With flashtestations, op-rbuilder generates ephemeral flashtestation key on start, that it then uses to generate TDX quote.

On every restart it's a new key, which means that if op-rbuilder was restarted for whatever reason, it's a new key and new attestation, even if the TD box is still the same.

Since restarts can occur automatically (e.g. due to failure, and subsequent systemd unit auto-restart), it's preferred to keep the original ephemeral key around for the whole lifetime of the TD.

For example, the key could be kept in /run/flashtestation.key file (with 0600 perms) that would be written of first start, and re-read on each consecutive restart.