From: "Min Xu" <min.m.xu@intel.com>
To: devel@edk2.groups.io
Cc: Min M Xu <min.m.xu@intel.com>,
Erdem Aktas <erdemaktas@google.com>,
James Bottomley <jejb@linux.ibm.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Michael Roth <michael.roth@amd.com>
Subject: [PATCH V6 10/12] OvmfPkg/OvmfPkgX64: Measure TdHob and Configuration FV in SecMain
Date: Fri, 3 Feb 2023 11:31:45 +0800 [thread overview]
Message-ID: <20230203033147.1332-11-min.m.xu@intel.com> (raw)
In-Reply-To: <20230203033147.1332-1-min.m.xu@intel.com>
From: Min M Xu <min.m.xu@intel.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243
TdHob and Configuration FV (Cfv) are external inputs from VMM. From the
security perspective, they should be measured before they're consumed.
This patch measures TdHob and Cfv and stores the measurement values in
WorkArea.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
OvmfPkg/Sec/SecMain.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index a27dc9406b70..4bb3b641701e 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -760,6 +760,19 @@ SecCoreStartupWithStack (
#if defined (TDX_GUEST_SUPPORTED)
if (CcProbe () == CcGuestTypeIntelTdx) {
+ //
+ // From the security perspective all the external input should be measured before
+ // it is consumed. TdHob and Configuration FV (Cfv) image are passed from VMM
+ // and should be measured here.
+ //
+ if (EFI_ERROR (TdxHelperMeasureTdHob ())) {
+ CpuDeadLoop ();
+ }
+
+ if (EFI_ERROR (TdxHelperMeasureCfvImage ())) {
+ CpuDeadLoop ();
+ }
+
//
// For Td guests, the memory map info is in TdHobLib. It should be processed
// first so that the memory is accepted. Otherwise access to the unaccepted
--
2.29.2.windows.2
next prev parent reply other threads:[~2023-02-03 3:32 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-03 3:31 [PATCH V6 00/12] Enable Tdx measurement in OvmfPkgX64 Min Xu
2023-02-03 3:31 ` [PATCH V6 01/12] OvmfPkg: Add Tdx measurement data structure in WorkArea Min Xu
2023-02-03 3:31 ` [PATCH V6 02/12] OvmfPkg/IntelTdx: Add TdxHelperLibNull Min Xu
2023-02-03 3:31 ` [PATCH V6 03/12] OvmfPkg/IntelTdx: Add SecTdxHelperLib Min Xu
2023-02-03 3:31 ` [PATCH V6 04/12] OvmfPkg/PeilessStartupLib: Update the define of FV_HANDOFF_TABLE_POINTERS2 Min Xu
2023-02-03 3:31 ` [PATCH V6 05/12] OvmfPkg: Refactor MeasureHobList Min Xu
2023-02-03 3:31 ` [PATCH V6 06/12] OvmfPkg: Refactor MeaureFvImage Min Xu
2023-02-03 3:31 ` [PATCH V6 07/12] OvmfPkg: Refactor ProcessHobList Min Xu
2023-02-03 3:31 ` [PATCH V6 08/12] OvmfPkg/IntelTdx: Measure TdHob and Configuration FV in SecMain Min Xu
2023-02-03 8:51 ` Gerd Hoffmann
2023-02-03 3:31 ` [PATCH V6 09/12] OvmfPkg/IntelTdx: Add PeiTdxHelperLib Min Xu
2023-02-03 3:31 ` Min Xu [this message]
2023-02-03 3:31 ` [PATCH V6 11/12] OvmfPkg/PlatformPei: Build GuidHob for Tdx measurement Min Xu
2023-02-03 3:31 ` [PATCH V6 12/12] OvmfPkg: Support Tdx measurement in OvmfPkgX64 Min Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230203033147.1332-11-min.m.xu@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox