From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 by mx.groups.io with SMTP id smtpd.web10.11481.1675434083260687264
 for <devel@edk2.groups.io>;
 Fri, 03 Feb 2023 06:21:23 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=UVleTx/Y;
 spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: jiewen.yao@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1675434083; x=1706970083;
  h=from:to:cc:subject:date:message-id:references:
   in-reply-to:content-transfer-encoding:mime-version;
  bh=jcBGPZMptqbs8vBVak1v638MqbpgmT9b2xuyaS/w4jI=;
  b=UVleTx/YigTKc7yWCIr650lxX2OeUus+Amp1N+H/VYICXhLrFxDCnIf1
   vDKaOmorR7yg6LiZAeSY4cBfSWOr3Fz/PalrLZm0qwskZ9esWuv3BJ0pf
   2MYia3a+a6vkwYDedOVIFyKxqdh1kuyOlUIZfD/v0+i0bBY8/p81sMgR9
   GTiQQ8A+ChlJZvg05uCrRWlIrHWjNmGGKH+Nl5fukJ7E2ngcNRHTGRv1K
   hrUGaYUdivvCISO0w7Elmt9JdmgeqtKY4Lx+LJ2IHK0ji4IJ7bKZRtgF1
   W1PttJVeuTMXlhGnUvn3o1BuFqN/MXjzBDikyubybjbOfjUJdGsZp5Hd6
   Q==;
X-IronPort-AV: E=McAfee;i="6500,9779,10610"; a="414967347"
X-IronPort-AV: E=Sophos;i="5.97,270,1669104000"; 
   d="scan'208";a="414967347"
Received: from orsmga003.jf.intel.com ([10.7.209.27])
  by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Feb 2023 06:21:22 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6500,9779,10610"; a="615717158"
X-IronPort-AV: E=Sophos;i="5.97,270,1669104000"; 
   d="scan'208";a="615717158"
Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81])
  by orsmga003.jf.intel.com with ESMTP; 03 Feb 2023 06:21:21 -0800
Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by
 fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.16; Fri, 3 Feb 2023 06:21:20 -0800
Received: from fmsmsx603.amr.corp.intel.com (10.18.126.83) by
 fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.16; Fri, 3 Feb 2023 06:21:20 -0800
Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by
 fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.16 via Frontend Transport; Fri, 3 Feb 2023 06:21:20 -0800
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.168)
 by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2507.16; Fri, 3 Feb 2023 06:21:17 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=Y3rbgiMCcTesnovEOykJkWExB6vrToqcNA6H7yanuNBO+8EYEKPR7ydnWfBRuOjpXAvoWLlQWDw8GbNq5XYQ7MhQphpdBRgVn7ANubVauh+H1ncdiOy41LDBUutmWN3tTgI3n/21v2funr2t7+JnQoktsbQizN54jfzabNYzfnEx/giKbgXEER6EJ/MD1hw5LDfr92ycgzFelWonhVsl0jaYaMKxyqBTkuTKPlPRcITYA41qQwRDcciLTINOy2ItKojVdDQljjn4oAtAmJPC7pUPx9rqtK3g1oRCixm3p94K6ClqE2AkbCdvNJK5g6zRIrNwA9ZX9WNKLCFTboazuQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=leiSEApfbVYLdMejQN1IZ6SMbJfaQoifkg436JZVoTk=;
 b=iEksfjPsl9MZt6u4wxVUq+Y9wKNUZ1tTOA8awzmv9yIeY9Hmzg9jKhUIT+Z2xQP+ACnRLg9C4MqLJGUuYxq4MuGMEWBh9+86Gid2ZX0fcIwaga9pFbs0idg3FokFO33mmNR0+UH+mNRNTReT1SdiQsf4uIBTUQ5q8xF2CQRNXorVPSTJLJCZJKcxp6rtaX7m83hlY7RVUnYcahPwMhWZSCoxJW2C7gkRUkDORrztOiUzlHYW+7Lq9qb5EOmIfywAiUZGgUwcddD+mCciUt00YjaCT4l7ThMvW4mpSHJGhI1S7QSY893wyp9GYNObtrIiu6kq0iz6cUtvz5u47qTPHQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14)
