On Tue, Feb 18, 2025 at 8:57 AM Dave Hansen [off-list ref] wrote:
On 2/18/25 08:25, Dan Middleton wrote:
quoted
One common reason is to _identify the workload_ running in the VM.
Typically a VM attestation tells you that you booted to a clean state.
It is much more valuable to a Relying Party to know that they are
interacting
with a trusted application / workload.
Projects like CNCF Confidential Containers [1] and Attested Containers
[2] would like to do this.
That's a _bit_ of a different story than the series author mentioned here:
https://lore.kernel.org/all/be7e3c9d-208a-4bda-b8cf-9119f3e0c4ce@intel.com/ (local)
It would be great to see a solid, consistent story about what the
purpose of this series is when v2 is posted. As always, it would be even
better if it was obvious that this is not tied to one vendor or one
architecture.
If there are actual end users who care about this, it would be great to
see their acks on it as well.
We would like to have this for Google Confidential Space and Kubernetes Engine.
Acked-by: Dionna Glaze <redacted>
--
-Dionna Glaze, PhD, CISSP, CCSP (she/her)