From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 by mx.groups.io with SMTP id smtpd.web10.2882.1650366763627833852
 for <devel@edk2.groups.io>;
 Tue, 19 Apr 2022 04:12:44 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=gQZV+SxY;
 spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: min.m.xu@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1650366763; x=1681902763;
  h=from:to:cc:subject:date:message-id:references:
   in-reply-to:content-transfer-encoding:mime-version;
  bh=LJlDKWna4JwRqC7fNRcAjfEcBTNigMg+Cxa0XzUH9DU=;
  b=gQZV+SxYJSRwfDuoQuAQ34tVSfUTGmSh2L9C4+fw1OKqE8oUrKCwZzrb
   jayIpSc2pwY3tUF08p7gzsJreF49GICMKztSB7BlPYu6dITkgwAzGHSW4
   gHXm7O/RoD9Kf2o8Dip8aFPKIDN/QA3QFvuUOfUzboyyKi/bS5A+IermX
   fZfYomKuzf0TJeKxM5J8H1pWsfRxIT2w+TYYTpjqdteHkQMzdKNo8ZB8X
   0ABEwlFabnTVP9Skg/VPPYwcfmhYHPll2Wc/zzJo+zhj9ZD8oaleYl0Sn
   ywIsPZVmasI67w+jBv4UPRygAwMP+/HD8aAoLzCOpicby3ajUW5ntm7rS
   w==;
X-IronPort-AV: E=McAfee;i="6400,9594,10321"; a="263201959"
X-IronPort-AV: E=Sophos;i="5.90,272,1643702400"; 
   d="scan'208";a="263201959"
Received: from orsmga001.jf.intel.com ([10.7.209.18])
  by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2022 04:12:42 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.90,272,1643702400"; 
   d="scan'208";a="592742053"
Received: from orsmsx606.amr.corp.intel.com ([10.22.229.19])
  by orsmga001.jf.intel.com with ESMTP; 19 Apr 2022 04:12:42 -0700
Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by
 ORSMSX606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.27; Tue, 19 Apr 2022 04:12:42 -0700
Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by
 orsmsx612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.27 via Frontend Transport; Tue, 19 Apr 2022 04:12:42 -0700
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.103)
 by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2308.27; Tue, 19 Apr 2022 04:12:42 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=oYDvfYap5H/m7rbfrYNLZUfg4vIqftkCJghVAFRo2XovYXjgevwVg84Hq63X4lTCpZodJalHyPs6BVM5yy+IpkDgfcLVrkGWNcBKyJjqq1H6NcSpQQjaKDe9XZJE1nh37d8M71KcsiMKJMiKGv/t+x8HzfO46gkWyASEidb9elsZlJP2IGiO4bIKJcXjKE8R+zTFGx03JpZ32O+gwtEHqk/il0qBFtmrVGSCs+wyCrlPioJXAH1DGgT/9qySFoRK2agDotHc9VxbQS2F7jJU3GgcJYO3CudKP3NhiF6l98yDc+mJar0X/5BU5JWdTl5ouRM/JwEQSd6elOrVMSw42Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=LJlDKWna4JwRqC7fNRcAjfEcBTNigMg+Cxa0XzUH9DU=;
 b=YF+CtTAfrAxY1i3XwBs/IFpQPDvWfEKwLD9lXiMpfHWemYnJ5QfG4JfKau8emtKUT3wuXyWX4qDuJVz8/pSmS+ewTuJDxjavCYuIIHNzBQyW0f6lC7c2rZNrVl2apedR2d708UFiUXQ7L8SenijIS9yVLjmEmLBwQvHo/srlbg1cNrq7J1SKpJLY7qkxs3oT4akKbfCt0z/w6axkvFJK0JpCi+PtBIu+R86HP6rtwjYiGHRuSabG8p0tTh8xmZmtlkRZ+CvPI7M6v79GaBMXFQOYr4820pyON6vUIFjvzzAjJhqcNxBbi3OqbT4kBQGX61CjcoTgv4B500Lbcs/0Qg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
Received: from CO1PR11MB5058.namprd11.prod.outlook.com (2603:10b6:303:99::17)
 by DM6PR11MB3964.namprd11.prod.outlook.com (2603:10b6:5:19c::28) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5164.20; Tue, 19 Apr
 2022 11:12:39 +0000
Received: from CO1PR11MB5058.namprd11.prod.outlook.com
 ([fe80::35d4:c584:1289:9d94]) by CO1PR11MB5058.namprd11.prod.outlook.com
 ([fe80::35d4:c584:1289:9d94%9]) with mapi id 15.20.5164.025; Tue, 19 Apr 2022
 11:12:39 +0000
From: "Min Xu" <min.m.xu@intel.com>
To: Gerd Hoffmann <kraxel@redhat.com>
CC: "devel@edk2.groups.io" <devel@edk2.groups.io>, Ard Biesheuvel
	<ardb+tianocore@kernel.org>, "Yao, Jiewen" <jiewen.yao@intel.com>, "Justen,
 Jordan L" <jordan.l.justen@intel.com>, Brijesh Singh <brijesh.singh@amd.com>,
	"Aktas, Erdem" <erdemaktas@google.com>, James Bottomley <jejb@linux.ibm.com>,
	Tom Lendacky <thomas.lendacky@amd.com>
Subject: Re: [PATCH V3 5/9] OvmfPkg/IntelTdx: Measure Td HobList and Configuration FV
Thread-Topic: [PATCH V3 5/9] OvmfPkg/IntelTdx: Measure Td HobList and
 Configuration FV
Thread-Index: AQHYUrdpazMcepPULU625tgLa2Zrfaz20GqAgABBSvA=
Date: Tue, 19 Apr 2022 11:12:39 +0000
Message-ID: <CO1PR11MB505826638A0961DD75ECF942C5F29@CO1PR11MB5058.namprd11.prod.outlook.com>
References: <cover.1650239544.git.min.m.xu@intel.com>
 <1992c4538efeb3cd3d2e53bd02f2dd24663e9825.1650239544.git.min.m.xu@intel.com>
 <20220419065851.mwjpm6jaeu3zudjk@sirius.home.kraxel.org>
In-Reply-To: <20220419065851.mwjpm6jaeu3zudjk@sirius.home.kraxel.org>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-product: dlpe-windows
dlp-reaction: no-action
dlp-version: 11.6.401.20
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 103719a4-5d3c-44cc-4f4e-08da21f58427
x-ms-traffictypediagnostic: DM6PR11MB3964:EE_
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-microsoft-antispam-prvs: <DM6PR11MB3964711680535A1133BCB3CAC5F29@DM6PR11MB3964.namprd11.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: FUUzL1z+jlUj659zaAVJas8gW1bN96m/QV29rwZc/ozJIvY9LXPr0xvVvkhLEiBMF0LGm5AjjmAv/N2WTBRcLNENnM7dvXCgdApCFjp5F/Ve9PDgPEqWGd5VuWetIOJf36MakJiqGukPRMnmwPYgJOXP/xz3kNhDzw1U4AGlt9Qq1riVvSkBtYctLSUvhVFmF5zVJNLJMNrCQ1nj/0qFLc4srCxtKthf28j/owUr+G6Nz4mStfrgoL4c5ggj4dsUE8awMR9GH+lcc0ec2lB3mMwB13vWDjuZeRPgBW0t0TelmkdduL6gb1iDueiP3j5bn+oTZKR0nf0Pzhcnl3PTKLKqLhT9FnDv016VyBvP5PEr/DIoZ4ihLyCa33ktTNKu+2mYWgll5hLCnkRzDqaF+6Yptjt/wCD13ttBJ2kBMCNLN/5AeAwh+IPF0ar1l/EkGMPQfr2TG8d8zE+PK6tOXfBqHbuQz8cqbxY5f6WC47ipfpm0G6e6AJh6n4Btz3Aalen43QKjjKOpJVawx1MSW9k4gQ+HQmOs907XQ7lHgf3LomhrkYF5r4aYplSagYVsIy4Ke+92somvCEvBwf27nRxBwyUlMHnZcUekk6tB2xG5trVciaJjoFR+1wKMiEehADW/sJjhtnJ3XDTp8mlKtyA9B9MDhXJ8ReN4sF8jubi1JyV34irGAYoA2Lt3BBuVFwRVllh0zpI6tHehGdTrE+67mJgpLAv10hZ60yoSaV9SLadMy/RXeYHo56CJAhxbs5MCLUuoF9QzYKeI4P+6rmnfTsMdxBSMi97m8lpo54nlWCm+uQE/oOpVc4X3YdfhGpzxITlctB6yseOxFemV1g==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO1PR11MB5058.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(26005)(6506007)(66476007)(66946007)(8676002)(186003)(66446008)(966005)(86362001)(83380400001)(71200400001)(122000001)(508600001)(316002)(82960400001)(7696005)(9686003)(38100700002)(55016003)(4326008)(64756008)(6916009)(54906003)(38070700005)(66556008)(76116006)(33656002)(2906002)(8936002)(52536014)(5660300002);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?D0GOwcD35tWZ8pQRYLzl7cfdRr1jw+QWDm4XSzzzo8QnEi88idSmKme6kenS?=
 =?us-ascii?Q?sxIayuP/X45oUbBcVYGBd9WG355SIOYDqzMhk5bN4gQ36Y0g7R6u1ggy36n9?=
 =?us-ascii?Q?9Mg+E7eTBxJpDWAh+CNls1nNGt/vTd7xeUH/yKxRNC1meDhXUIZMjEwfUH2C?=
 =?us-ascii?Q?YN8N1qwA/zOUJGPwkjqxwIKRTyAwHI3vaxyrp2oY0T3dYGBLYscwOatzX4Uw?=
 =?us-ascii?Q?iSOjy1vYpqYXkkc3HeguCu/uOcTYL+J8FSUHGKWlyRgdPCaGjj58NR+DkrcQ?=
 =?us-ascii?Q?Ujvub8Fk0FhG8M63QZaAPCuHscVp10t/I/hwYCosxfxhIpu9qrjFeRbQPQVh?=
 =?us-ascii?Q?oYSMDjKeiZbxyqVrpCLj42sGje2ulsUL5AdVU6n4PqK9wxvn7paFolkV0gNC?=
 =?us-ascii?Q?TuRKGGG4RttKtpBp40I+DghxJ4m6KJL+E37+s2ir4gpwqm4M3qYtdh1N7oNq?=
 =?us-ascii?Q?pdhtDZJz1vv+b5Z/UolJubCJxXy8n4IRAFsETRQyhUTuJdbXs7d8J7HntNcl?=
 =?us-ascii?Q?UoLWqTS+5SZvb78lXpbyPGfgHpNThE4xODQex2Dul9wsAtTXiTjeY5hdKHJ2?=
 =?us-ascii?Q?U2ySVeoRoZsjmw60lUk1m2iPs7U25gXxDLU4Skb6cJ+0YhSpia1Xl2HPZQ1d?=
 =?us-ascii?Q?lCBlC6pjcEYzhEcumiA8OeQrwS5IF4Gdl/B+blEXx17Zg2OaGe92BCr78bu7?=
 =?us-ascii?Q?SVKPdzfqfbTvt+cWSVnXBB+IfmgoqIcBLwfKjs9zUje01TTI9TDWxcw4Zuge?=
 =?us-ascii?Q?dO+PdWZhul1JfIcCq7g2JgXJ/HVN+0AXf/M5P7YbR2dHEz677ttaTMvbDWNM?=
 =?us-ascii?Q?/kkn/uPlo4ptuLJYDau8c5RfjHuOviQMZ2TPbx0WZALckRBpk+EXH2+5X+d3?=
 =?us-ascii?Q?w38QmE+I9xjkc53FWuFL9OQKEt6uXTnH2CV55mTHZpSB+zSZpvMA4IbgTMQM?=
 =?us-ascii?Q?zUl9o0KC7abgk5mV0LOBwq8J7cSigXdISi2ujduffQm509wNCyc43/VH80yg?=
 =?us-ascii?Q?PJKseJLmmUtOX88sFepD8MG1uSs/kmYnnDN7vE1doqKSPFFy8QXHXGIfaJ4U?=
