On Wed, 2025-06-11 at 11:13 -0700, Sean Christopherson wrote: > On Wed, Jun 11, 2025, Rick P Edgecombe wrote: > > On Wed, 2025-06-11 at 09:26 -0700, Sean Christopherson wrote: > > > > GetQuote is not part of the "Base" TDVMCALLs and so has a bit in > > > > GetTdVmCallInfo. We could move it to base? > > > > > > Is GetQuote actually optional? TDX without attestation seems rather > > > pointless. > > > > I don't know if that was a consideration for why it got added to the optional > > category. The inputs were gathered from more than just Linux. > > If there's an actual use case for TDX without attestation, then by all means, > make it optional. I'm genuinely curious if there's a hypervisor that plans on > productizing TDX without supporting attestation. It's entirely possible (likely?) > I'm missing or forgetting something. With no intention to disrupt this discussion, but even w/o GetQuote TDX can also support attestation, because TD can just get the TDREPORT and send to remote Quoting Enclave to get it signed, via whatever communication channel available (vsock, TCP/IP etc). :-) It's just not all TDX guests have those communication channels available in CSP's deployment, and GetQuote can fill up the hole as a last resort. Of course now TD userspace may choose to only support GetQuote simply because kernel supports "unified ABI" to return remotely verifiable blob across vendors, but still ...
