[edk2-devel] [PATCH V3 5/9] OvmfPkg/IntelTdx: Measure Td HobList and Configuration FV
Min Xu
min.m.xu at intel.com
Tue Apr 19 11:12:39 UTC 2022
On April 19, 2022 2:59 PM, Gerd Hoffmann wrote:
> On Mon, Apr 18, 2022 at 07:59:56AM +0800, Min Xu wrote:
> > RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853
> >
> > TdHobList and Configuration FV are external data provided by Host VMM.
> > These are not trusted in Td guest. So they should be validated ,
> > measured and extended to Td RTMR registers. In the meantime 2
> > EFI_CC_EVENT_HOB are created. These 2 GUIDed HOBs carry the hash
> value
> > of TdHobList and Configuration FV. In DXE phase EFI_CC_EVENT can be
> > created based on these
> > 2 GUIDed HOBs.
>
> Why this is done in the SEC phase?
TdHobList is consumed in SEC phase. So before it is consumed, it should be validated, measured.
CFV contains the information provisioned by host VMM, for example, the secure boot parameters. These external data should be validated and measured as well.
RTMR based measurement is implemented in TDVF Config-B (https://edk2.groups.io/g/devel/message/76367). Config-B skip the PEI phase.
So it just looks like the Tcg2Pei which measures FVs before handing off control to DXE.
Thanks
Min
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#89069): https://edk2.groups.io/g/devel/message/89069
Mute This Topic: https://groups.io/mt/90531017/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list