[edk2-devel] [PATCH 00/23] Enable Intel TDX in OvmfPkg (SEC/PEI)

Min Xu min.m.xu at intel.com
Wed Sep 1 05:41:43 UTC 2021 

On August 31, 2021 6:46 PM, Gerd Hoffmann wrote:
>   Hi,
> 
> > [TDX]: https://software.intel.com/content/dam/develop/external/us/en/
> > documents/tdx-whitepaper-final9-17.pdf
> 
> So, coming back to this after reading through a bunch of docs and patches with
> some high-level questions.  The whitepaper lists two ovmf configs:
> 
>   (1) config-a, supporting normal/sev/tdx with basic features.
>   (2) config-b, supporting normal/tdx with more features.
> 
> What of this is implemented by this patch series?
> config-a?  completely?  parts of it?
Because the total patch-sets for TDVF upstreaming is too big and there are 2 configurations.
So we split the upstreaming into below waves.
                 Config-A          Config-B               Phase
Wave-1        Y                       Y                    ResetVector
Wave-2        Y                       N                      SEC/PEI
Wave-3        Y                       N                        DXE
Wave-4        N                       Y                        SEC (PEI is skipped)
Wave-5        N                       Y                        DXE

So this patch-set is wave-2 and for Config-A (SEC/PEI).

> 
> The whitepaper also doesn't explain very well why we have two configurations
> in the first place.  It describes *what* are the differences but not *why* they are
> there.
The whitepaper describes the TDVF as a standalone image. It is *not* one image.
It can only run on TD guest.
Then came the *One Image* requirement. TDVF should be able to run on Legacy guest, 
Td guest, even SEV guest with ONE image. Things become very complicated. 
See discussion in  https://edk2.groups.io/g/devel/topic/83283616#76022
> 
> Apparently some of the additional features supported by config-b are either
> more difficult or impossible to implement in config-a.
> Is that correct?  Is that explained in more detail somewhere?
It's correct. Some additional features are not supported in Config-A. For example the TD
RTMR based measured boot. 
There are design slides, recorded meetings in below link
https://edk2.groups.io/g/devel/files/Designs/2021/0611
Any questions please let us know. We will try our best to answer/address your concerns. 

Thanks!
Min


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80048): https://edk2.groups.io/g/devel/message/80048
Mute This Topic: https://groups.io/mt/84837888/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list