Re: [RFC v3 00/27] lib: Rust implementation of SPDM

Next message: Fuad Tabba: "Re: [RFC PATCH v2 09/37] KVM: guest_memfd: Add support for KVM_SET_MEMORY_ATTRIBUTES2"
Previous message: Huacai Chen: "Re: [PATCH] LoongArch: jump_label: Batch icache maintenance"
In reply to: Lukas Wunner: "Re: [RFC v3 00/27] lib: Rust implementation of SPDM"
Next in thread: dan.j.williams: "Re: [RFC v3 00/27] lib: Rust implementation of SPDM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jason Gunthorpe

Date: Thu Feb 19 2026 - 07:43:43 EST

On Thu, Feb 19, 2026 at 10:34:55AM +0100, Lukas Wunner wrote:
> On Wed, Feb 18, 2026 at 08:56:14PM -0400, Jason Gunthorpe wrote:
> > And not sure we should be dumping any certs in sysfs if the plan for
> > the other stuff is netlink, it should be consistent I think.
>
> It has turned out to be super convenient to expose the 8 slots with
> certificate chains in sysfs for direct examination with openssl and
> similar tools, without having to go through netlink.

Honestly, I'm reluctant to add permanent sysfs uAPI just for temporary
debugging. Put it in debugfs.

There should be a tool suite that runs on top of this stuff and
presents a sensible user experiance, with man pages and so on.

Having to find/remember some baroque openssl command line with a
million options is not reasonable for a production kind of
environment.

Jason