You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Milan and Genoa use a different pair of ASK + ARK certificate chain. Milan is hardcoded (when requesting cert chain from AMD KDS). It makes for the time being, as the Azure CVM instances are Milan-based so far.
Impact
With the introduction of Genoa-Familiy instance types, KDS will be called with the wrong parameters fetched.
Ideal future situation
We provide forward compatibility for Genoa CPUs.
Implementation options
In the sev crate there is a platform detection heuristic (check which ASK signs the VCEK).
Additional information
This issue is mostly for tracking, it's not yet clear how CVM support would be implemented on Genoa instance types.
The text was updated successfully, but these errors were encountered:
Current situation
Milan and Genoa use a different pair of ASK + ARK certificate chain.
Milanis hardcoded (when requesting cert chain from AMD KDS). It makes for the time being, as the Azure CVM instances are Milan-based so far.Impact
With the introduction of
Genoa-Familiy instance types, KDS will be called with the wrong parameters fetched.Ideal future situation
We provide forward compatibility for
GenoaCPUs.Implementation options
In the
sevcrate there is a platform detection heuristic (check which ASK signs the VCEK).Additional information
This issue is mostly for tracking, it's not yet clear how CVM support would be implemented on Genoa instance types.
The text was updated successfully, but these errors were encountered: