-
Notifications
You must be signed in to change notification settings - Fork 99
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
attester: tdx: strip CCEL #575
base: main
Are you sure you want to change the base?
Conversation
I had forgotten this. It's tested and ready now:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the patch and this would make great sense to efficiency. This is the producer side code. I wonder if any unit tests with ccels that produced by this patch could be added to the verifier side?
It's possible to update |
b27905c
to
3c89f87
Compare
The CCEL log is made available through an ACPI sysfs entry and is of size "log_area_minimum_length". OVMF sets it to 64k. The current tdx-attester code reads the whole blob and it's used as is in encoding and when sent over the wire. Test runs suggests that it could be beneficial to strip the log before processing it further: Squeezed from 65536 to 5064 bytes The stripping follows the same pattern as what eventlog-rs does on the receiving end (we keep the same "stop flag" in the blob to keep things compatible). Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Fixes: #569
The CCEL log is made available through an ACPI sysfs entry and is of size "log_area_minimum_length". OVMF sets it to 64k.
The current tdx-attester code reads the whole blob and it's used as is in encoding and when sent over the wire.
Test runs suggests that it could be beneficial to strip the log before processing it further:
Squeezed from 65536 to 5064 bytes
The stripping follows the same pattern as what eventlog-rs does on the receiving end (we keep the same "stop flag" in the blob to keep things compatible).