 by BL1PR11MB5336.namprd11.prod.outlook.com (2603:10b6:208:316::5) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6064.31; Fri, 3 Feb
 2023 14:21:13 +0000
Received: from MW4PR11MB5872.namprd11.prod.outlook.com
 ([fe80::96f4:ad8:3fb9:b60d]) by MW4PR11MB5872.namprd11.prod.outlook.com
 ([fe80::96f4:ad8:3fb9:b60d%3]) with mapi id 15.20.6064.023; Fri, 3 Feb 2023
 14:21:13 +0000
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Xu, Min M" <min.m.xu@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "Aktas, Erdem" <erdemaktas@google.com>, James Bottomley
	<jejb@linux.ibm.com>, Gerd Hoffmann <kraxel@redhat.com>, Tom Lendacky
	<thomas.lendacky@amd.com>, Michael Roth <michael.roth@amd.com>
Subject: Re: [PATCH V1 1/1] OvmfPkg/IntelTdx: Update README
Thread-Topic: [PATCH V1 1/1] OvmfPkg/IntelTdx: Update README
Thread-Index: AQHZN9ir+VTzlPA8P02e/PgbBp6c3a69RcRQ
Date: Fri, 3 Feb 2023 14:21:12 +0000
Message-ID: <MW4PR11MB587257B9BD21D3A3EE787E6F8CD79@MW4PR11MB5872.namprd11.prod.outlook.com>
References: <20230203140425.1704-1-min.m.xu@intel.com>
In-Reply-To: <20230203140425.1704-1-min.m.xu@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|BL1PR11MB5336:EE_
x-ms-office365-filtering-correlation-id: d0c247ea-3678-40cd-febe-08db05f1e74d
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: mjydGQEoTepIsWwZWe/vGv1fJ/lNpLr4FxR3jAeRhMWHXW9/xK/dBRgAzRAsdMYQWvym+RhwiiXj8HE96WrEbpe8foAyVu6amcdI35ha6RYlei7mc1x+YBUKTAlxACzwmSZ2stnqXBRlQHCOev6nABy8H6sMDA8JN3zaAn70PmnTLxx4Y1eFQpT6kCKdpTLlB37dANMuNAuW2VucWy3pSvE5ljhf7OdPmfV5yxTlIK3FYilIjGnzFLLS7tuMqcIs2jEQEowcVr1FVZ45iYR3+PZ5bpgWwBmhavM3ktRTsHFF/REYhu0E9QyFoCVd67212e15U7YQz6PgTxiIUKTrtIZxmpTltd3WlEoVB/XAyz9/a1S/fxyZclXhBQfk0JC6fkBoHhA6xkDl3ZmlRsQ8Kkt8Z1T78FDyltOeBfsWydukzamgJmcDZ5BB3gKUtKgyCMJOPPPDeoW2L0bduLdU3YfOIrLYn9LjkUYzx7pQVrhb0APVYcwLKoBeDe69Ei4i0FC7oz91+klxRAZkEa/eO2IPFJCYhHwwedo7hWwu65RuPce5+xO9Sm7Y4FKV6DNFXdkJgRo9dfqKMKvVWoN9ae9dU5FnkB+XmciIT9+GRrc5rDz6WCo80ch9hmQUlPj7Zri97dAg+16PlEo7lGw20GK7doVadusqpxm9VJ41M17vrqKzjbfCbSzUbD7DkrRHUXc8KXe8Ei6dvbmfwZvxKQ==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(136003)(39860400002)(346002)(396003)(366004)(376002)(451199018)(33656002)(38070700005)(86362001)(82960400001)(38100700002)(122000001)(64756008)(316002)(4326008)(41300700001)(8936002)(66446008)(66556008)(66476007)(5660300002)(110136005)(76116006)(66946007)(54906003)(19627235002)(52536014)(8676002)(55016003)(15650500001)(2906002)(83380400001)(478600001)(71200400001)(186003)(7696005)(9686003)(26005)(53546011)(6506007);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?Orj00736Ki9qyCeJUni/XNminfP/yUtkDmZzSp1eJ15HuFnZPNVKR7H4Bw2A?=
 =?us-ascii?Q?ONrT+ei53ZX1Tzg5gfPBTJvl3RfgQ8nvC/o2OxkCpnswmP0oKuV8YpQgdCYD?=
 =?us-ascii?Q?OGLl/6ArGMFwLOdPDz99QbkkVv4Ik0gSG1SpsQGAnFvNsFAmg170E0zy6+mq?=
 =?us-ascii?Q?8actTp2FhUOCPA+3jtn8bT7i3keH9dSpI4BtpJK/ZVqypg2cw/zGgc8KgCG9?=
 =?us-ascii?Q?m/Pr9ayd8tS4aBlNAgiiDFW0KBAUSmveC5H4wjqkRjXH18upHQoNVDbo13io?=
 =?us-ascii?Q?UhnOo0HrMSacGFpCXZ1+aPEuV5TCQjaSzrxw3o1rms9iquICilBXD8lz/Y2g?=
 =?us-ascii?Q?CEIBxlX/kfyb0OJ2QfALghaKwGlKK+c8Z8HieiEDkdo8xjy+Dkqn8F9Sq5sf?=
 =?us-ascii?Q?MIUgZITg98hPeFmXB4uHM1M0MwGahQkdMrVO/Pz9XeUyGpaZhOw77UQU2LYI?=
 =?us-ascii?Q?xe6BHnlYp+DzsSEiCNGxyeH7V4NJeiYNk8y8fbRBG0lPXL7BFimzPGEzYk2h?=
 =?us-ascii?Q?SFev4H0cSMc3/Z4HSeuJ9DXCsCsvcZbrRIy72GYE1efcvSj9TpP+wat2JcO6?=
 =?us-ascii?Q?fSWTafM7ixpq/2uf+jDH8IWejNu1sCVSHDchatlftnvB5/biJJFiTomXtrYA?=
 =?us-ascii?Q?0IK7r3rFvu+EDGtV3QPxpDjzq0I/dTiUXEocXp+9rmql47jHrq8F6JiQ0fJn?=
 =?us-ascii?Q?fcvrZULO+R6vtO38bT+e4d54N5JZDwg1FOf+Tl0kHNFWrvf8G1SoatIDR6c6?=
 =?us-ascii?Q?tsP4qxIMSKFW9hdxQ4ojSMveS5i59xaSqnoaeRPwAMLbqfGehtBxbsZ2wYfU?=
 =?us-ascii?Q?IsbO1r++CkRGr7euqDX8vaa5Gzezx+ervkzxvtI5pwaCfJ8NoZPf0bXFPooe?=
 =?us-ascii?Q?LUL4ma//RPDNq0SqP42pp9MgWNVJ0tsMh15Koa7XNZPljkcopZk2MyJk9Zcz?=
 =?us-ascii?Q?vk4nWZycQ4HaP2gjtqvujT7GRaJBn4XvHmmNw6yxp7K20YctrWZBv0BqH2h9?=
 =?us-ascii?Q?JJVSCxIC7eXDNnSa7UkWCq+Az5JB9QWnk1R3ig2AAwYzhT4OYY2LlRl95Mra?=
 =?us-ascii?Q?fMNC9YoDCLuhkqf+gr2thHH5Kq1xzkj8g3pyvQ8rX/O4I/WXO2THlSOojjz4?=
 =?us-ascii?Q?WzQ8wk+sZUtwXOMh8PDozUMjIdTmAnpRe1Sqb455LPSsKWKu/Yp7TgTtvqQ0?=
 =?us-ascii?Q?a0PWmUv0ZmgL4qdDb9ROkkgrwBmVEIx5WL5qXY+C3wRdsEANlLyoNq6pwjIk?=
 =?us-ascii?Q?vNrWhDxGz5nIGRz+MxdIY6pP8pWNwZVexVDUteV4qtjBbQU1uYJxEY6xgmYc?=
 =?us-ascii?Q?v0H27JqigoTFkEUSGHDhNE214wHmENISpV76bfuA1t0Erp9EA29ta/gT72Gu?=
 =?us-ascii?Q?+WL5F3reu0QT9m6Ne1OqixKPMCXD4vIB3B6QUUk9lIDbhfuiYop4mTM9memT?=
 =?us-ascii?Q?Uk2+097CQwfP1ltrJAjxiclre8oKb0aFADxtle5TXQQmdm2Xwu7GytOVH3JM?=
 =?us-ascii?Q?FbVEsdmm2vHUNuJtl2VETWkJT33f129LyJ0bAWgC8vBSSu1QGvN37R7c2EgP?=
 =?us-ascii?Q?vMxugr33xoBxd9QnekXE0gtzGQp9l6ROPalVaxz/?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d0c247ea-3678-40cd-febe-08db05f1e74d
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Feb 2023 14:21:12.8806
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TNO6xkqcajXwLfzijF2CDLRLKnINTVdJoVGWSudIcmcpB/J+uKaf/21p19sBNXkBVFXWoc95Qa0DWbPniHbxCA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR11MB5336
Return-Path: jiewen.yao@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Jiewen Yao <Jiewen.yao@Intel.com>

> -----Original Message-----
> From: Xu, Min M <min.m.xu@intel.com>
> Sent: Friday, February 3, 2023 10:04 PM
> To: devel@edk2.groups.io
> Cc: Xu, Min M <min.m.xu@intel.com>; Aktas, Erdem
> <erdemaktas@google.com>; James Bottomley <jejb@linux.ibm.com>; Yao,
> Jiewen <jiewen.yao@intel.com>; Gerd Hoffmann <kraxel@redhat.com>; Tom
> Lendacky <thomas.lendacky@amd.com>; Michael Roth
> <michael.roth@amd.com>
> Subject: [PATCH V1 1/1] OvmfPkg/IntelTdx: Update README
>=20
> From: Min M Xu <min.m.xu@intel.com>
>=20
> TDVF's README is updated based on the latest feature.
>  - RTMR based measurement is supported in OvmfPkgX64 (Config-A)
>  - Features of Config-B have all been implemented, such as removing
>    unnecessary attack surfaces.
>=20
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Michael Roth <michael.roth@amd.com>
> Signed-off-by: Min Xu <min.m.xu@intel.com>
> ---
>  OvmfPkg/IntelTdx/README | 19 +++++++------------
>  1 file changed, 7 insertions(+), 12 deletions(-)
>=20
> diff --git a/OvmfPkg/IntelTdx/README b/OvmfPkg/IntelTdx/README
> index cc01ebca5c0a..7307ede78faf 100644
> --- a/OvmfPkg/IntelTdx/README
> +++ b/OvmfPkg/IntelTdx/README
> @@ -26,17 +26,19 @@ There are 2 configurations for TDVF.
>   - The OvmfX64Pkg.dsc includes SEV/TDX/normal OVMF basic boot capability=
.
>     The final binary can run on SEV/TDX/normal OVMF.
>   - No changes to existing OvmfPkgX64 image layout.
> - - No need to add additional security features if they do not exist toda=
y.
>   - No need to remove features if they exist today.
> - - RTMR is not supported.
>   - PEI phase is NOT skipped in either Td or Non-Td.
> + - RTMR based measurement is supported.
> + - External inputs from Host VMM are measured, such as TdHob, CFV.
> + - Other external inputs are measured, such as FW_CFG data, os loader,
> +   initrd, etc.
>=20
>  <b>Config-B:</b>
> - - (*) Add a standalone IntelTdx.dsc to a TDX specific directory for a *=
full*
> + - Add a standalone IntelTdx.dsc to a TDX specific directory for a *full=
*
>     feature TDVF.(Align with existing SEV)
> - - (*) Threat model: VMM is out of TCB. (We need necessary change to pre=
vent
> + - Threat model: VMM is out of TCB. (We need necessary change to prevent
>     attack from VMM)
> - - (*) IntelTdx.dsc includes TDX/normal OVMF basic boot capability. The =
final
> + - IntelTdx.dsc includes TDX/normal OVMF basic boot capability. The fina=
l
>     binary can run on TDX/normal OVMF.
>   - It might eventually merge with AmdSev.dsc, but NOT at this point of
>     time. And we don?t know when it will happen. We need sync with AMD in
> @@ -48,13 +50,6 @@ There are 2 configurations for TDVF.
>     initrd, etc.
>   - Need to remove unnecessary attack surfaces, such as network stack.
>=20
> -In current stage, <b>Config-A</b> has been merged into edk2-master branc=
h.
> -The corresponding pkg file is OvmfPkg/OvmfPkgX64.dsc.
> -
> -<b>Config-B</b> is split into several waves. The corresponding pkg file =
is
> -OvmfPkg/IntelTdx/IntelTdxX64.dsc. The features with (*) have been
> implemented
> -and merged into edk2-master branch. Others are in upstreaming progress.
> -
>  Build
>  ------
>  - Build the TDVF (Config-A) target:
> --
> 2.29.2.windows.2