Closed danko-miladinovic closed 1 month ago
This potentially opens an attack vector because now we need to trust the manager-backend communication. We need to discuss this one @drasko @danko-miladinovic.
@dborovcanin this is OK, because these measurements are signed with AMD firmware and SEV-SNP keys in the HW.
I would like to have more detailed explication how this approach maps to IETF RATS spec.
This is resolved in #245 by adding a measurement directly to the backend.
Is your feature request related to a problem? Please describe.
This feature will enable the client (the member of the consortium) to fetch the missing information to calculate the measurement. The OVMF version, the kernel command line arguments, and the number of vcpus and vcpu-type.
Describe the feature you are requesting, as well as the possible use case(s) for it.
The idea is to enable the users to calculate the expected measurement that is needed during the aTLS verification and validation process.
Indicate the importance of this feature to you.
Must-have
Anything else?
No response