Tyler Fanelli
Tyler Fanelli
@haesbaert There seems to be some conflicts with this PR as a lot has been done since its submission. Do you mind rebasing on `main`?
> 1. KBS deployed on the same Kubernetes cluster running CoCo workloads. > a. With integrated KMS (filestore) for storing secrets. > b. Without integrated KMS. CDH is used to...
> This is an interesting proposal. I need to think about it a bit more, but here are a few questions. > > First, as you mention we already have...
> Overall, I think the api `/register` of such semantics would be of great use to workload identity. Also, leveraging `HOSTDATA` field to identify workloads sounds good to me. Before...
@jepio @fitzthum @Xynnn007 I'm thinking of SVSM, which attests before the OS is booted and AFAIK doesn't have any interfaces for shared memory currently. I chose `HOST_DATA` because it would...
Just a few thoughts: > > ## Motivation > While working on a recent proof-of-concept (PoC) to create a generic certificate caching service, it became evident to me that Trustee...
The updated attestation reports from AMD have the generation (Milan, Genoa, etc) encoded within them. Once the updated firmware lands, this should be resolvable by fetching certs based on the...
Just for issue tracking, has this been contributed yet? If not, no worries.
> Am I right about the dataflow about the design? > > 1. keylime verified the evidence, and it only returns Ok or Fail Yes, although this is temporary. Once...
> Cool. Keylime API seems kinda weak tbh, but I guess we can support it. It is weak right now. Keylime has its own policy format it follows for TPMs,...