On 4/11/24 05:33, Ard Biesheuvel wrote:
On Thu, 11 Apr 2024 at 12:29, Gerd Hoffmann <kra...@redhat.com> wrote:
On Thu, Apr 11, 2024 at 09:56:48AM +0000, Yao, Jiewen wrote:
Please allow me to clarify what you are proposing:
Do you mean in vTPM case, we extend both, but we only need TCG event log, NOT
CC event log?
Elsewhere in this thread it was mentioned that writing both vTPM and
RTMR events to the event log is problematic because the event log format
has no field to specify whenever a given event was measured to vTPM or
RTMR.
If the firmware can make sure all events are measured to both vTPM and
RTMR the need to trace them separately goes away.
So, yes, in case a vTPM is present the firmware would:
(a) expose EFI_TCG2_PROTOCOL, measure to both vTPM + RTMR
(b) not expose EFI_CC_MEASUREMENT_PROTOCOL
(c) log measurements to TCG event log
A TDX attestation would require the PCR to RTMR mapping used by the
firmware in order to reconstruct the RTMR values from the TCG event
log, but that seems feasible to me.
In any case, I think it should be the guest firmware's job to abstract
away the difference.
Agreed, this approach seems to be the best way forward.
Thanks,
Tom
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117633): https://edk2.groups.io/g/devel/message/117633
Mute This Topic: https://groups.io/mt/105070442/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
