Feature: Fetch OVMF and kernel command line arguments #194
Assignees
Labels
enhancement
New feature or request
help wanted
Extra attention is needed
question
Further information is requested
Comments
|
This potentially opens an attack vector because now we need to trust the manager-backend communication. We need to discuss this one @drasko @danko-miladinovic. |
dborovcanin
added
help wanted
|
@dborovcanin this is OK, because these measurements are signed with AMD firmware and SEV-SNP keys in the HW. I would like to have more detailed explication how this approach maps to IETF RATS spec. |
|
This is resolved in #245 by adding a measurement directly to the backend. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
This feature will enable the client (the member of the consortium) to fetch the missing information to calculate the measurement. The OVMF version, the kernel command line arguments, and the number of vcpus and vcpu-type.
Describe the feature you are requesting, as well as the possible use case(s) for it.
The idea is to enable the users to calculate the expected measurement that is needed during the aTLS verification and validation process.
Indicate the importance of this feature to you.
Must-have
Anything else?
No response
The text was updated successfully, but these errors were encountered: