On Tue, 2022-09-13 at 18:23 -0700, Sathyanarayanan Kuppuswamy wrote:
Attestation is used to verify the TDX guest trustworthiness to other
entities before provisioning secrets to the guest. For example, a key
server may request attestation quote before releasing the encryption
keys to mount the encrypted rootfs or secondary drive.
I would replace "may request attestation quote" to "may want to use attestation to verify the guest is the desired one". The "quote" was never mentioned before here so it's -EPARSE. Also getting the quote is not the purpose, the purpose is to get it verified by verification service.
The TDX module records the state of the TDX guest in various stages of
the guest boot process using build time measurement register (MRTD) and
runtime measurement registers (RTMR). Measurements related to guest
initial configuration and firmware image are recorded in the MRTD
register. Measurements related to initial state, kernel image, firmware
image, command line options, initrd, ACPI tables, etc are recorded in
RTMR registers. For more details, please refer to TDX Virtual Firmware
design specification, sec titled "TD Measurement". At TDX guest runtime,
the attestation process is used to attest to these measurements.
I would like to point out that "TDVF is is just an example". TDVF can be replaced with other BIOS, theoretically (especially if you consider container case in the future), so all things in TDVF can only just be an "example". I don't like the idea to bind TDX architecture with TDVF.
How about:
"For more details as an example, please refer to TDX virtual Firmware ...".
Otherwise looks good. You can have my Ack anyway:
Acked-by: Kai Huang kai.huang@intel.com