Re: [edk2-devel] [PATCH V3 5/9] OvmfPkg/IntelTdx: Measure Td HobList and Configuration FV

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Gerd Hoffmann" <kraxel@redhat.com>
To: devel@edk2.groups.io, min.m.xu@intel.com
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>,
	"Yao, Jiewen" <jiewen.yao@intel.com>,
	"Justen, Jordan L" <jordan.l.justen@intel.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	"Aktas, Erdem" <erdemaktas@google.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Tom Lendacky <thomas.lendacky@amd.com>
Subject: Re: [edk2-devel] [PATCH V3 5/9] OvmfPkg/IntelTdx: Measure Td HobList and Configuration FV
Date: Tue, 19 Apr 2022 14:49:01 +0200	[thread overview]
Message-ID: <20220419124901.idh7zaff3os6532f@sirius.home.kraxel.org> (raw)
In-Reply-To: <CO1PR11MB505826638A0961DD75ECF942C5F29@CO1PR11MB5058.namprd11.prod.outlook.com>

On Tue, Apr 19, 2022 at 11:12:39AM +0000, Min Xu wrote:
> On April 19, 2022 2:59 PM, Gerd Hoffmann wrote:
> > On Mon, Apr 18, 2022 at 07:59:56AM +0800, Min Xu wrote:
> > > RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853
> > >
> > > TdHobList and Configuration FV are external data provided by Host VMM.
> > > These are not trusted in Td guest. So they should be validated ,
> > > measured and extended to Td RTMR registers. In the meantime 2
> > > EFI_CC_EVENT_HOB are created. These 2 GUIDed HOBs carry the hash
> > value
> > > of TdHobList and Configuration FV. In DXE phase EFI_CC_EVENT can be
> > > created based on these
> > > 2 GUIDed HOBs.
> > 
> > Why this is done in the SEC phase?
> TdHobList is consumed in SEC phase. So before it is consumed, it should be validated, measured.

Yes for validation (aka sanity-checking the fields, etc).
But for measurement I don't see why the ordering matters.
Whenever you do that before or after consuming the TdHob
should not make a difference.

> CFV contains the information provisioned by host VMM, for example, the
> secure boot parameters. These external data should be validated and
> measured as well.

Same argument here.

You pull a bunch of stuff into SEC (sha384, ...), and I'm wondering
whenever it would be better to move measurement to DXE instead where
you just don't need that kind of changes.

take care,
  Gerd

next prev parent reply	other threads:[~2022-04-19 12:49 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-17 23:59 [PATCH V3 0/9] Enable RTMR based measurement and measure boot for Td guest Min Xu
2022-04-17 23:59 ` [PATCH V3 1/9] Security: Add HashLibTdx Min Xu
2022-04-17 23:59 ` [PATCH V3 2/9] CryptoPkg: Add SecCryptLib Min Xu
2022-04-18 15:31   ` [edk2-devel] " Michael D Kinney
2022-04-19 11:45     ` Min Xu
2022-04-17 23:59 ` [PATCH V3 3/9] SecurityPkg: Add definition of EFI_CC_EVENT_HOB_GUID Min Xu
2022-04-17 23:59 ` [PATCH V3 4/9] OvmfPkg: Introduce SecMeasurementLib Min Xu
2022-04-17 23:59 ` [PATCH V3 5/9] OvmfPkg/IntelTdx: Measure Td HobList and Configuration FV Min Xu
2022-04-19  6:58   ` Gerd Hoffmann
2022-04-19 11:12     ` Min Xu
2022-04-19 12:49       ` Gerd Hoffmann [this message]
2022-04-19 14:06         ` [edk2-devel] " Yao, Jiewen
2022-04-20  8:16           ` Gerd Hoffmann
2022-04-20  9:46             ` Yao, Jiewen
2022-04-20 16:05               ` Gerd Hoffmann
2022-04-20 14:25             ` James Bottomley
2022-04-20 16:29               ` Gerd Hoffmann
2022-04-20 22:29                 ` Yao, Jiewen
2022-04-21  9:14                   ` Gerd Hoffmann
2022-04-21  9:24                     ` Yao, Jiewen
2022-04-17 23:59 ` [PATCH V3 6/9] OvmfPkg: Add PCDs for LAML/LASA field in CC EVENTLOG ACPI table Min Xu
2022-04-17 23:59 ` [PATCH V3 7/9] MdePkg: Define CC Measure EventLog ACPI Table Min Xu
2022-04-18  1:23   ` Yao, Jiewen
2022-04-18  2:02     ` Min Xu
2022-04-17 23:59 ` [PATCH V3 8/9] OvmfPkg/IntelTdx: Add TdTcg2Dxe Min Xu
2022-04-18  0:00 ` [PATCH V3 9/9] OvmfPkg/IntelTdx: Enable RTMR based measurement and measure boot Min Xu
2022-04-18  1:43 ` [edk2-devel] [PATCH V3 0/9] Enable RTMR based measurement and measure boot for Td guest Yao, Jiewen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220419124901.idh7zaff3os6532f@sirius.home.kraxel.org \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox