Hello,
SEV-SNP presently supports measurement of the initial VM state and generating attestation reports based on it. This is in itself sufficient to seal a VM, but it is also a bit limiting considering the longer VM lifecycle: During its lifecycle various parts of the VM may be upgraded (running kernel, software stack, ...) while the initial firmware "may" remain the same (and, particularly, may be *intended* to stay the same to retain the capability to arrive at the same sealing key).
Question: Is it now or will it at some future point become possible to perform chained-hash measurements and generate attestations for it, similarly to what a TPM supports? So specifically: 1. security processor measures initial boot state. 2. firmware measures bootloader, asks security processor to update hash. 3. bootloader loads further system software, asks security processor to update hash.
Thanks!
