| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2379fc61dea736ff1a5260997869c45ab7e01a0d.camel@intel.com>
Date: Mon, 12 Sep 2022 22:54:47 +0000
From: "Huang, Kai" <kai.huang@...el.com>
To: "sathyanarayanan.kuppuswamy@...ux.intel.com"
<sathyanarayanan.kuppuswamy@...ux.intel.com>,
"tglx@...utronix.de" <tglx@...utronix.de>,
"mingo@...hat.com" <mingo@...hat.com>,
"shuah@...nel.org" <shuah@...nel.org>,
"dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
"x86@...nel.org" <x86@...nel.org>, "bp@...en8.de" <bp@...en8.de>
CC: "linux-kselftest@...r.kernel.org" <linux-kselftest@...r.kernel.org>,
"ak@...ux.intel.com" <ak@...ux.intel.com>,
"gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
"wander@...hat.com" <wander@...hat.com>,
"tim.gardner@...onical.com" <tim.gardner@...onical.com>,
"hpa@...or.com" <hpa@...or.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"isaku.yamahata@...il.com" <isaku.yamahata@...il.com>,
"kirill.shutemov@...ux.intel.com" <kirill.shutemov@...ux.intel.com>,
"Luck, Tony" <tony.luck@...el.com>,
"marcelo.cerri@...onical.com" <marcelo.cerri@...onical.com>,
"Cox, Philip" <philip.cox@...onical.com>,
"khalid.elmously@...onical.com" <khalid.elmously@...onical.com>,
"linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>
Subject: Re: [PATCH v13 2/3] selftests: tdx: Test TDX attestation GetReport
support
On Mon, 2022-09-12 at 15:06 -0700, Sathyanarayanan Kuppuswamy wrote:
> Hi Kai,
>
> On 9/12/22 12:17 AM, Huang, Kai wrote:
> > On Fri, 2022-09-09 at 12:27 -0700, Kuppuswamy Sathyanarayanan wrote:
> > > Attestation is used to verify the trustworthiness of a TDX guest.
> > > During the guest bring-up, Intel TDX module measures and records
> > > the initial contents and configuration of the guest, and at runtime,
> > > guest software uses runtime measurement registers (RMTRs) to measure
> > > and record details related to kernel image, command line params, ACPI
> > > tables, initrd, etc. At TDX guest runtime, Intel SGX attestation
> > > infrastructure is re-used to attest to these measurement data.
> >
> > Similar the comment to patch 3, I don't particularly like "to attest" part as
> > only the verification service can truly _attest_ somthing (I suppose the "SGX
> > infrastructure" here you mean SGX QE to generate the Quote).
> >
> > I think you can just say something like "TDX leverages SGX Quote mechanism to
> > support remote attestation of TDX guests". And you can combine this with below
> > paragraph.
>
> The part about leveraging the SGX infrastructure is not very important. We can
> even drop it. But I want to add some details about what we do with this measurement
> data. In the first paragraph, we have started with collection of measurements data.
> If we directly jump to attestation process without explaining the need for collecting
> measurements, it will be a bit confusing.
>
> How about following version?
>
> Attestation is used to verify the trustworthiness of a TDX guest.
>
> During the guest bring-up, Intel TDX module measures and records
>
> the initial contents and configuration of the guest, and at runtime,
>
> guest software uses runtime measurement registers (RMTRs) to measure
>
> and record details related to kernel image, command line params, ACPI
>
> tables, initrd, etc. At guest runtime, the attestation process is used
> to
> attest to these measurements.
Yeah fine to me.
Powered by blists - more mailing lists