Re: [PATCH 0/4] keys: Introduce a keys frontend for attestation reports

From: Dionna Amalie Glaze
Date: Tue Aug 08 2023 - 14:15:28 EST

Next message: Dhruva Gole: "[PATCH 0/2] pinctrl-single: introduce am654-padconf compatible"
Previous message: Breno Leitao: "Re: [PATCH v2 1/8] net: expose sock_use_custom_sol_socket"
In reply to: Dan Williams: "Re: [PATCH 0/4] keys: Introduce a keys frontend for attestation reports"
Next in thread: Dan Williams: "Re: [PATCH 0/4] keys: Introduce a keys frontend for attestation reports"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>
> I do not see sysfs precluding a use case like that. If the kernel can
> call out to userspace for TLS connection setup [1], then advanced user
> can call out to a daemon for workload provenance setup. Recall that TDX
> will round trip through the quoting enclave for these reports and,
> without measuring, that seems to have the potential to dominate the
> setup time vs the communication to ask a daemon to convey a report.
>

It's rather hard to get new daemons approved for container
distributions since they end up as resource hogs.
I really don't think it's appropriate to delegate to a daemon to
single-thread use of a kernel interface when the interface could
provide functional semantics to begin with.

> [1]: https://lore.kernel.org/all/168174169259.9520.1911007910797225963.stgit@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/

--
-Dionna Glaze, PhD (she/her)

Next message: Dhruva Gole: "[PATCH 0/2] pinctrl-single: introduce am654-padconf compatible"
Previous message: Breno Leitao: "Re: [PATCH v2 1/8] net: expose sock_use_custom_sol_socket"
In reply to: Dan Williams: "Re: [PATCH 0/4] keys: Introduce a keys frontend for attestation reports"
Next in thread: Dan Williams: "Re: [PATCH 0/4] keys: Introduce a keys frontend for attestation reports"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]