Re: [PATCH v12 28/29] crypto: ccp: Add the SNP_{PAUSE,RESUME}_ATTESTATION commands

From: Tom Lendacky
Date: Wed Apr 10 2024 - 18:28:28 EST

Next message: Pavan Holla: "Re: [PATCH v4 2/2] usb: typec: ucsi: Implement ChromeOS UCSI driver"
Previous message: Conor Dooley: "Re: [PATCH 07/10] riscv: add ISA extension parsing for Zcmop"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/29/24 17:58, Michael Roth wrote:

These commands can be used to pause servicing of guest attestation
requests. This useful when updating the reported TCB or signing key with
commands such as SNP_SET_CONFIG/SNP_COMMIT/SNP_VLEK_LOAD, since they may
in turn require updates to userspace-supplied certificates, and if an
attestation request happens to be in-flight at the time those updates
are occurring there is potential for a guest to receive a certificate
blob that is out of sync with the effective signing key for the
attestation report.

These interfaces also provide some versatility with how similar
firmware/certificate update activities can be handled in the future.

Signed-off-by: Michael Roth <michael.roth@xxxxxxx>

Reviewed-by: Tom Lendacky <thomas.lendacky@xxxxxxx>

---

Next message: Pavan Holla: "Re: [PATCH v4 2/2] usb: typec: ucsi: Implement ChromeOS UCSI driver"
Previous message: Conor Dooley: "Re: [PATCH 07/10] riscv: add ISA extension parsing for Zcmop"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]