[edk2-devel] [PATCH 3/4] OvmfPkg: Implement BlobMeasurementLibTdx
Gerd Hoffmann
kraxel at redhat.com
Mon May 23 08:14:05 UTC 2022
> +EFI_STATUS
> +EFIAPI
> +MeasureKernelBlob (
> + IN CONST CHAR16 *BlobName,
> + IN UINT32 BlobNameSize,
> + IN CONST VOID *BlobBase,
> + IN UINT32 BlobSize
> + )
> +{
> + EFI_STATUS Status;
> + UINT32 MrIndex;
> + EFI_CC_EVENT *CcEvent;
> +
> + if ((BlobBase == 0) || (BlobSize == 0)) {
> + ASSERT (FALSE);
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + if (mCcProtocol == NULL) {
> + Status = gBS->LocateProtocol (&gEfiCcMeasurementProtocolGuid, NULL, (VOID **)&mCcProtocol);
> + if (EFI_ERROR (Status)) {
> + //
> + // EFI_CC_MEASUREMENT_PROTOCOL protocol is not installed.
> + //
> + DEBUG ((DEBUG_ERROR, "%a: EFI_CC_MEASUREMENT_PROTOCOL protocol is not installed.\n", __FUNCTION__));
> + return EFI_NOT_FOUND;
> + }
> + }
I think it makes sense to support measurement to both tdx and tpm here.
> + Status = mCcProtocol->MapPcrToMrIndex (mCcProtocol, 4, &MrIndex);
Why PCR 4 for everything?
When grub measures to the tpm it uses PCR 8 (strings, i.e. configuration
and kernel command line) and PCR 9 (binaries, i.e. kernel + initrd).
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#89959): https://edk2.groups.io/g/devel/message/89959
Mute This Topic: https://groups.io/mt/91282949/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list