Xynnn_
Xynnn_
@fitzthum Anyway, we should get an agreement on design goal of AS. The goal of the AS black box is to process TEE status (including all the measured parts) and...
@fitzthum There are two points: 1. This proposal currently only addresses the use of AS. It may have some impact on the use of KBS, but I'm not entirely sure...
Suppose a user has this requirement: how to handle it good enough? He has a set of TDX machines with the same basic kernel, ovmf, and rootfs, but different eventlog-related...
Hi @fitzthum @mythi I have a more reasonable proposal. Since policies can now have custom extensions, similarly, we can let policies control which submodules are generated, instead of the current...
In fact, the current form of JWT also suffers from the same confidentiality leakage problem, but JWTs are often short-lived rather than long-lived like passwords and usernames. Enabling HTTPS by...
> Do you think our current implementation of the KBS Protocol is secure without HTTPS? In theory the KBS protocol is fine in the plaintext, but we rely on session...
I think bring semantics related to KBS/kbs-protocol from token to KBS is a good point. But if we bring all initdata from the token it would be somehow coupled between...
> I feel like this is best left to the plugins themselves. We might be able to standardize some parts of the init-data, but we don't really know what plugins...
@fitzthum 1. Tee evidence version. What I mean is the structure of the json evidence format than hardware evidence. (like we adds an `eventlog` field). The code for hardware evidence...
My personal view we do not explicitly need ci test for backwards compatibility test. > Also, I am starting to think that we should just do release v1.0.0 now. What...