Per spec:
In order to let MigTD verify the MigPolicy from another MigTD, the VMM must put MigPolicy.policy_Key and MigPolicy.policy_SVN in TDINFO.MROWNER and TDINFO.MROWNERCONFIG respectively. The MigTD must verify that TDINFO.MROWNER/MROWNERCONFIG matches its own MigPolicy.policy_Key/policy_SVN and reject the operation if there is mismatch
Currently tdinfo_init not fully supported for spdm with following pending:
a) allow vmm pass in tdinfo_init (#822 )
b) tdinfo_init.MROWNER==src/dest.tdinfo.MROWNER
c) tdinfo_init.MROWNERCONFIG <= src and dest tdinfo.MROWNERCONFIG (policy_SVN)
d) migtd startup to check MROWNERCONFIG==my policy SVN; MROWNER==my policy signer
Per spec:
In order to let MigTD verify the MigPolicy from another MigTD, the VMM must put MigPolicy.policy_Key and MigPolicy.policy_SVN in TDINFO.MROWNER and TDINFO.MROWNERCONFIG respectively. The MigTD must verify that TDINFO.MROWNER/MROWNERCONFIG matches its own MigPolicy.policy_Key/policy_SVN and reject the operation if there is mismatch
Currently tdinfo_init not fully supported for spdm with following pending:
a) allow vmm pass in tdinfo_init (#822 )
b) tdinfo_init.MROWNER==src/dest.tdinfo.MROWNER
c) tdinfo_init.MROWNERCONFIG <= src and dest tdinfo.MROWNERCONFIG (policy_SVN)
d) migtd startup to check MROWNERCONFIG==my policy SVN; MROWNER==my policy signer