On Thu, Jan 19, 2023 at 11:28:13AM +0800, Min Xu wrote: > From: Min M Xu <min.m...@intel.com> > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243 > > From the perspective of security any external input should be measured > and extended to some registers (TPM PCRs or TDX RTMR registers). > > There are below 2 external input in a Td guest: > - TdHob > - Configuration FV (CFV) > > TdHob contains the resource information passed from VMM, such as > unaccepted memory region. CFV contains the configurations, such as > secure boot variables. > > TdHob and CFV should be measured and extended to RTMRs before they're > consumed. TdHob is consumed in the very early stage of boot process. > At that moment the memory service is not ready. Cfv is consumed in > PlatformPei to initialize the EmuVariableNvStore. To make the > implementation simple and clean, these 2 external input are measured > and extended to RTMRs in SEC phase. That is to say the tdx measurement > is only supported in SEC phase. > > After the measurement the hash values are stored in WorkArea. Then after > the Hob service is available, these 2 measurement values are retrieved > and GuidHobs for these 2 tdx measurements are generated. > > This patch defines the structure of TDX_MEASUREMENTS_DATA in > SEC_TDX_WORK_AREA to store above 2 tdx measurements. It can be extended > to store more tdx measurements if needed in the future.
Acked-by: Gerd Hoffmann <kra...@redhat.com> -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#98879): https://edk2.groups.io/g/devel/message/98879 Mute This Topic: https://groups.io/mt/96370894/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
