You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed that recently (November 2022, rev 1.54) the SEV SNP Firmware ABI Spec doc was updated to include references to VLEK, which seems to be a replacement of the VCEK that has a parent key which resides with AMD. In fact, they even added a VCEK_DIS/VcekDis flag to completely disable VCEK.
See section 3.6 of the updated ABI Spec doc.
Wondering if (depending on implementation) this is a sufficient mitigation against the arbitrary remote attestation? (as long as the verifier knows to use the VLEK cert instead of the VCEK cert)
The text was updated successfully, but these errors were encountered:
I noticed that recently (November 2022, rev 1.54) the SEV SNP Firmware ABI Spec doc was updated to include references to VLEK, which seems to be a replacement of the VCEK that has a parent key which resides with AMD. In fact, they even added a VCEK_DIS/VcekDis flag to completely disable VCEK.
See section 3.6 of the updated ABI Spec doc.
Wondering if (depending on implementation) this is a sufficient mitigation against the arbitrary remote attestation? (as long as the verifier knows to use the VLEK cert instead of the VCEK cert)
The text was updated successfully, but these errors were encountered: