Re: [PATCH 0/4] keys: Introduce a keys frontend for attestation reports

From: Dionna Amalie Glaze
Date: Tue Aug 08 2023 - 16:37:37 EST


> Trusting the vTPM is a one time thing. Once trust in the TPM is
> established, you don't need to be worried about replay and you can just
> use standard TPM primitives for everything onward, even when doing
> point in time runtime attestation.
>

It's a one time thing for who? It seems like you're still only looking
at the 1. use case and not the 2. use case. Every different person
establishing a connection with the service will need to independently
establish trust in the TPM.


--
-Dionna Glaze, PhD (she/her)