From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"Xu, Min M" <min.m.xu@intel.com>
Subject: Re: [edk2-devel] [PATCH V4 0/9] Enable RTMR based measurement and measure boot for Td guest
Date: Fri, 3 Jun 2022 11:53:09 +0000 [thread overview]
Message-ID: <MW4PR11MB58724D93E85E29C97A9086628CA19@MW4PR11MB5872.namprd11.prod.outlook.com> (raw)
In-Reply-To: <cover.1652686674.git.min.m.xu@intel.com>
Merged https://github.com/tianocore/edk2/pull/2943
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Min Xu
> Sent: Monday, May 16, 2022 3:42 PM
> To: devel@edk2.groups.io
> Cc: Xu, Min M <min.m.xu@intel.com>
> Subject: [edk2-devel] [PATCH V4 0/9] Enable RTMR based measurement and
> measure boot for Td guest
>
> RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853
>
> Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology
> that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory
> Encryption (MKTME) with a new kind of virutal machines guest called a
> Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the
> confidentiality of TD memory contents and the TD's CPU state from other
> software, including the hosting Virtual-Machine Monitor (VMM), unless
> explicitly shared by the TD itself.
>
> There are 2 configurations for TDVF to upstream. See below link for
> the definitions of the 2 configurations.
> https://edk2.groups.io/g/devel/message/76367
>
> This patch-set is to enable below features of Config-B in OvmfPkg.
> - Enable RTMR based measurement and measured boot
> - Install CC_MEASUREMENT_PROTOCOL instance in Td guest
>
> The measurement for the other components, such as kernel image, initrd,
> will be introduced in the following patch-sets.
>
> Patch 1:
> HashLibTdx provides SHA384 service and extend to RTMR registers.
>
> Patch 2:
> SecCryptLib is the cryptographic library instance for SEC.
>
> Patch 3 - 8:
> These 6 patches are related to RTMR based measurement and
> CC Eventlog ACPI table.
>
> Patch 9:
> Update IntelTdxX64.dsc/IntelTdxX64.fdf to support RTMR based
> measurement and measured boot.
>
> Code at: https://github.com/mxu9/edk2/tree/tdvf_wave4.v4
>
> v4 changes:
> - Update Rsvd field in EFI_CC_EVENTLOG_ACPI_TABLE to UINT16.
> - Rebase EDK2 code base. (commit: 708620d29db8)
>
> v3 changes:
> - Refine HashLibBaseCryptoRouterTdx to HashLibTdx
> - Add NULL version algorithms in SecCryptLib.
> - Add SecMeasurementLib which does the measurement in SEC phase.
> - Rebase EDK2 code base. (commit: 91a03f78ba)
>
> v2 changes:
> - Move the definition of EFI_CC_EVENT_HOB_GUID from MdePkg to
> SecurityPkg.
> - Update the definition of EFI_CC_EVENTLOG_ACPI_TABLE based
> on below discussion:
> https://edk2.groups.io/g/devel/message/87396
> https://edk2.groups.io/g/devel/message/87402
> - Update the code base to 94f905b3bf.
>
>
> Min Xu (9):
> Security: Add HashLibTdx
> CryptoPkg: Add SecCryptLib
> SecurityPkg: Add definition of EFI_CC_EVENT_HOB_GUID
> OvmfPkg: Introduce SecMeasurementLib
> OvmfPkg/IntelTdx: Measure Td HobList and Configuration FV
> OvmfPkg: Add PCDs for LAML/LASA field in CC EVENTLOG ACPI table
> MdePkg: Define CC Measure EventLog ACPI Table
> OvmfPkg/IntelTdx: Add TdTcg2Dxe
> OvmfPkg/IntelTdx: Enable RTMR based measurement and measure boot
>
> CryptoPkg/CryptoPkg.dsc | 4 +
> .../Library/BaseCryptLib/Hash/CryptMd5Null.c | 163 ++
> .../Library/BaseCryptLib/Hash/CryptSha1Null.c | 166 ++
> .../BaseCryptLib/Hash/CryptSha256Null.c | 162 ++
> .../Library/BaseCryptLib/Hash/CryptSm3Null.c | 164 ++
> .../BaseCryptLib/Pk/CryptPkcs7VerifyEkuNull.c | 152 +
> .../BaseCryptLib/Pk/CryptRsaBasicNull.c | 121 +
> .../Library/BaseCryptLib/SecCryptLib.inf | 91 +
> MdePkg/Include/Protocol/CcMeasurement.h | 21 +
> OvmfPkg/Include/Library/SecMeasurementLib.h | 46 +
> OvmfPkg/IntelTdx/IntelTdxX64.dsc | 16 +-
> OvmfPkg/IntelTdx/IntelTdxX64.fdf | 5 +
> .../IntelTdx/TdTcg2Dxe/MeasureBootPeCoff.c | 407 +++
> OvmfPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.c | 2489 +++++++++++++++++
> OvmfPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.inf | 101 +
> OvmfPkg/Library/PeilessStartupLib/IntelTdx.c | 163 ++
> .../PeilessStartupLib/PeilessStartup.c | 31 +
> .../PeilessStartupInternal.h | 17 +
> .../PeilessStartupLib/PeilessStartupLib.inf | 8 +-
> .../SecMeasurementLib/SecMeasurementLibTdx.c | 340 +++
> .../SecMeasurementLibTdx.inf | 30 +
> OvmfPkg/OvmfPkg.dec | 10 +
> SecurityPkg/Include/Guid/CcEventHob.h | 22 +
> SecurityPkg/Library/HashLibTdx/HashLibTdx.c | 207 ++
> SecurityPkg/Library/HashLibTdx/HashLibTdx.inf | 37 +
> SecurityPkg/SecurityPkg.dec | 4 +
> SecurityPkg/SecurityPkg.dsc | 10 +
> 27 files changed, 4984 insertions(+), 3 deletions(-)
> create mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5Null.c
> create mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1Null.c
> create mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256Null.c
> create mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3Null.c
> create mode 100644
> CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEkuNull.c
> create mode 100644 CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasicNull.c
> create mode 100644 CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
> create mode 100644 OvmfPkg/Include/Library/SecMeasurementLib.h
> create mode 100644 OvmfPkg/IntelTdx/TdTcg2Dxe/MeasureBootPeCoff.c
> create mode 100644 OvmfPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.c
> create mode 100644 OvmfPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.inf
> create mode 100644 OvmfPkg/Library/PeilessStartupLib/IntelTdx.c
> create mode 100644
> OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.c
> create mode 100644
> OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.inf
> create mode 100644 SecurityPkg/Include/Guid/CcEventHob.h
> create mode 100644 SecurityPkg/Library/HashLibTdx/HashLibTdx.c
> create mode 100644 SecurityPkg/Library/HashLibTdx/HashLibTdx.inf
>
> --
> 2.29.2.windows.2
>
>
>
>
>
prev parent reply other threads:[~2022-06-03 11:53 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-16 7:42 [PATCH V4 0/9] Enable RTMR based measurement and measure boot for Td guest Min Xu
2022-05-16 7:42 ` [PATCH V4 1/9] Security: Add HashLibTdx Min Xu
2022-05-16 7:42 ` [PATCH V4 2/9] CryptoPkg: Add SecCryptLib Min Xu
2022-05-16 7:42 ` [PATCH V4 3/9] SecurityPkg: Add definition of EFI_CC_EVENT_HOB_GUID Min Xu
2022-05-16 16:28 ` [edk2-devel] " Sami Mujawar
2022-05-16 7:42 ` [PATCH V4 4/9] OvmfPkg: Introduce SecMeasurementLib Min Xu
2022-05-16 7:42 ` [PATCH V4 5/9] OvmfPkg/IntelTdx: Measure Td HobList and Configuration FV Min Xu
2022-06-10 13:22 ` Gerd Hoffmann
2022-06-12 9:21 ` Min Xu
2022-05-16 7:42 ` [PATCH V4 6/9] OvmfPkg: Add PCDs for LAML/LASA field in CC EVENTLOG ACPI table Min Xu
2022-05-16 7:42 ` [PATCH V4 7/9] MdePkg: Define CC Measure EventLog ACPI Table Min Xu
2022-05-16 16:29 ` [edk2-devel] " Sami Mujawar
2022-05-16 7:42 ` [PATCH V4 8/9] OvmfPkg/IntelTdx: Add TdTcg2Dxe Min Xu
2022-05-16 7:42 ` [PATCH V4 9/9] OvmfPkg/IntelTdx: Enable RTMR based measurement and measure boot Min Xu
2022-06-03 11:53 ` Yao, Jiewen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MW4PR11MB58724D93E85E29C97A9086628CA19@MW4PR11MB5872.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox