From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mx.groups.io with SMTP id smtpd.web12.25530.1653298590819919039 for ; Mon, 23 May 2022 02:36:31 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=LIKL/c3o; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: jiewen.yao@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653298590; x=1684834590; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=nQ62ydfmzJ0BDRjOsgC0Y1nbJn456eHDQ22+2RCjMJs=; b=LIKL/c3oW1TyNzOgFh/Br85232kbyu/BatI65TbOAsj2Du5IgWspKYnw EkdxoIuZGbVm/aWdX5ir2o2fhGzABgf/rEvaun9G+hhd/2vjOhqpnwuV5 IregJrA7iKhalYv+vkmEQzgtua8cXJ7LgVfWLre7ADQqsxIs/HWh5k1KY vTetFnqtakOw1cZAQwvLYzwjrx4mnXdb72kMy+DatdLJAkqwqQAKrVTao VxFrGUuuNPe5DWjfy77XxLCw+8cqk/Iduq6P+a8r8WUG/f6DAOCl0ct2K FayZgnMYfGHmg96CxcxJ+ITWfRfmaTGCuJtTpUD9iwsaocSJixEhLEHd2 g==; X-IronPort-AV: E=McAfee;i="6400,9594,10355"; a="273158482" X-IronPort-AV: E=Sophos;i="5.91,246,1647327600"; d="scan'208";a="273158482" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 May 2022 02:36:30 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,246,1647327600"; d="scan'208";a="525838113" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by orsmga003.jf.intel.com with ESMTP; 23 May 2022 02:36:30 -0700 Received: from orsmsx608.amr.corp.intel.com (10.22.229.21) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Mon, 23 May 2022 02:36:29 -0700 Received: from orsmsx606.amr.corp.intel.com (10.22.229.19) by ORSMSX608.amr.corp.intel.com (10.22.229.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Mon, 23 May 2022 02:36:29 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Mon, 23 May 2022 02:36:29 -0700 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.176) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Mon, 23 May 2022 02:36:29 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Yaakl1cGLer39hTnc6k7B6ciHlonT3cVcS+pLdhKUS7eyJz4bQGT2D76QO3qMA4XIHbac+LxpE5w1iWLWmZ7eqdJqZedNnIbSCOBHxXPLCfvqqMgYIy9ZIquz0Enum9uYSiV2tHcyjtbE2c3P3tkF9pfZsuxa+J8GAcE4ocnz0O4d1nDU7uRG0ocmtWSx1M4BQRAxpkIfTa1LMeunQ1NfaNG4RjPw7hS8OrEC2Skw+ai6IBHfZfdSdZEOydtvAh1BlvBGJrhNyOrSh3oDdK7Sp7sZgJBSDzNBmr71xnd9JWyJsGcZMr40fiV+26wuNDFaBOSax8UGj/SF0lzQW3u3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=myGSl1j6RQcTtNgIhixf2XufqyYqqxPoZWeINZipcMU=; b=BGN44iPXW9iPQSdPVeN8157pp604odR7l7cnJPTuRKWWIqsBmQhzV8PbK7KnX5r1RUaqbn1YkJrucDTTNbnpNjLXjhL5FVSK0+VkogZIZ7vYLkbIBpxZaSV28PY9mXC+sicRr/pcMu5l7KbtDY+bymyPCMJlFFTDuo9hAYkvVGzo0U9IwFAJAJurrQg4AgaaZ/63Wiu3NMQpiPETPaHQXwctfFPtSh5uJqlYWX+G0uQqZ8VTznscBZEY8p7bDPbaAIQvdZE9/WHyNMtu54A5lLEY7tfQMGvhSPQAfsw+apa7tchpZsCJvIJRONdR7jpEpKImhiWug4CwPSKAekZJbA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by BN8PR11MB3586.namprd11.prod.outlook.com (2603:10b6:408:84::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5273.17; Mon, 23 May 2022 09:36:26 +0000 Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::d55d:28c1:bfab:3dd]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::d55d:28c1:bfab:3dd%5]) with mapi id 15.20.5273.022; Mon, 23 May 2022 09:36:26 +0000 From: "Yao, Jiewen" To: "devel@edk2.groups.io" , "Yao, Jiewen" , "Xu, Min M" CC: Ard Biesheuvel , "Justen, Jordan L" , Ashish Kalra , "Brijesh Singh" , "Aktas, Erdem" , "James Bottomley" , Tom Lendacky , "Sami Mujawar" , Gerd Hoffmann Subject: Re: [edk2-devel] [PATCH 0/4] Measure kernel blob Thread-Topic: [edk2-devel] [PATCH 0/4] Measure kernel blob Thread-Index: AQHYbmnPn+wneqiiK02nJ6Wh+rDPEa0sL/rAgAAEF3A= Date: Mon, 23 May 2022 09:36:25 +0000 Message-ID: References: <16F1B1F290429BFD.18186@groups.io> In-Reply-To: <16F1B1F290429BFD.18186@groups.io> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.6.401.20 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: b240eef8-15cb-45f9-8402-08da3c9fb502 x-ms-traffictypediagnostic: BN8PR11MB3586:EE_ x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: jyPowt8vSGfumeD8N20a/OvMKKB/FpvHLLm3rX3/plXeW5n5ArPq5vwmcmCzN6nS/kTAnOqP1lhTT/bgsLp4lV3MVBdotem+t/FlBHXxswjt4+bQKOQiXxrqvq9WRUt7JBrfBqDSxnWpgk8VrQYGJSWlldZyNp9NbaT5DvZvN3heiCISf3Wn8tiv76iUnRgzLhMdgTRpGnk71UAotB9CxpUIeVKiHZR1WMZygYP9SlOPEnqvJv1XBCWus1pyizIeFoBafPKiCOX6jYvgPOS2VuJgKMtIoud+45yMgdKGNcDcOJYkdBWc/4urO+3YwWWOZCG3ZcWiuCcyhqWJSWSH3uiNhiEZ+grtRQ0VoffWdy2GKMvvycA+5By6ZxnS8CA/1lgR3bTN8hsdBu/CCwmS5zMcYcQBXrNUEWoKtHHXHi6vSY2dje4ZizcMYzS6DWekAAK6z/byB+lENaI6VdpGxvmAhVS5d7YcbzEZT6qOCKZo5z3gSmAsc4QvnxwPY0sV2tFgq8fvaZSJqKp6053wyOxr5BKE1QQGiXmav53qNUQBxqh8ZV2EHy71VDEYL2940N1vsV3OzyGuFq09S2iLm0AeBLb/bxkRt75PTDcUgZaHQgB51CYFkWE6Egwjl9xD2/uCPIrjf/EvaY4AeBIhJ+wFRjNplz5Sx6wuJWY6AnUvlmgxb7I75iVqMk009ZEmC96vpmczSQxp/RytQB3q2yVgUWKAqRQBfa0iQV77H3+VDgeif5NWgVzcKYXVCvJWHlvrpiu21h1r2VhZGDAx4Tlag8Na9ZtI/PV0Wn0CP0xTsBNtSywHUZYXBRFWPzELm893yG7Tqi1jdNLG1sxJdg== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(2906002)(71200400001)(5660300002)(186003)(7696005)(26005)(66556008)(8676002)(4326008)(66446008)(66476007)(64756008)(76116006)(66946007)(966005)(508600001)(9686003)(33656002)(6506007)(53546011)(86362001)(52536014)(83380400001)(8936002)(122000001)(55016003)(38100700002)(38070700005)(19627235002)(82960400001)(110136005)(316002)(6636002)(54906003);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?FPOR0KlCE+KrVRYuYvAd6i2ysTEG1KNiho2rUdLSKJ9RYKTyL70bdleshzhz?= =?us-ascii?Q?F/bdGA2S6vAM3tmifrXT6I9sAnc+37dyCMd2b1fyRxw9WNDFu2davx0+eZs0?= =?us-ascii?Q?pPnaXYT7vci4vNObe7MWkyQcp9brfjp5qQu/xvV2fFDrLARcE2fMfXc+3uFM?= =?us-ascii?Q?As28FfFSl/ZDEXbHdj+9+xexsPs8lI8pCRLlCEYOczbFcB9WWT9KxqCQzGcN?= =?us-ascii?Q?6IeDHRtR2xzH80a2bipXJo03JzLBCRiIZE1g0qLbmDCk7MkyuvWHGD4E+lOq?= =?us-ascii?Q?032Zg7z1rr0zo58wFEGoVR5wwAG1+vbSrAnCC8iES7n4T1L8wrxpiIiqbe2v?= =?us-ascii?Q?FtvfwyRPeduA8hPPtHEMhOpB72jP6mUyXbgGE8wqYVMq/+6huJBe7akKitQX?= =?us-ascii?Q?d05THBVrSkfEj8xKg8nFokEzKqciUF9w3P7y0mCJqhL5PaeeSI4KmqXW86RW?= =?us-ascii?Q?BE0YawogQj5P/QpqKOjqO83ikIMXNlH3b1YMp/UDGdtuSnHWNGwdNayNGCPJ?= =?us-ascii?Q?DqDFNekyorWS99z+gIb+qWOtRvzVFZlKyskCdkR15eC82Q2yZQOq4RI9uSJE?= =?us-ascii?Q?KJdF3Ms3/Hjua4OEkSv29FBUHHPKEThu50+Ggqt1mCbczi6ZnmB4pBNjmVzM?= =?us-ascii?Q?4XEAAO0pxaFof0GdoaewYGqxrN+Cae7ohw/P+DJxWUb5jLcke3y5srH1TDAD?= =?us-ascii?Q?RbGZV/Q2Ku/Dz9nmHKysWLgD+JuwkIsUSCVwHuI3Zc8vqn9yx/PISSCQIl1s?= =?us-ascii?Q?LIibN4WVpip3vxH4XNTD7zN37Bd2OTCl1lqJJ5KfTN3HRLk2hCs1eNQ4DQgZ?= =?us-ascii?Q?vO+qaLdFsz1rzx2XwiZCfJLOZoZS7eHZXxaqSHirlMtKda11XSssLH7JJCFD?= =?us-ascii?Q?V2K0OUmYf6yHgYY05vDY77Jve7ePqVYHph+XYfvJ0Hf/S39pTZrrmUoH5m1f?= =?us-ascii?Q?TdHBQXK/SwkTVpalZn1SFoIfEEvkaD1QM6yS5tDw3wEyP35BHY56y39ai/Ix?= =?us-ascii?Q?rzPsjm+5yMqu+J3EHNELEZ7ducuJKR1t8vtWY+Tzx/HeLzZdS0H6kG+2vLhv?= =?us-ascii?Q?Mvh6URFbOUdhwR7mfoutTUidwKUeKP9E3KjN4eRrPpJsVl13h18euWFimBFA?= =?us-ascii?Q?9wX8W3JjzEVUiKee5p8u85LbOGg2yNwSv3vzcV85Y53EC5/2iPo2drRxNxet?= =?us-ascii?Q?cShfWJi8ESBUWTmhFEnAZwX5lLAfOfz3BJ0WoVQxbKPxCH3zo8tISt1KLpNE?= =?us-ascii?Q?rEOblVg0q8+RgWnLriNByxCICtCwPCi6zWD+wiF5YjhBD8+sfvPN2g5vLmsa?= =?us-ascii?Q?/spXSc3DgBf4CblLfmqCzr7Dr3EuRTvn8cvuNhMNvBR/+xoRknsTYpXBQZA/?= =?us-ascii?Q?Lz5R8V1k2UY4o8WLlwUyF6iQT7EktvzqXh8odIqKpAIUzbSUpkp6GdyICdpX?= =?us-ascii?Q?Leuvf5auru1evqkbFf8T7xCYb3owUCVf34aqfKXp9OYnKBA+mIrT/V/4P6OE?= =?us-ascii?Q?dN6CERt4/+Kc04D8sLllTxoJSS6M6ZY2pxsyC2lVQKPu55O9lpY42mTzP+L9?= =?us-ascii?Q?HsG6GpS5nRUyPhksDMD8UdLfZJeSH1Vcw88GHMoP7D3l2FEFu9DrfBRLH6lh?= =?us-ascii?Q?11jmRXFNvJUPsvOO/crO6lzg9k77T/meVVOlnZGRDWQcuI1wWiss7ndW1xjy?= =?us-ascii?Q?jvCU+5GgLfKE+cMJxhaxvncCRZKsNOrYb45FQ7UxYws2rqml0VuREm8toj07?= =?us-ascii?Q?75w5iTQfbQ=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b240eef8-15cb-45f9-8402-08da3c9fb502 X-MS-Exchange-CrossTenant-originalarrivaltime: 23 May 2022 09:36:26.0029 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: wgLxrMZDJaKJoQdrjJOKLq0pndxdiuQx5UVEFqtA7XdnNCG2mUpo1l0Pgbs6x2yCWRANATWXjKgh1eLa0c4WKw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3586 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Fix Typo for 3: ->BlobMeasurementLib->TpmMeasurementLib->TpmMeasurementLibTdx Should be: ->BlobMeasurementLib->TpmMeasurementLib->CcProtocol->Tdx > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Yao, Jiewe= n > Sent: Monday, May 23, 2022 5:30 PM > To: Xu, Min M ; devel@edk2.groups.io > Cc: Ard Biesheuvel ; Justen, Jordan L > ; Ashish Kalra ; Brijesh > Singh ; Aktas, Erdem ; > James Bottomley ; Tom Lendacky > ; Sami Mujawar ; > Gerd Hoffmann > Subject: Re: [edk2-devel] [PATCH 0/4] Measure kernel blob >=20 > Hi > I am not clear about the design. Some questions: >=20 > 1. This should be generic feature for trusted boot. Not TDX specific. Rig= ht? >=20 > 2. Why we need BlobMeasurementLib? > We already have TpmMeasurementLib. Why we cannot use it? >=20 > 3. Why we need BlobMeasurementLibTdx? > Even if we really need BlobMeasurementLib, the flow should be: - > >BlobMeasurementLib->TpmMeasurementLib->TpmMeasurementLibTdx >=20 > 4. Why we need BlobMeasurementLibNull? > We already have TpmMeasurementLibNull. What is benefit to add one more > NULL MeasurementLib? >=20 > Thank you > Yao Jiewen >=20 > > -----Original Message----- > > From: Xu, Min M > > Sent: Monday, May 23, 2022 1:56 PM > > To: devel@edk2.groups.io > > Cc: Xu, Min M ; Ard Biesheuvel > > ; Justen, Jordan L ; > > Ashish Kalra ; Brijesh Singh > ; > > Aktas, Erdem ; James Bottomley > > ; Yao, Jiewen ; Tom Lendacky > > ; Sami Mujawar ; > > Gerd Hoffmann > > Subject: [PATCH 0/4] Measure kernel blob > > > > Kernel blobs include the kernel image, initrd, command line. These are > > external inputs from host VMM. In some platforms,such as Tdx environmen= t, > > Host VMM is treated as un-trusted. So these external inputs should be > > measured. > > > > This patch-set imports a new library class (BlobMeasurementLib). It is > > designed to do the blob measurement, including the kernel blob > > measurement. In the future, it will do other blob measurement, such as > > measuring ACPI table which is also passed from host VMM. > > > > The code is at: https://github.com/mxu9/edk2/tree/MeasureKernelBlob.v1 > > > > Cc: Ard Biesheuvel > > Cc: Jordan Justen > > Cc: Ashish Kalra > > Cc: Brijesh Singh > > Cc: Erdem Aktas > > Cc: James Bottomley > > Cc: Jiewen Yao > > Cc: Tom Lendacky > > Cc: Sami Mujawar > > Cc: Gerd Hoffmann > > Signed-off-by: Min Xu > > > > Min Xu (4): > > OvmfPkg: Add library class BlobMeasurementLib with null implementatio= n > > OvmfPkg: Add BlobMeasurementLibNull to dsc > > OvmfPkg: Implement BlobMeasurementLibTdx > > OvmfPkg: Call MeasureKernelBlob after fetch from fw_cfg > > > > ArmVirtPkg/ArmVirtQemu.dsc | 1 + > > ArmVirtPkg/ArmVirtQemuKernel.dsc | 1 + > > OvmfPkg/AmdSev/AmdSevX64.dsc | 2 + > > OvmfPkg/CloudHv/CloudHvX64.dsc | 1 + > > OvmfPkg/Include/Library/BlobMeasurementLib.h | 38 ++++++++ > > .../BlobMeasurementLibTdx/BlobMeasurement.c | 87 > +++++++++++++++++++ > > .../BlobMeasurementLibTdx.inf | 30 +++++++ > > OvmfPkg/IntelTdx/IntelTdxX64.dsc | 1 + > > .../BlobMeasurementLibNull.c | 34 ++++++++ > > .../BlobMeasurementLibNull.inf | 24 +++++ > > OvmfPkg/Microvm/MicrovmX64.dsc | 1 + > > OvmfPkg/OvmfPkg.dec | 3 + > > OvmfPkg/OvmfPkgIa32.dsc | 1 + > > OvmfPkg/OvmfPkgIa32X64.dsc | 1 + > > OvmfPkg/OvmfPkgX64.dsc | 1 + > > OvmfPkg/OvmfXen.dsc | 1 + > > .../QemuKernelLoaderFsDxe.c | 13 +++ > > 17 files changed, 240 insertions(+) > > create mode 100644 OvmfPkg/Include/Library/BlobMeasurementLib.h > > create mode 100644 > > OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurement.c > > create mode 100644 > > OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf > > create mode 100644 > > OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.c > > create mode 100644 > > OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.inf > > > > -- > > 2.29.2.windows.2 >=20 >=20 >=20 >=20 >=20