From 286da304b2d1699aed38df73763acbed1eb6315f Mon Sep 17 00:00:00 2001
From: Tom Dohrmann <erbse.13@gmx.de>
Date: Fri, 23 Aug 2024 11:33:22 +0200
Subject: [PATCH] tdx/validator: add TODO about memory integrity

---
 internal/attestation/tdx/validator.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/internal/attestation/tdx/validator.go b/internal/attestation/tdx/validator.go
index 59c967ca19..8cf8443b2c 100644
--- a/internal/attestation/tdx/validator.go
+++ b/internal/attestation/tdx/validator.go
@@ -90,6 +90,8 @@ func (v *Validator) OID() asn1.ObjectIdentifier {
 
 // Validate a TDX attestation.
 func (v *Validator) Validate(ctx context.Context, attDocRaw []byte, nonce []byte, peerPublicKey []byte) (err error) {
+	// TODO(freax13): Validate the memory integrity mode (logical vs cryptographic) in the provisioning certificate.
+
 	v.logger.Info("Validate called", "nonce", hex.EncodeToString(nonce))
 	defer func() {
 		if err != nil {