From: Dan Middleton <dan.middleton@linux.intel.com>
To: Nikolay Borisov <nik.borisov@suse.com>, linux-coco@lists.linux.dev
Cc: dave.hansen@linux.intel.com, x86@kernel.org,
kirill.shutemov@linux.intel.com,
sathyanarayanan.kuppuswamy@linux.intel.com
Subject: Re: [RFC PATCH] virt: tdx-guest: Remove quote generation via ioctl
Date: Wed, 24 Jan 2024 17:44:25 -0600 [thread overview]
Message-ID: <28f261fd-6ab9-4b86-884f-385aa6de09db@linux.intel.com> (raw)
In-Reply-To: <20240123160704.1270147-1-nik.borisov@suse.com>
On 1/23/24 10:07 AM, Nikolay Borisov wrote:
> When this driver got merged initially there was no widely agreed upon
> interface how the quote generation interface will work so having an
> ioctl made sense. However, there's now a vendor-neutral interface via
> configfs. Just remove the old ioctl interface and leave only the the
> configfs one.
>
There maybe some terminology collisions here.
The getQuote ioctl was never upstreamed. IIRC it died in patch v3.
This getReport ioctl predated it and has related but separate usages to the
quote.
The configfs-tsm API uses the word report, but that really means quote or
attestation.
In intel products and maybe elsewhere the attestation terminology is:
report: MAC'd evidence ~= local attestation
quote: Signed evidence ~= remote attestation
A report can be used for local attestation because the MAC is verifiable on
that machine by that hardware.
A quote can be remotely verified using the digital signature.
Other uses for a report include secure communication with service TDs.
Regards,
Dan Middleton
prev parent reply other threads:[~2024-01-24 23:44 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-23 16:07 [RFC PATCH] virt: tdx-guest: Remove quote generation via ioctl Nikolay Borisov
2024-01-23 17:51 ` Kuppuswamy Sathyanarayanan
2024-01-23 18:24 ` Nikolay Borisov
2024-01-23 19:06 ` Dan Williams
2024-01-23 19:57 ` Daniel P. Berrangé
2024-01-23 20:09 ` Dan Williams
2024-01-24 11:49 ` Jeremi Piotrowski
2024-01-23 19:09 ` Dionna Amalie Glaze
2024-01-23 19:23 ` Dave Hansen
2024-01-23 20:55 ` Kuppuswamy Sathyanarayanan
2024-01-24 23:44 ` Dan Middleton [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=28f261fd-6ab9-4b86-884f-385aa6de09db@linux.intel.com \
--to=dan.middleton@linux.intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-coco@lists.linux.dev \
--cc=nik.borisov@suse.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).