Adam Dunlap, Christopher Oo, Cláudio Carvalho, Dionna Glaze, Geoffrey Ndu, Huibo Wang, James Bottomley, Jean, Joerg Roedel, Jon Lange, Nicolai Stange, Oliver Steffen, Peter Fang, Stefano Garzarella, Supreshna (HPE), Tom Lendacky, Tyler Fanelli, Vasant Karasulli
- No meeting on January 22nd, 2025, next meeting on January 29th.
- Geoffrey Ndu introduced a proposal for VTPM persistence, a different approach from current work.
- Jean presented a security analysis of the current proposal and outlined their new proposal. Slides Google Doc
- Key points of the presentation:
- Maintaining confidentiality and authentication of persisted keys.
- Addressing the unique security challenges of CVMs.
- Ensuring backward compatibility with existing applications.
- Accommodating edge use cases with unreliable Internet connectivity.
- Discussion points:
- The role of an attestation bridge in ensuring end-to-end secure channel.
- The use of ephemeral vs. persistent EKs for attestation.
- The importance of binding attestation to specific CVM instances.
- The challenges of detecting rollback in CVM environments.
- The potential use of a rolling hash and counter to detect rollback.