Updates TD report field descriptions #413
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub. 1 Skipped Deployment
|
| - `XFAM`: Extended Features and Attributes Mask, indicating which CPU extended features are enabled for the Trust Domain. | ||
| - `TDAttributes`: Attributes describing the security properties and configuration of the Trust Domain. It's important to verify debug and performance measurements flags are not set. | ||
| - `XFAM`: Extended Features and Attributes Mask, indicating which CPU extended features are enabled for the Trust Domain. It's important to verify which flags are set. | ||
| - `ReportData`: Confidential-VM defined data included in the report (e.g., public key hash). |
There was a problem hiding this comment.
can you update ReportData's description as well? It's not just a public key hash anymore; it's a hash of arbitrary bytes data defined by the workload, used to allow the workload to attest to arbitrary data (such as a TEE-specific public key, workload constructor arguments, etc...
| - `MRCONFIGID`: same as `MROWNER` | ||
| - `TDAttributes`: Attributes describing the security properties and configuration of the Trust Domain. | ||
| - `XFAM`: Extended Features and Attributes Mask, indicating which CPU extended features are enabled for the Trust Domain. | ||
| - `TDAttributes`: Attributes describing the security properties and configuration of the Trust Domain. It's important to verify debug and performance measurements flags are not set. |
There was a problem hiding this comment.
It's important to verify debug and performance measurements flags are not set
Why?
Please add a sentence explaining what will happen if those flags are set. It's not clear to readers why this is true, so it feels ominous (like saying "don't re-use k values in ECDSA" and then Sony goes and re-uses k values because they don't know what the impact of doing that is).
| - `TDAttributes`: Attributes describing the security properties and configuration of the Trust Domain. | ||
| - `XFAM`: Extended Features and Attributes Mask, indicating which CPU extended features are enabled for the Trust Domain. | ||
| - `TDAttributes`: Attributes describing the security properties and configuration of the Trust Domain. It's important to verify debug and performance measurements flags are not set. | ||
| - `XFAM`: Extended Features and Attributes Mask, indicating which CPU extended features are enabled for the Trust Domain. It's important to verify which flags are set. |
There was a problem hiding this comment.
It's important to verify which flags are set.
Same spirit of comment as above. Please explain it further, because right now it's not clear what why this is important.
3 participants
Clarifies how each field is verified.