From: Borislav Petkov <bp@alien8.de>
To: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H . Peter Anvin" <hpa@zytor.com>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
Tony Luck <tony.luck@intel.com>, Andi Kleen <ak@linux.intel.com>,
Kai Huang <kai.huang@intel.com>,
Wander Lairson Costa <wander@redhat.com>,
Isaku Yamahata <isaku.yamahata@gmail.com>,
marcelo.cerri@canonical.com, tim.gardner@canonical.com,
khalid.elmously@canonical.com, philip.cox@canonical.com,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v10 1/2] x86/tdx: Add TDX Guest attestation interface driver
Date: Wed, 24 Aug 2022 19:10:10 +0200 [thread overview]
Message-ID: <YwZbcpvmJt50YDa/@zn.tnic> (raw)
In-Reply-To: <20220804003323.1441376-1-sathyanarayanan.kuppuswamy@linux.intel.com>
On Wed, Aug 03, 2022 at 05:33:22PM -0700, Kuppuswamy Sathyanarayanan wrote:
> In TDX guest, attestation is used to verify the trustworthiness of a TD
> to other entities before provisioning secrets to the TD. Such attestation
> process is required by 3rd party servers before sending sensitive
> information to TD guests. One usage example is to get encryption keys
> from the key server for mounting the encrypted rootfs or secondary drive.
Just a reminder to fix this up wrt TDX and TD. I know Intel
documentation wants to talk about trust domains and the guest being one
but then if you wanna formulate it that way, you need to define the
nomenclature you're using and then stick with it.
Otherwise, confusion.
Example: "In TDX guest, ... Such attestation... before sending
information to TD guests."
And here I go: What, there's a TDX guest and TD guest?
Just simplify it.
I'll review our v11 properly after you've addressed comments from v9 too.
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
prev parent reply other threads:[~2022-08-24 17:10 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-04 0:33 [PATCH v10 1/2] x86/tdx: Add TDX Guest attestation interface driver Kuppuswamy Sathyanarayanan
2022-08-04 0:33 ` [PATCH v10 2/2] selftests: tdx: Test GetReport TDX attestation feature Kuppuswamy Sathyanarayanan
2022-08-05 19:47 ` [PATCH v10 1/2] x86/tdx: Add TDX Guest attestation interface driver Wander Lairson Costa
2022-08-05 21:35 ` Sathyanarayanan Kuppuswamy
2022-08-08 12:05 ` Wander Lairson Costa
2022-08-24 17:10 ` Borislav Petkov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YwZbcpvmJt50YDa/@zn.tnic \
--to=bp@alien8.de \
--cc=ak@linux.intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=isaku.yamahata@gmail.com \
--cc=kai.huang@intel.com \
--cc=khalid.elmously@canonical.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=marcelo.cerri@canonical.com \
--cc=mingo@redhat.com \
--cc=philip.cox@canonical.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=tglx@linutronix.de \
--cc=tim.gardner@canonical.com \
--cc=tony.luck@intel.com \
--cc=wander@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox