From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 5778D74004A for ; Wed, 13 Mar 2024 08:50:19 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=ARGQwqVvCKwmi2yH/j2PaZgAiwb9ys/a7WqOKHXP49o=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1710319818; v=1; b=Xet1D9AMoUa4CSRu6UeKpYemKbCJ87B4oO1Y9NsD4omvr6Tzn/xHo9ORLUc97rOn1h+4Vzek N2rlK8O8zU5c6RqIPVevwgepJgCZPRga1LpG0z74rwZDhTLVWfnHKghz/pYawOOqmOPsuJp3Ewu GNxZp2EYIaY6b/95K1/3uvfwiRxhHOkE377vAgVqy8ag9gAKepSyk5qL2vgyy6KBLnhFTffXDbg F5AgC9CXJu+nFnoxnAcwFQMSj+fjBQ9GGiKAUbBBX1IjMHFTgydkz4FN1/Dlzbzxz9RMgo54x04 4EYFwKeTl0WNRAmwlXOl/O/AVyRt1N4a3fXD1mcGurgsA== X-Received: by 127.0.0.2 with SMTP id a5FQYY7687511xsqT1PBMMXi; Wed, 13 Mar 2024 01:50:18 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.10]) by mx.groups.io with SMTP id smtpd.web11.11937.1710319817422354024 for ; Wed, 13 Mar 2024 01:50:17 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,11011"; a="16472264" X-IronPort-AV: E=Sophos;i="6.07,119,1708416000"; d="scan'208";a="16472264" X-Received: from orviesa002.jf.intel.com ([10.64.159.142]) by fmvoesa104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Mar 2024 01:50:17 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,119,1708416000"; d="scan'208";a="42783522" X-Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by orviesa002.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 13 Mar 2024 01:50:17 -0700 X-Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 13 Mar 2024 01:50:16 -0700 X-Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Wed, 13 Mar 2024 01:50:16 -0700 X-Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.169) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Wed, 13 Mar 2024 01:50:16 -0700 X-Received: from IA0PR11MB8355.namprd11.prod.outlook.com (2603:10b6:208:480::14) by SA3PR11MB8047.namprd11.prod.outlook.com (2603:10b6:806:2fc::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.17; Wed, 13 Mar 2024 08:50:14 +0000 X-Received: from IA0PR11MB8355.namprd11.prod.outlook.com ([fe80::b09a:4b79:1da2:9bc6]) by IA0PR11MB8355.namprd11.prod.outlook.com ([fe80::b09a:4b79:1da2:9bc6%6]) with mapi id 15.20.7386.016; Wed, 13 Mar 2024 08:50:14 +0000 From: "sunceping" To: Gerd Hoffmann CC: "devel@edk2.groups.io" , "Aktas, Erdem" , "Yao, Jiewen" , "Xu, Min M" , "Reshetova, Elena" , "Sun, CepingX" Subject: Re: [edk2-devel] [PATCH V1 1/1] OvmfPkg/QemuBootOrderLib: Measure the etc/boot-menu-wait Thread-Topic: [PATCH V1 1/1] OvmfPkg/QemuBootOrderLib: Measure the etc/boot-menu-wait Thread-Index: AQHadFI2hTrvbrZBC0u8PfZjHflJorEz8V0AgAFlYtA= Date: Wed, 13 Mar 2024 08:50:13 +0000 Message-ID: References: <20240312235146.3777997-1-cepingx.sun@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: IA0PR11MB8355:EE_|SA3PR11MB8047:EE_ x-ms-office365-filtering-correlation-id: 32a19923-14ce-4f25-8657-08dc433a9956 x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: 61OHUzCF/0o6IEg0WYqn3gu9QhdDHPp5rXEaEMmuqFnTZ+KdWIUE7QdAPElou8uplpkWC87/srImMhBDO1iyIWU5bMoPCW+yk595pHWrvPuQawRhSK8DDl9kd8ld8MmYb/nDR8m7gLiyFFQ8pLV/rCdb88OzAyYTIV3sL08BZT6z1D5xwR8PcO48CeLOOHG5IchaOVzF68Cj6INTPPH+7ljQ94bsS4JlauNIzQyxlCWhjFBDiQRnqPx6LXLpbSNfZXr43+p1viB42PLVaVGsLTZ5N930pl+tyCpX3RSZLtvimo9SQnZyhWDT+HZNng0tSzGu3XBJajJUL62x7EUlyl+r63ypdnyCcT2Xe0lmmHk+jLX9LWkwXqcyyBoLj0J3GTlGNa33iVGHg5dlz3BQ+deRT1wuLRxLO18kUmqaQAP8uGOpbCvx8vjULba5vlRdst8Tkxd7rIQXWVKThM8o/Tv3jk6VjNF/rxZAVbKkO+4ohdG9OAZYO5ZVGAHobwuSWlo3wAVRP4wQxuT8ryADMf1Pg9SSTYA0GZTSavc8eHpuprIpAWDunSUv4TbvtEB+uWscWBax3OkcYyd2d+kTGK9gaw/0HzOlLwG27Py8cEFDkWeA/rG4hgpzs/72gGx+zWt341jgP0+1K4ZRXmoGwM3iKAAoCtMxZ6iVhs+TMda9uKxd1QhL5idsoJKyi0EA x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?Yeuvz4yTzjlyaduySndK6lMoyq2m1L6vxF9KkZTr+il0NYbfI+QwTldEH9LD?= =?us-ascii?Q?IyJtwgbBE8dMBc4merrox3YKWd4qnGQLFagBrFJsmFTSJ38ewhDdnlUMz8n3?= =?us-ascii?Q?tvhe17dbY732WO3B9BwM8T0mJVA9zgkuiLUU2V/SkiERrW7CEMHMx1oyJkU2?= =?us-ascii?Q?lozjUHD81QrXeKDT+gPWTMUz2l1wFK/G9YkfOuFEfkZCCtJP10sMpjwwFenf?= =?us-ascii?Q?c7YvQXwFK3FCHtbhQ2KFE9RtVSJBuUf3+zfl+Yq1+ti+FS7tsmiukUhocBdl?= =?us-ascii?Q?3jYjBeJ4M65ra+gCnvPIRQ7wqmQmH+JBK260hd6zK+8sesBrTsRbT8waeeyt?= =?us-ascii?Q?ahlclv7a+RiZB8jrVMJbdbmOnYfq7pZ7KE1s+xEC6KSCmG+vonJbMggeCOkY?= =?us-ascii?Q?2pyrDWdX/vOmh78Z5XBIou4VSD3+amrtHlS9hgQ/PymbCCbfo09ZTvEJ1gAh?= =?us-ascii?Q?cl3mvulhbXsanwLGaMS/Hr4t3X1GrSUNHJaJYBtFWTTSdvq2X3jHO/v01R9I?= =?us-ascii?Q?BTgdGRV3mAbw0sRa3Ltck69vxkRQAkxiR/3XKjtwFwRtvqFQzCgvk+RhASIL?= =?us-ascii?Q?ZVlLVXt5Igr6tN/edSqSvpZKfKQDLb6rWo9fG11BOXQG9i74zi26QSVW6I5u?= =?us-ascii?Q?PkjPPhmTQKjnNfdhWagW7xmrtkO52+U3r47Gp+XuE+TFZmQJzbBDc2VozKdZ?= =?us-ascii?Q?wxuIO0+xiYReDKePt5Jum5q+7cvfx6Wfn4AI8xQ1maM7fIABAdWczQchnhT8?= =?us-ascii?Q?Znas6Kt/TQfCfcqAJJNNDiYrK6UbETYHj+EhoXKQWEjIIoBRrWx0v80tL6dS?= =?us-ascii?Q?jNNwW5eusA9DqvTPPxp3ETicKSNByt+jT7V6VlSyJMzLBY3ydrmjsnItQUuG?= =?us-ascii?Q?VA2weKlT2HSc85Jpl1I/uC5A1Mn5IrDoNMvnrPPPR5MH2dIF7qUEkF+laeHM?= =?us-ascii?Q?GPSSVuNQKDPOGinDWWRMvbOLqo3bjdBe7op/fIGx7d8mW+MxBd/UDU2ehCN9?= =?us-ascii?Q?FU4pm7nzMNiAClRMnroEgrhonWvQqSztjFhZADY170xWbB9gUjF6UsoB92n6?= =?us-ascii?Q?9kGAhVsANPJM3/blYPMDyxNR1xFicT7LYS5V4T5OU3scCRXB4kqetKAZ05zW?= =?us-ascii?Q?ID++Ja5xnIgC0+ses5deIdlN03dg3a7jp47Bi/I8+dsUQhFzE1AO26kpztTg?= =?us-ascii?Q?QOVBjN3pnVysBSCqHbsTkSkfmWDoLZV/TD4Fxdak15LPA8Zx05WAs9RM2nGO?= =?us-ascii?Q?TIUHp92YnbSAwWkKyna9fBG8XiFxCd279+zICd9pcp3NIdAhKFrAc1wk25v0?= =?us-ascii?Q?GwJ0oDFTA+K65oDrh5eZGUi3pH1Oda6zF/H+U19cHScq53Sv6XJLuu4JW5Ln?= =?us-ascii?Q?a0bzhRgafSIJ5Q+7T/XF7g1LylUyKSyFgimQw2ZsnQHtDZVblwD/nTjiwObD?= =?us-ascii?Q?s+mIgFdbMsZnqSAFfZOFP4PRf6+X3FagKMvViYxLs4VQBh0uMPjB+Y+xiu5d?= =?us-ascii?Q?zXhcqRZcbhWBFY0x0PJTW9ZXd1hPgOJf81B2ORzTov0DCaY0KxqZmzo4D5Ru?= =?us-ascii?Q?evUrx0syNEzCfHckETD5/QLOEqJOvH9eHDOq35xO?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: IA0PR11MB8355.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 32a19923-14ce-4f25-8657-08dc433a9956 X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Mar 2024 08:50:13.9127 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 3LlSlNUbr4Gj+ZXHYWaGy04bUl10csfjFU3cFDnU1cr1KwQ3bqWoRJ7WzAdAFOCBFcX7QHWYPlEtxzEZGvTLtg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR11MB8047 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 13 Mar 2024 01:50:17 -0700 Reply-To: devel@edk2.groups.io,cepingx.sun@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: D888ulBkwpF7f5hlz1GAQhLxx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=Xet1D9AM; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io On Tuesday, March 12, 2024 7:04 PM Gerd Hoffmann wrote: > On Wed, Mar 13, 2024 at 07:51:46AM +0800, Ceping Sun wrote: > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4415 > > > > Refer to the section 8.3.4 of tdx-virtual-firmware-design-guide=20 > > spec, OVMF would uses FW_CFG_IO_SELECTOR(0x510) and > FW_CFG_IO_DATA(0x511) to > > get configuration data from QEMU. From the security perspective, if=20 > > TDVF uses this method, configuration data must be measured into=20 > > RTMR[0]. > > > > Currently, the etc/boot-menu-wait is using in TDVF, it required to=20 > > be measured into RTMR[0]. >=20 > That config item doesn't change the control flow. > Do we have to measure it? >=20 For TD-Guest, VMM is out of TCB, the configuration is untrusted data. From the security perspective, it must be measured into RTMR[0] > > This is the first patch and will continue to be updated to measure=20 > > additional configuration data. >=20 > What else is in the pipeline? At least ACPI and smbios tables I assume? >=20 The ACPI tables from QEMU has been measured in edk2 . There are detail message : https://edk2.groups.io/g/devel/message/99441 For smbios tables, we would double check it and update in next version. > I'd like to have a more complete picture first. Also I think it makes=20 > sense to have a single patch series implementing all of it instead of=20 > merging it piece by piece, to avoid having multiple edk2 releases=20 > where the measurements are changing. Yes , that's good idea.=20 We would prepare the patch series in next version. >=20 > Note that the current code (looking at a non-tdx build) reads several=20 > fw_cfg items multiple times. Entries 0 and 1 (used for probing fw_cfg=20 > presence), 0x19 (file directory) are read most frequently. etc/e820=20 > is scanned multiple times too; tvdf in tdx mode wouldn't use it though. For etc/e820 , it is used in TD-Guest, PlatformInfoHob->LowMemory would be= updated with the low memory size now. > If we are going to measure the fw_cfg bits used by ovmf / tdvf I think=20 > we have > to: >=20 > (1) Make sure we read + measure the data once. Yes, agree. > (2) Make sure we measure the fw_cfg entries in a deterministic > order so the measurements are stable. Yes, agree. > (3) Cache the measured data somewhere if needed multiple times > (or simply cache unconditionally). >=20 Yes, agree. Cache the measured data into HOB in the PEI phase=20 and cache the measured data into the global variables in the DXE phase. How about this? > We probably wouldn't measure all fw_cfg entries. The ones used by=20 > direct kernel boot can be skipped for example. The kernel image will=20 > be measured anyway before it is launched. Yes, agree. >=20 > > +#define EV_POSTCODE_INFO_QEMU_BOOTMENU_WAIT_TIME_DATA > "QEMU BOOTMENU WAIT TIME" >=20 > "QEMU FW CFG" ? >=20 > I think it makes sense to have one name and one struct for all qemu=20 > fw_cfg items. Or maybe two, one for the file-name based entries and=20 > one for the others. Yes, we would update in next version. Thanks Ceping -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116711): https://edk2.groups.io/g/devel/message/116711 Mute This Topic: https://groups.io/mt/104880546/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-