From: Lukas Wunner <lukas@wunner.de>
To: Dionna Amalie Glaze <dionnaglaze@google.com>
Cc: Alexey Kardashevskiy <aik@amd.com>,
linux-coco@lists.linux.dev, kvm@vger.kernel.org,
linux-pci@vger.kernel.org,
Dan Williams <dan.j.williams@intel.com>,
Jonathan Cameron <jic23@kernel.org>
Subject: Re: TDISP enablement
Date: Wed, 1 Nov 2023 08:38:13 +0100 [thread overview]
Message-ID: <20231101073813.GC25863@wunner.de> (raw)
In-Reply-To: <CAAH4kHYgMKv2xYT8=4Vx7i8hhpCOMZNdzf8G4fbNdx=9gQ8Y1w@mail.gmail.com>
On Tue, Oct 31, 2023 at 04:40:56PM -0700, Dionna Amalie Glaze wrote:
> Only read? Can user space not provide a nonce for replay protection
> here, or is that just inherent to the SPDM channel setup, and the
That's internal to SPDM, regardless whether SPDM is handled by the
TSM or OS kernel.
> These vendored certificates will only grow in size, and they're
The size of a cert chain is limited to 64 kByte by the SPDM spec.
A device may have 8 slots, each containing a cert chain.
> device-specific, so it makes sense for machines to have a local cache
> of all the provisioned certificates that get forwarded to the guest
> through the VMM. I'd like to see this kind of blob reporting as a more
> general mechanism, however, so we can get TDX-specific blobs in too
> without much fuss.
Cert chains and measurements from the interface report need to be
exposed as individual sysfs attributes for compatibility with
TEE-IO incapable devices.
Blobs make zero sense here. Doubly so if they're vendor-specific.
Thanks,
Lukas
next prev parent reply other threads:[~2023-11-01 7:38 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-31 22:56 TDISP enablement Alexey Kardashevskiy
2023-10-31 23:40 ` Dionna Amalie Glaze
2023-11-01 7:38 ` Lukas Wunner [this message]
2023-11-01 7:27 ` Lukas Wunner
2023-11-01 11:05 ` Jonathan Cameron
2023-11-02 2:28 ` Alexey Kardashevskiy
2023-11-03 16:44 ` Jonathan Cameron
2023-11-11 22:45 ` Dan Williams
2023-11-24 14:52 ` Jonathan Cameron
2023-11-10 23:38 ` Dan Williams
2023-11-10 23:30 ` Dan Williams
2023-11-24 16:25 ` Jonathan Cameron
2023-11-13 6:04 ` Samuel Ortiz
2023-11-01 11:43 ` Alexey Kardashevskiy
2023-11-13 5:43 ` Samuel Ortiz
2023-11-13 6:46 ` Alexey Kardashevskiy
2023-11-13 15:10 ` Samuel Ortiz
2023-11-14 0:57 ` Alexey Kardashevskiy
2023-11-14 15:35 ` Samuel Ortiz
2023-12-06 4:43 ` Dan Williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231101073813.GC25863@wunner.de \
--to=lukas@wunner.de \
--cc=aik@amd.com \
--cc=dan.j.williams@intel.com \
--cc=dionnaglaze@google.com \
--cc=jic23@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-pci@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).