From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+116710+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 69897D807AB
	for <rebecca@openfw.io>; Wed, 13 Mar 2024 08:39:52 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=1rMTW3Rlp373s2eAakF9lxSvOLK/U09z3OH/sqz3vXc=;
 c=relaxed/simple; d=groups.io;
 h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding;
 s=20240206; t=1710319190; v=1;
 b=g/ngXypr4yRUR2DCqYQIFRVJnCyXiZhePFXZpzGxcV4F9HnyHYgcjo+4I9LGeYGB0aQrefKw
 uO6c74grlUaWbMErWDDQgUuYzzbptr8SBfQjBqJP2L2x+ucBXNPgHA0LCK/TaAxh5hn/WDkuoPt
 MuksLm7pK8oFP1Au5iJi3Ueugo6CeSs6UE1Q2Hz0dlMr9fljkih9sg6G9fqvI5Gv6cb3T8mzRRb
 GiieB7Jb77VFH5ta6Yh7IQyuFLTuPqEyauYEayYyptxeieqEs7LyYJcpLKeXv13IEBhr/Gbg8bm
 426bGjBMz7fnpLcwx4VlptBIzyvdAA21zLQdJ3Z79FKJg==
X-Received: by 127.0.0.2 with SMTP id W75EYY7687511x0YFcMXVko0; Wed, 13 Mar 2024 01:39:50 -0700
X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.17])
 by mx.groups.io with SMTP id smtpd.web11.11815.1710319190134636298
 for <devel@edk2.groups.io>;
 Wed, 13 Mar 2024 01:39:50 -0700
X-IronPort-AV: E=McAfee;i="6600,9927,11011"; a="5199337"
X-IronPort-AV: E=Sophos;i="6.07,119,1708416000"; 
   d="scan'208";a="5199337"
X-Received: from fmviesa001.fm.intel.com ([10.60.135.141])
  by orvoesa109.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Mar 2024 01:39:50 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.07,119,1708416000"; 
   d="scan'208";a="42838744"
X-Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14])
  by fmviesa001.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 13 Mar 2024 01:39:49 -0700
X-Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by
 ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.35; Wed, 13 Mar 2024 01:39:48 -0700
X-Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by
 orsmsx611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.35 via Frontend Transport; Wed, 13 Mar 2024 01:39:48 -0700
X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.100)
 by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2507.35; Wed, 13 Mar 2024 01:39:48 -0700
X-Received: from IA0PR11MB8355.namprd11.prod.outlook.com (2603:10b6:208:480::14)
 by CH0PR11MB5250.namprd11.prod.outlook.com (2603:10b6:610:e1::11) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.18; Wed, 13 Mar
 2024 08:39:40 +0000
X-Received: from IA0PR11MB8355.namprd11.prod.outlook.com
 ([fe80::b09a:4b79:1da2:9bc6]) by IA0PR11MB8355.namprd11.prod.outlook.com
 ([fe80::b09a:4b79:1da2:9bc6%6]) with mapi id 15.20.7386.016; Wed, 13 Mar 2024
 08:39:40 +0000
From: "sunceping" <cepingx.sun@intel.com>
To: "Yao, Jiewen" <jiewen.yao@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "Aktas, Erdem" <erdemaktas@google.com>, "Xu, Min M" <min.m.xu@intel.com>,
	Gerd Hoffmann <kraxel@redhat.com>, "Reshetova, Elena"
	<elena.reshetova@intel.com>, "Sun, CepingX" <cepingx.sun@intel.com>
Subject: Re: [edk2-devel] [PATCH V1 1/1] OvmfPkg/QemuBootOrderLib: Measure the etc/boot-menu-wait
Thread-Topic: [PATCH V1 1/1] OvmfPkg/QemuBootOrderLib: Measure the
 etc/boot-menu-wait
Thread-Index: AQHadFI2hTrvbrZBC0u8PfZjHflJorEzvVMAgAGZQ3A=
Date: Wed, 13 Mar 2024 08:39:40 +0000
Message-ID: <IA0PR11MB8355C28527E21538E0194CE6E72A2@IA0PR11MB8355.namprd11.prod.outlook.com>
References: <20240312235146.3777997-1-cepingx.sun@intel.com>
 <MW4PR11MB587254BBC51A29ED798B861E8C2B2@MW4PR11MB5872.namprd11.prod.outlook.com>
In-Reply-To: <MW4PR11MB587254BBC51A29ED798B861E8C2B2@MW4PR11MB5872.namprd11.prod.outlook.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: IA0PR11MB8355:EE_|CH0PR11MB5250:EE_
x-ms-office365-filtering-correlation-id: 486a034d-bf51-4d2c-c226-08dc43391fc2
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam-message-info: vvQJGOpzYMf70eDDsFAOnWjBD/ml+4gKsasbp7d1l/M04jj6MzBoAn6ms7GcR6Jv/A+QnNq9kttfyQ0ZBJXBHnT2R/+4AVxKJa4L39zBK6Xxh7IGfPcNM5mmIbaif4XPFrIJ1+7/3vtgFABmBcnuDdkT4BTVzNs6qi+fiZa9apkNUld7X0kDuzrMhkpqroX4HOd+1ddlaF9Cz+Tm4OCETs4WYvHXCEv9U6jYMwjQX4GtYcNayAUFI617kdZb1VTZ25Y/zXjZfAo7UDc3IN4Ud9MwIO3Mx8ozKibHR5jEACYb6nVTm0uBO/2gzI5thSaMXUhg3GSP2B6YYQgr0vj1cvbUBgUEZZj9ZjD0UIqdjf4CypVrzYyZCK2o7TOpOP8I0TrWwpd38ZMo+LFh1/AaYEwzk22B9noSilXKe8d3fomfJzXJBoMomS4498JGshhZP8jZw8QAb2HMtLc3bZzuvkhoen2jF5NNA6nSvu4LQ/trz5LaEFM1q+eU0DsLKwQLHk+9VjknbECkLD9CnwyG+aomGipIR6UhQr7cWwhdQn8Ml1E06WO9By8hE6rJ0KDQ85xCT/PuoQts7p2dVl+ykzEgCxRQjtVz/c9N8mdlKacLpCxmW0Q2CQ5wzcefYylFXOmkqPKNFTi7fqNx4HFZ4MQFkC7ANHF3Z+NYB/nJPmaDyOdwdHVnJFHazs0G9xy0
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?TqQUVeMyzhsWrfxbPqIz2rSJK0SEKIlqatt0HL291RzRgLQTyq8guDafT/t0?=
 =?us-ascii?Q?+TevKVRgwUuR2QI0ZPzGiwopiqWY0IO6jeXA/DQILGoMvBHuEb6lQLcqgWgZ?=
 =?us-ascii?Q?3lO61kffYMJy7h6VzR88QCOh4/YYBfOSCpLBjLKeNBT3XAweHhNyJrIT4kwm?=
 =?us-ascii?Q?e4kzNpr98tp8WA55oj9LvifSLLsZgUK154r8Yr2mQ3LgT+Kh9HEjN5Uitv1m?=
 =?us-ascii?Q?6r7kc36v+RrPF0fn5donTz086nfQqKPr/Mu6mOvRrwsUcjHccvcIKVNxFoLY?=
 =?us-ascii?Q?tOOYBKhYnOE/WNWjGkfQzfwiLWh1RXbjlz4kmKaWpwBncrFt4SxWG90vAHNb?=
 =?us-ascii?Q?Gk21xDRR1c/ZgATYVmcq6smhNUak8TxYtmMrNrX9hNsudTizHMj/063HxlDM?=
 =?us-ascii?Q?DxivKqKPtd5aOn22laOg+O+xaUiad+YBlMRZQSGVMK4T0XRwF62ZBkTULxz0?=
 =?us-ascii?Q?HHYV+CxQur/XE0i4WPPoyZXR0VmqVt/JIa403BUcptc5x4TRPy6mwKX9dETk?=
 =?us-ascii?Q?Bih/z73VjoNei0zPG/w6pkXw6KHHa2OqP/+tuSV+uhF5beY6t6mO7/lvV7+K?=
 =?us-ascii?Q?pxZw9uZm4xBZcuzzfoRW7TRJdFBhJoKKngyaeOCElc/VEqcBa4K/NYHLIMM9?=
 =?us-ascii?Q?2A/nUpSeKigACWIC51Szhn6KRB3kJub/GW8xguu6m0F3DhrI/eOPOWoSXSoY?=
 =?us-ascii?Q?GOiiPkKadB9Dex+GIIjBURbiVbow131qsfqS4maMPPKnQ0rhEuYJMQBFz1RV?=
 =?us-ascii?Q?wJZyacBlNM1jYYIMM8pHB1V+p6uaOv9feHqCMaXBRALNQHw/0vExA/ZquTwz?=
 =?us-ascii?Q?xMTs2TS0S9v7DtZqQl1SY+ysLxvTlWf2pSyGtxSEqejagkFA79YJgVD1/RSY?=
 =?us-ascii?Q?RTORF0WVoNIt5fn9E8NJDDxcnj6hvqUoShKheUwuoWWpyWj8wfbnLN51n/iH?=
 =?us-ascii?Q?DS5jlrtpN7gEFcqcdoosVlTQnhoEix2oJY2wncbW7R527DXa+8avm7DCtaFX?=
 =?us-ascii?Q?n+UHNB2EjUrFT+Bjjf9Aw17x/bNnPbIjbm5PQpRz5CNZORvJBwGGIUY8+FdO?=
 =?us-ascii?Q?ELHLDwo5t80W6mjaqLaX5Y2YQrNMFMDg8OOzPCMJ9QfadRrr6RifTG16FIP7?=
 =?us-ascii?Q?CZNUKF4IyQfKWmq9i4UmsoZalpl3UVZRl/iZGaLJilcWDeXDhg18JDsJv8AU?=
 =?us-ascii?Q?6MfNFpZfxmVCt0tl6ZWO9Znk1KcuanNDJrpGyeiDsm6yAnALSMaFjnfBqfRt?=
 =?us-ascii?Q?7dfyOTUedwHPF2Vh00bUhNCyHnTCh9R2uztLoZWJQPXnTVSZqnT2QMMkMiyJ?=
 =?us-ascii?Q?jwkTYTQX3FCFgzfrgL/DNJY4VBRpcpZ631SqXT9BZmeJZ6DJ0d8vNmuc7wpw?=
 =?us-ascii?Q?FwoeMObV5LVzcAtdaNkbPG0uoN6DuOgsfUwRZENvetxPPHIRpWfcfgbbj8k2?=
 =?us-ascii?Q?Pmh5vnViWvULegA8l7xN2dt/QxkH80pHb4JXfnez7yE1txDJYDRzaR7pSZ4H?=
 =?us-ascii?Q?qTV68d0zzWt8jDMADYb/3BHaztaSPVUdcvPnAmPpMAPeIlFvj47pW1HenJBq?=
 =?us-ascii?Q?dutTSxinZWkp49ERYSVmOluFhsrHOV9cDZO4K9WY?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: IA0PR11MB8355.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 486a034d-bf51-4d2c-c226-08dc43391fc2
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Mar 2024 08:39:40.4202
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: MzzSr1E+/B+MIbZZsO4rTOb1SwcJKMV4EGeE9V1dwXzmt87bT5B+4BW5BfXtRMhSX/fZ0ggk6hZvcMTw4PIuRg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR11MB5250
X-OriginatorOrg: intel.com
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Wed, 13 Mar 2024 01:39:50 -0700
Reply-To: devel@edk2.groups.io,cepingx.sun@intel.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: 6hPxtidI8LS0iOeNfKsKjRHcx7686176AA=
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b="g/ngXypr";
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none)

On Tuesday, March 12, 2024 3:58 PM Yao, Jiewen wrote:
> Subject: RE: [PATCH V1 1/1] OvmfPkg/QemuBootOrderLib: Measure the=20
> etc/boot-menu-wait
>=20
> Thanks for the patch.
>=20
> Is this the only missing configuration data?
> Or do you have more on the way?
>=20
This is not the only missing configuration data.
There are other configurations need to be measured.
We have a draft PR(https://github.com/tianocore/edk2/pull/5440)
 to measure the below items:
etc/system-states
opt/ovmf/X-PciMmio64Mb
etc/reserved-memory-end
etc/boot-menu-wait
etc./extra-pci-roots

According to Hoffmann's comments, =20
we would prepare a single patch series with all measurements in next versio=
n.

Thanks
Ceping
>=20
> > -----Original Message-----
> > From: Sun, CepingX <cepingx.sun@intel.com>
> > Sent: Wednesday, March 13, 2024 7:52 AM
> > To: devel@edk2.groups.io
> > Cc: Sun, CepingX <cepingx.sun@intel.com>; Aktas, Erdem
> > <erdemaktas@google.com>; Yao, Jiewen <jiewen.yao@intel.com>; Xu, Min
> M
> > <min.m.xu@intel.com>; Gerd Hoffmann <kraxel@redhat.com>; Reshetova,
> > Elena <elena.reshetova@intel.com>
> > Subject: [PATCH V1 1/1] OvmfPkg/QemuBootOrderLib: Measure the
> > etc/boot- menu-wait
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4415
> >
> > Refer to the section 8.3.4 of tdx-virtual-firmware-design-guide spec,
> > OVMF would uses FW_CFG_IO_SELECTOR(0x510) and
> FW_CFG_IO_DATA(0x511) to
> > get configuration data from QEMU. From the security perspective, if
> > TDVF uses this method, configuration data must be measured into
> > RTMR[0].
> >
> > Currently, the etc/boot-menu-wait is using in TDVF, it required to be
> > measured into RTMR[0].
> >
> > This is the first patch and will continue to be updated to measure
> > additional configuration data.
> >
> > Refernce:
> > spec: https://cdrdv2.intel.com/v1/dl/getContent/733585
> >
> > Cc: Erdem Aktas <erdemaktas@google.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Min Xu <min.m.xu@intel.com>
> > Cc: Gerd Hoffmann <kraxel@redhat.com>
> > Cc: Elena Reshetova <elena.reshetova@intel.com>
> > Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
> > ---
> >  .../QemuBootOrderLib/QemuBootOrderLib.c       | 21
> ++++++++++++++++++-
> >  .../QemuBootOrderLib/QemuBootOrderLib.inf     |  1 +
> >  2 files changed, 21 insertions(+), 1 deletion(-)
> >
> > diff --git a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c
> > b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c
> > index 2fe6ab30c032..63a290712002 100644
> > --- a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c
> > +++ b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c
> > @@ -20,6 +20,8 @@
> >  #include <Library/BaseMemoryLib.h>
> >  #include <Guid/GlobalVariable.h>
> >  #include <Guid/VirtioMmioTransport.h>
> > +#include <IndustryStandard/UefiTcgPlatform.h>
> > +#include <Library/TpmMeasurementLib.h>
> >
> >  #include "ExtraRootBusMap.h"
> >
> > @@ -41,6 +43,9 @@
> >  #define REQUIRED_MMIO_OFW_NODES  1
> >  #define EXAMINED_OFW_NODES       6
> >
> > +#define EV_POSTCODE_INFO_QEMU_BOOTMENU_WAIT_TIME_DATA
> "QEMU
> > BOOTMENU WAIT TIME"
> > +#define QEMU_BOOTMENU_WAIT_DATA_LEN
> > (sizeof(EV_POSTCODE_INFO_QEMU_BOOTMENU_WAIT_TIME_DATA) - 1)
> > +
> >  /**
> >    Simple character classification routines, corresponding to POSIX cla=
ss
> names
> >    and ASCII encoding.
> > @@ -2418,5 +2423,19 @@ GetFrontPageTimeoutFromQemu (
> >    // seconds, round N up.
> >    //
> >    QemuFwCfgSelectItem (BootMenuWaitItem);
> > -  return (UINT16)((QemuFwCfgRead16 () + 999) / 1000);
> > +  Timeout =3D QemuFwCfgRead16 ();
> > +  //
> > +  // Measure the Timeout which is downloaded from QEMU.
> > +  // It has to be done before it is consumed.
> > +  //
> > +  TpmMeasureAndLogData (
> > +    1,
> > +    EV_PLATFORM_CONFIG_FLAGS,
> > +    EV_POSTCODE_INFO_QEMU_BOOTMENU_WAIT_TIME_DATA,
> > +    QEMU_BOOTMENU_WAIT_DATA_LEN,
> > +    (VOID *)(UINTN)&Timeout,
> > +    BootMenuWaitSize
> > +    );
> > +
> > +  return (UINT16)((Timeout + 999) / 1000);
> >  }
> > diff --git a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf
> > b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf
> > index 6e320e3e8514..0231c9d5c5b8 100644
> > --- a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf
> > +++ b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf
> > @@ -45,6 +45,7 @@
> >    DevicePathLib
> >    BaseMemoryLib
> >    OrderedCollectionLib
> > +  TpmMeasurementLib
> >
> >  [Guids]
> >    gEfiGlobalVariableGuid
> > --
> > 2.34.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116710): https://edk2.groups.io/g/devel/message/116710
Mute This Topic: https://groups.io/mt/104880546/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-