public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH V3 0/9] Enable RTMR based measurement and measure boot for Td guest
@ 2022-04-17 23:59 Min Xu
  2022-04-17 23:59 ` [PATCH V3 1/9] Security: Add HashLibTdx Min Xu
                   ` (9 more replies)
  0 siblings, 10 replies; 27+ messages in thread
From: Min Xu @ 2022-04-17 23:59 UTC (permalink / raw)
  To: devel; +Cc: Min Xu

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853

Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology
that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory
Encryption (MKTME) with a new kind of virutal machines guest called a
Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the
confidentiality of TD memory contents and the TD's CPU state from other
software, including the hosting Virtual-Machine Monitor (VMM), unless
explicitly shared by the TD itself.

There are 2 configurations for TDVF to upstream. See below link for
the definitions of the 2 configurations.
https://edk2.groups.io/g/devel/message/76367

This patch-set is to enable below features of Config-B in OvmfPkg.
 - Enable RTMR based measurement and measured boot
 - Install CC_MEASUREMENT_PROTOCOL instance in Td guest

The measurement for the other components, such as kernel image, initrd,
will be introduced in the following patch-sets.

Patch 1:
HashLibTdx provides SHA384 service and extend to RTMR registers.

Patch 2:
SecCryptLib is the cryptographic library instance for SEC.

Patch 3 - 8:
These 6 patches are related to RTMR based measurement and
CC Eventlog ACPI table.

Patch 9:
Update IntelTdxX64.dsc/IntelTdxX64.fdf to support RTMR based
measurement and measured boot.

Code at: https://github.com/mxu9/edk2/tree/tdvf_wave4.v3

v3 changes:
 - Refine HashLibBaseCryptoRouterTdx to HashLibTdx
 - Add NULL version algorithms in SecCryptLib.
 - Add SecMeasurementLib which does the measurement in SEC phase.
 - Rebase EDK2 code base. (commit: 91a03f78ba)

v2 changes:
 - Move the definition of EFI_CC_EVENT_HOB_GUID from MdePkg to
   SecurityPkg.
 - Update the definition of EFI_CC_EVENTLOG_ACPI_TABLE based
   on below discussion:
   https://edk2.groups.io/g/devel/message/87396
   https://edk2.groups.io/g/devel/message/87402
 - Update the code base to 94f905b3bf.

Min Xu (9):
  Security: Add HashLibTdx
  CryptoPkg: Add SecCryptLib
  SecurityPkg: Add definition of EFI_CC_EVENT_HOB_GUID
  OvmfPkg: Introduce SecMeasurementLib
  OvmfPkg/IntelTdx: Measure Td HobList and Configuration FV
  OvmfPkg: Add PCDs for LAML/LASA field in CC EVENTLOG ACPI table
  MdePkg: Define CC Measure EventLog ACPI Table
  OvmfPkg/IntelTdx: Add TdTcg2Dxe
  OvmfPkg/IntelTdx: Enable RTMR based measurement and measure boot

 CryptoPkg/CryptoPkg.dsc                       |    4 +
 .../Library/BaseCryptLib/Hash/CryptMd5Null.c  |  163 ++
 .../Library/BaseCryptLib/Hash/CryptSha1Null.c |  166 ++
 .../BaseCryptLib/Hash/CryptSha256Null.c       |  162 ++
 .../Library/BaseCryptLib/Hash/CryptSm3Null.c  |  164 ++
 .../BaseCryptLib/Pk/CryptPkcs7VerifyEkuNull.c |  152 +
 .../BaseCryptLib/Pk/CryptRsaBasicNull.c       |  121 +
 .../Library/BaseCryptLib/SecCryptLib.inf      |   91 +
 MdePkg/Include/Protocol/CcMeasurement.h       |   21 +
 OvmfPkg/Include/Library/SecMeasurementLib.h   |   46 +
 OvmfPkg/IntelTdx/IntelTdxX64.dsc              |   16 +-
 OvmfPkg/IntelTdx/IntelTdxX64.fdf              |    5 +
 .../IntelTdx/TdTcg2Dxe/MeasureBootPeCoff.c    |  407 +++
 OvmfPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.c        | 2489 +++++++++++++++++
 OvmfPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.inf      |  101 +
 OvmfPkg/Library/PeilessStartupLib/IntelTdx.c  |  163 ++
 .../PeilessStartupLib/PeilessStartup.c        |   31 +
 .../PeilessStartupInternal.h                  |   17 +
 .../PeilessStartupLib/PeilessStartupLib.inf   |    8 +-
 .../SecMeasurementLib/SecMeasurementLibTdx.c  |  340 +++
 .../SecMeasurementLibTdx.inf                  |   30 +
 OvmfPkg/OvmfPkg.dec                           |   10 +
 SecurityPkg/Include/Guid/CcEventHob.h         |   22 +
 SecurityPkg/Library/HashLibTdx/HashLibTdx.c   |  207 ++
 SecurityPkg/Library/HashLibTdx/HashLibTdx.inf |   37 +
 SecurityPkg/SecurityPkg.dec                   |    4 +
 SecurityPkg/SecurityPkg.dsc                   |   10 +
 27 files changed, 4984 insertions(+), 3 deletions(-)
 create mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5Null.c
 create mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1Null.c
 create mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256Null.c
 create mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3Null.c
 create mode 100644 CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEkuNull.c
 create mode 100644 CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasicNull.c
 create mode 100644 CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
 create mode 100644 OvmfPkg/Include/Library/SecMeasurementLib.h
 create mode 100644 OvmfPkg/IntelTdx/TdTcg2Dxe/MeasureBootPeCoff.c
 create mode 100644 OvmfPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.c
 create mode 100644 OvmfPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.inf
 create mode 100644 OvmfPkg/Library/PeilessStartupLib/IntelTdx.c
 create mode 100644 OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.c
 create mode 100644 OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.inf
 create mode 100644 SecurityPkg/Include/Guid/CcEventHob.h
 create mode 100644 SecurityPkg/Library/HashLibTdx/HashLibTdx.c
 create mode 100644 SecurityPkg/Library/HashLibTdx/HashLibTdx.inf

-- 
2.29.2.windows.2


^ permalink raw reply	[flat|nested] 27+ messages in thread

end of thread, other threads:[~2022-04-21  9:25 UTC | newest]

Thread overview: 27+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-04-17 23:59 [PATCH V3 0/9] Enable RTMR based measurement and measure boot for Td guest Min Xu
2022-04-17 23:59 ` [PATCH V3 1/9] Security: Add HashLibTdx Min Xu
2022-04-17 23:59 ` [PATCH V3 2/9] CryptoPkg: Add SecCryptLib Min Xu
2022-04-18 15:31   ` [edk2-devel] " Michael D Kinney
2022-04-19 11:45     ` Min Xu
2022-04-17 23:59 ` [PATCH V3 3/9] SecurityPkg: Add definition of EFI_CC_EVENT_HOB_GUID Min Xu
2022-04-17 23:59 ` [PATCH V3 4/9] OvmfPkg: Introduce SecMeasurementLib Min Xu
2022-04-17 23:59 ` [PATCH V3 5/9] OvmfPkg/IntelTdx: Measure Td HobList and Configuration FV Min Xu
2022-04-19  6:58   ` Gerd Hoffmann
2022-04-19 11:12     ` Min Xu
2022-04-19 12:49       ` [edk2-devel] " Gerd Hoffmann
2022-04-19 14:06         ` Yao, Jiewen
2022-04-20  8:16           ` Gerd Hoffmann
2022-04-20  9:46             ` Yao, Jiewen
2022-04-20 16:05               ` Gerd Hoffmann
2022-04-20 14:25             ` James Bottomley
2022-04-20 16:29               ` Gerd Hoffmann
2022-04-20 22:29                 ` Yao, Jiewen
2022-04-21  9:14                   ` Gerd Hoffmann
2022-04-21  9:24                     ` Yao, Jiewen
2022-04-17 23:59 ` [PATCH V3 6/9] OvmfPkg: Add PCDs for LAML/LASA field in CC EVENTLOG ACPI table Min Xu
2022-04-17 23:59 ` [PATCH V3 7/9] MdePkg: Define CC Measure EventLog ACPI Table Min Xu
2022-04-18  1:23   ` Yao, Jiewen
2022-04-18  2:02     ` Min Xu
2022-04-17 23:59 ` [PATCH V3 8/9] OvmfPkg/IntelTdx: Add TdTcg2Dxe Min Xu
2022-04-18  0:00 ` [PATCH V3 9/9] OvmfPkg/IntelTdx: Enable RTMR based measurement and measure boot Min Xu
2022-04-18  1:43 ` [edk2-devel] [PATCH V3 0/9] Enable RTMR based measurement and measure boot for Td guest Yao, Jiewen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox