[svsm-devel] vTPM service attestation format update
James Bottomley
James.Bottomley at HansenPartnership.com
Fri Feb 21 17:53:48 CET 2025
On Fri, 2025-02-21 at 08:39 -0800, Dionna Amalie Glaze wrote:
> > I'm not sure I exactly understand the proposal, but I think it's
> > that the type of endorsement key should be part of the input data
> > to the vTPM protocol attestation? In which case I agree.
> >
>
> Service attestation has no inputs other than the service guid and
> manifest version. If you want the key type to be an "input", then we
> need a service guid for each specific EK algorithm. We can treat the
> existing guid as for rsa_2048 if you prefer. That makes this an
> extension request rather than a change request.
That's a lot of GUIDs; why not simply define a guid for the additional
arguments and then pass them in in TPM form (except probably native
endian)?
Regards,
James
More information about the Svsm-devel
mailing list