[edk2-devel] [PATCH 0/4] Measure kernel blob

Min Xu min.m.xu at intel.com
Mon May 23 05:55:38 UTC 2022 

Kernel blobs include the kernel image, initrd, command line. These are
external inputs from host VMM. In some platforms,such as Tdx environment,
Host VMM is treated as un-trusted. So these external inputs should be
measured.

This patch-set imports a new library class (BlobMeasurementLib). It is
designed to do the blob measurement, including the kernel blob
measurement. In the future, it will do other blob measurement, such as
measuring ACPI table which is also passed from host VMM.

The code is at: https://github.com/mxu9/edk2/tree/MeasureKernelBlob.v1

Cc: Ard Biesheuvel <ardb+tianocore at kernel.org>
Cc: Jordan Justen <jordan.l.justen at intel.com>
Cc: Ashish Kalra <ashish.kalra at amd.com>
Cc: Brijesh Singh <brijesh.singh at amd.com>
Cc: Erdem Aktas <erdemaktas at google.com>
Cc: James Bottomley <jejb at linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao at intel.com>
Cc: Tom Lendacky <thomas.lendacky at amd.com>
Cc: Sami Mujawar <sami.mujawar at arm.com>
Cc: Gerd Hoffmann <kraxel at redhat.com>
Signed-off-by: Min Xu <min.m.xu at intel.com>

Min Xu (4):
  OvmfPkg: Add library class BlobMeasurementLib with null implementation
  OvmfPkg: Add BlobMeasurementLibNull to dsc
  OvmfPkg: Implement BlobMeasurementLibTdx
  OvmfPkg: Call MeasureKernelBlob after fetch from fw_cfg

 ArmVirtPkg/ArmVirtQemu.dsc                    |  1 +
 ArmVirtPkg/ArmVirtQemuKernel.dsc              |  1 +
 OvmfPkg/AmdSev/AmdSevX64.dsc                  |  2 +
 OvmfPkg/CloudHv/CloudHvX64.dsc                |  1 +
 OvmfPkg/Include/Library/BlobMeasurementLib.h  | 38 ++++++++
 .../BlobMeasurementLibTdx/BlobMeasurement.c   | 87 +++++++++++++++++++
 .../BlobMeasurementLibTdx.inf                 | 30 +++++++
 OvmfPkg/IntelTdx/IntelTdxX64.dsc              |  1 +
 .../BlobMeasurementLibNull.c                  | 34 ++++++++
 .../BlobMeasurementLibNull.inf                | 24 +++++
 OvmfPkg/Microvm/MicrovmX64.dsc                |  1 +
 OvmfPkg/OvmfPkg.dec                           |  3 +
 OvmfPkg/OvmfPkgIa32.dsc                       |  1 +
 OvmfPkg/OvmfPkgIa32X64.dsc                    |  1 +
 OvmfPkg/OvmfPkgX64.dsc                        |  1 +
 OvmfPkg/OvmfXen.dsc                           |  1 +
 .../QemuKernelLoaderFsDxe.c                   | 13 +++
 17 files changed, 240 insertions(+)
 create mode 100644 OvmfPkg/Include/Library/BlobMeasurementLib.h
 create mode 100644 OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurement.c
 create mode 100644 OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf
 create mode 100644 OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.c
 create mode 100644 OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.inf

-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#89954): https://edk2.groups.io/g/devel/message/89954
Mute This Topic: https://groups.io/mt/91282945/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list