[edk2-devel] [PATCH V2 01/10] OvmfPkg: Add Tdx measurement data structure in WorkArea
Gerd Hoffmann
kraxel at redhat.com
Thu Jan 19 09:33:24 UTC 2023
On Thu, Jan 19, 2023 at 11:28:13AM +0800, Min Xu wrote:
> From: Min M Xu <min.m.xu at intel.com>
>
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243
>
> From the perspective of security any external input should be measured
> and extended to some registers (TPM PCRs or TDX RTMR registers).
>
> There are below 2 external input in a Td guest:
> - TdHob
> - Configuration FV (CFV)
>
> TdHob contains the resource information passed from VMM, such as
> unaccepted memory region. CFV contains the configurations, such as
> secure boot variables.
>
> TdHob and CFV should be measured and extended to RTMRs before they're
> consumed. TdHob is consumed in the very early stage of boot process.
> At that moment the memory service is not ready. Cfv is consumed in
> PlatformPei to initialize the EmuVariableNvStore. To make the
> implementation simple and clean, these 2 external input are measured
> and extended to RTMRs in SEC phase. That is to say the tdx measurement
> is only supported in SEC phase.
>
> After the measurement the hash values are stored in WorkArea. Then after
> the Hob service is available, these 2 measurement values are retrieved
> and GuidHobs for these 2 tdx measurements are generated.
>
> This patch defines the structure of TDX_MEASUREMENTS_DATA in
> SEC_TDX_WORK_AREA to store above 2 tdx measurements. It can be extended
> to store more tdx measurements if needed in the future.
Acked-by: Gerd Hoffmann <kraxel at redhat.com>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#98879): https://edk2.groups.io/g/devel/message/98879
Mute This Topic: https://groups.io/mt/96370894/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list