From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail03.groups.io (mail03.groups.io [45.79.227.220]) by spool.mail.gandi.net (Postfix) with ESMTPS id D4E84D80078 for ; Thu, 11 Apr 2024 10:33:52 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=BYoFZyhwvwznrWw/VngcIDuUoONM0AKWO7/edFuh/ko=; c=relaxed/simple; d=groups.io; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type; s=20240206; t=1712831631; v=1; b=LgIjRcR0j3Rei2IOVViRvrDW9NEdugVcwcwOfyqIak2D1Ts2VEArgVt3aMOiIWh27iIGv5Ox n98ADPAeBBAsViEmp0K/tMIrmP6Qf6a4S+3Jvigg2RYbrOAc0GNSpchJ7FfrmCscY9tcr8wdIHz uhAdMDOvuopMsfB6jMUqprjeUSlGE48IXsfFroZI2TE5z97nrqGln24Xqg4joVWhta/6mPIn4Yj ows1gRBUfIgsT6FKBJ3/2LvbZmtBjbrPc8yGp3D/xiVHEb9No56/7SRC1DSu/Br07SAfTVPRpqJ 5nW6MQa+m3xY+o66kQXKV9qSLkj+ODYf3AbR8ZSfUscPg== X-Received: by 127.0.0.2 with SMTP id 67CUYY7687511xr5H3Geqh4B; Thu, 11 Apr 2024 03:33:51 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.14445.1712831630727309818 for ; Thu, 11 Apr 2024 03:33:50 -0700 X-Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 05C8562046 for ; Thu, 11 Apr 2024 10:33:50 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8AFB9C433A6 for ; Thu, 11 Apr 2024 10:33:49 +0000 (UTC) X-Received: by mail-lf1-f43.google.com with SMTP id 2adb3069b0e04-516d09bd434so8595795e87.1 for ; Thu, 11 Apr 2024 03:33:49 -0700 (PDT) X-Gm-Message-State: SMJcBafVekcJBMgHTdVavIpFx7686176AA= X-Google-Smtp-Source: AGHT+IHYCFuXPzBDTBz7yrg+0lASIEr/L9MG1gNRCGPhRMrMICzuE2ua0gLM4X6q7jJZ/Ea3ZdH0d94h+zLsR+kCkes= X-Received: by 2002:a2e:b002:0:b0:2d6:cbf2:ed2b with SMTP id y2-20020a2eb002000000b002d6cbf2ed2bmr3696084ljk.30.1712831627724; Thu, 11 Apr 2024 03:33:47 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: "Ard Biesheuvel" Date: Thu, 11 Apr 2024 12:33:36 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [edk2-devel] [RFC PATCH] OvmfPkg/SecurityPkg: Add build option for coexistance of vTPM and RTMR. To: devel@edk2.groups.io, kraxel@redhat.com Cc: jiewen.yao@intel.com, Dionna Amalie Glaze , Mikko Ylinen , James Bottomley , Tom Lendacky , Michael Roth , qinkun Bao , "linux-coco@lists.linux.dev" , "Aktas, Erdem" , Peter Gonda , "Johnson, Simon P" , "Xiang, Qinglan" Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Thu, 11 Apr 2024 03:33:50 -0700 Resent-From: ardb@kernel.org Reply-To: devel@edk2.groups.io,ardb@kernel.org List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Type: text/plain; charset="UTF-8" X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=LgIjRcR0; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.227.220 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=kernel.org (policy=none) On Thu, 11 Apr 2024 at 12:29, Gerd Hoffmann wrote: > > On Thu, Apr 11, 2024 at 09:56:48AM +0000, Yao, Jiewen wrote: > > Please allow me to clarify what you are proposing: > > Do you mean in vTPM case, we extend both, but we only need TCG event log, NOT CC event log? > > Elsewhere in this thread it was mentioned that writing both vTPM and > RTMR events to the event log is problematic because the event log format > has no field to specify whenever a given event was measured to vTPM or > RTMR. > > If the firmware can make sure all events are measured to both vTPM and > RTMR the need to trace them separately goes away. > > So, yes, in case a vTPM is present the firmware would: > (a) expose EFI_TCG2_PROTOCOL, measure to both vTPM + RTMR > (b) not expose EFI_CC_MEASUREMENT_PROTOCOL > (c) log measurements to TCG event log > A TDX attestation would require the PCR to RTMR mapping used by the firmware in order to reconstruct the RTMR values from the TCG event log, but that seems feasible to me. In any case, I think it should be the guest firmware's job to abstract away the difference. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117630): https://edk2.groups.io/g/devel/message/117630 Mute This Topic: https://groups.io/mt/105070442/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-