[svsm-devel] vTPM service attestation format update
Dionna Amalie Glaze
dionnaglaze at google.com
Fri Feb 21 17:39:51 CET 2025
> I'm not sure I exactly understand the proposal, but I think it's that
> the type of endorsement key should be part of the input data to the
> vTPM protocol attestation? In which case I agree.
>
Service attestation has no inputs other than the service guid and
manifest version. If you want the key type to be an "input", then we
need a service guid for each specific EK algorithm. We can treat the
existing guid as for rsa_2048 if you prefer. That makes this an
extension request rather than a change request.
--
-Dionna Glaze, PhD, CISSP, CCSP (she/her)
More information about the Svsm-devel
mailing list