 =?us-ascii?Q?hpdjkYHsviaBlNbh/q6gavNOlqbbrxG/KxfBiMk8GJ+MWpg6WuexcZe7JWvc?=
 =?us-ascii?Q?G+xgPeK3oUotAwA0lSm2vhCQIZ6q5Y4AxHRiL7C8XohwwUjPYfwefx4etbrT?=
 =?us-ascii?Q?YoAZFwEA0ScsKaBZ++WV6hSNw6P+RHRhpAfw8Im4rTvTHeNJ5FqfntdXTUBx?=
 =?us-ascii?Q?Wng8ZP0atB6VGZSrW2VjEYHb9msA2k7ezZllo1zaZTca5hZ+DjGYajfY456j?=
 =?us-ascii?Q?8yDV0SW/HaP1CY6A2zjcg3Vpm5mYl/qfxT72K+lrlSQDJB5N37ZJIEBVwZEE?=
 =?us-ascii?Q?a62Ns7EBeFQaY/KlxNp55HjV2lRN1r30EsAnW8vqi6D2EW1nrLRWvieeANHr?=
 =?us-ascii?Q?IA5ZQMEIzeSF6b8d+uHX/zPscz3v4d5l/NckitsLZyRhryiqNqO9HiNVB5Iq?=
 =?us-ascii?Q?cn0FJtlsy0p9I41Eg2SGz1qSuCK7qCJEm+n61329Gk+TVr8XfLkXMXU+tAzW?=
 =?us-ascii?Q?jZwhS9f5bRqR8WSRZbqcDmFVz9SYprkRSY26pIk9If3kaw7J+EaI7qpAwHp0?=
 =?us-ascii?Q?xliLFmubal2T7NoNrKVrAFfRbL9AITfHWh+3T0eP3QpuaJ5DCYf2GPhrI2d7?=
 =?us-ascii?Q?HFj1Qp+AOzTEl3AaYfB/iXh4sSNSt8kcpDbwGhFqSKcVoAeXYPt+nKnINS2v?=
 =?us-ascii?Q?gxuTn4mQFA=3D=3D?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5058.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 103719a4-5d3c-44cc-4f4e-08da21f58427
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Apr 2022 11:12:39.3750
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Cax7xKaMYPnNpILERsZSxvheZuVQGJu36DxoPTTrgDuvAOsw01Z0tKooAjUn0jMmsPakag2bB+uXmYmtwkjEyA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB3964
Return-Path: min.m.xu@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

On April 19, 2022 2:59 PM, Gerd Hoffmann wrote:
> On Mon, Apr 18, 2022 at 07:59:56AM +0800, Min Xu wrote:
> > RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3853
> >
> > TdHobList and Configuration FV are external data provided by Host VMM.
> > These are not trusted in Td guest. So they should be validated ,
> > measured and extended to Td RTMR registers. In the meantime 2
> > EFI_CC_EVENT_HOB are created. These 2 GUIDed HOBs carry the hash
> value
> > of TdHobList and Configuration FV. In DXE phase EFI_CC_EVENT can be
> > created based on these
> > 2 GUIDed HOBs.
>=20
> Why this is done in the SEC phase?
TdHobList is consumed in SEC phase. So before it is consumed, it should be =
validated, measured.

CFV contains the information provisioned by host VMM, for example, the secu=
re boot parameters. These external data should be validated and measured as=
 well.
RTMR based measurement is implemented in TDVF Config-B (https://edk2.groups=
.io/g/devel/message/76367). Config-B skip the PEI phase.
So it just looks like the Tcg2Pei which measures FVs before handing off con=
trol to DXE.

Thanks
Min