-21 13:43 ` James Bottomley
2023-03-21 15:14 ` Jörg Rödel
2023-03-21 17:48 ` Dr. David Alan Gilbert
2023-03-21 18:50 ` Jörg Rödel
2023-03-21 20:05 ` James Bottomley
2023-03-22 1:29 ` Marc Orr
2023-03-22 17:57 ` Daniel P. Berrangé
2023-03-22 9:15 ` Jörg Rödel
2023-03-22 18:07 ` Daniel P. Berrangé
2023-03-22 18:24 ` Dionna Amalie Glaze
2023-03-21 15:06 ` Dr. David Alan Gilbert
2023-03-21 15:25 ` Jörg Rödel
2023-03-21 16:56 ` Dr. David Alan Gilbert
2023-03-21 19:03 ` Jörg Rödel
2023-03-21 19:53 ` Dr. David Alan Gilbert
2023-03-22 9:19 ` Jörg Rödel
2023-03-22 9:43 ` Alexander Graf
2023-03-22 10:34 ` Dr. David Alan Gilbert
2023-03-22 17:37 ` Dionna Amalie Glaze
2023-03-22 17:47 ` Dr. David Alan Gilbert
2023-03-22 21:53 ` James Bottomley
2023-04-11 19:57 ` Tom Lendacky
2023-04-11 20:01 ` Dionna Amalie Glaze
2023-04-13 16:57 ` James Bottomley
2023-04-14 9:00 ` Jörg Rödel
2023-05-02 23:03 ` Tom Lendacky
2023-05-03 12:26 ` Jörg Rödel
2023-05-03 15:24 ` Dionna Amalie Glaze
2023-05-03 15:43 ` James Bottomley
2023-05-03 16:10 ` Daniel P. Berrangé
2023-05-03 16:51 ` Claudio Carvalho
2023-05-03 17:16 ` Alexander Graf
2023-05-05 15:34 ` Jörg Rödel
2023-05-05 15:47 ` Daniel P. Berrangé [this message]
2023-05-04 17:04 ` James Bottomley
2023-05-05 12:35 ` Christophe de Dinechin
2023-05-06 12:48 ` James Bottomley
2023-05-08 5:16 ` Alexander Graf
2023-05-05 15:02 ` Jörg Rödel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZFUlJOFZvrNEjV1N@redhat.com \
--to=berrange@redhat.com \
--cc=amd-sev-snp@lists.suse.com \
--cc=carlos.bilbao@amd.com \
--cc=cclaudio@linux.ibm.com \
--cc=jroedel@suse.de \
--cc=kkiwi@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.