Re: [PATCH v8 0/5] Add TDX Guest Attestation support
From: Dave Hansen
Date: Mon Jun 27 2022 - 14:52:38 EST
On 6/27/22 07:51, Sathyanarayanan Kuppuswamy wrote:
> In TDX guest, attestation process generally involves the following steps:
>
> 1. Get the TDREPORT using user specified REPORTDATA. This is implemented
> using TDG.MR.TDREPORT Module call. An IOCTL interface is added to let
> userspace get the TDREPORT data (implemented in patch #1).
>
> 2. Using the TDREPORT data, generate a remotely verifiable signed Quote.
> Quote can be generated either using GetQuote hypercall or by communicating
> with VMM/Quoting Enclave(QE) using VSOCK. In this patch set, only the
> GetQuote hypercall model is supported. Since Quote generation is an
> asynchronous request, and takes more time, we let VMM notify the TDX Guest
> using the callback interrupt. Patch # 2-5 implements Quote generation support,
> in which Patch # 2 implements the callback interrupt support.
IMNHO, too much gibberish, not enough English, too much superfluous
information.
For instance, why do we need a quote and a report? Why does this have
an interrupt?