Comments (4)
I agree we need some differentiation. Another option is sevctl measurement {sev,snp} ...
. If we add sevctl secret build
as well then maybe it would need similar treatment.
Adding a sevctl sev
namespace might be a little ambiguous since all the current commands are already sev
commands.
I guess this probably only matters with commands that don't need to be run on sev host. Do you expect we can transparently make all of those work on SNP hosts, or explicitly error if the command isn't relevant? Then maybe it's best to restrict the sev
vs snp
namespace to the subcommands we know require differentiation that we can't detect at runtime.
from sevctl.
An example I think of is sevctl export
. Both commands for SEV and SNP would do the same thing (export the certificate chain). The only difference would be that the certificate chains are different for each architecture, so essentially it would make no sense to run sevctl export
on an SNP machine at the moment. If we were to add a command to do this for SNP, we would need to distinguish between the two. Somthing like sevctl ok
needn't concern itself with this, as it works the same on both architectures.
from sevctl.
Hmm I see. I didn't consider that you may want to run both SEV and SNP commands on an SNP machine, which can support both. If we need to differentiate that for most commands then I think either sevctl snp
or snpctl
makes sense.
from sevctl.
snpctl
was previously discussed, and ultimately the conclusion that was reached is just to continue using sevctl
, as SNP is still a SEV generation (and not a completely different TEE architecture altogether, depending on how you view it).
Is there a strong case to be made for creating snpctl
instead of using sevctl
to house these commands? I don't really see a convincing argument, yet I'm still open to the idea.
from sevctl.
Related Issues (16)
- Write a man-page
- New subcommand: sevctl-attest (with initial support for QEMU)
- Create and Tag Releases of Minor Versions
- Add full flag to cert export command documentation HOT 2
- About Launch_blob format
- sevctl export fails with HTTP400 error HOT 4
- Improve Microcode Support Identification HOT 3
- Test: VM Page Flush MSR Change
- sevctl export: unable to create output file HOT 2
- Measurement parameters HOT 1
- Add build documentation HOT 2
- Add build documentation HOT 1
- 'sevctl ok' and kernel reporting different status for BIOS SEV setup HOT 7
- How to export/extract different certs? HOT 1
- Not working on Standard DCads v5 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sevctl.