vTPM support #59
Comments
|
Hi @drasko, |
|
Hi @cclaudio - first, thangs for the exceptional work you are doing! We (Ultraviolet) are working on cocos.ai, and currently, we are using AMD SEV-SNP. We are capable to do a usual AMD measurement from the guest, but it takes into account only UEFI OVMF block. AMD considers that the integrity of other SW booting phases (notably kernel and rootfs) needs to be established via chain-of-trust. This is where we intend to use vTPM. Currently, we are changing/configuring EDK2 TianoCore to use a Secure Boot with subsequent artifacts - notably kernel and initramfs, which we try to boot exclusively in RAM, and this might be sufficient for putting trust in the whole CVM. But on the other hand - it might be not, and then only tool we can think that can help is TPM. Probably even when we enable Secure Boot - we will still need TPM or additional check and trust. As soon as we finish our work on Secure Boot, we will try to help with your work and contribute as much as we can. |
Hello,
does linux-svsm already implements vTPM support and are there some examples that show how to use this to achieve vTPM in the Guest OS?
The text was updated successfully, but these errors were encountered: