From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Xu, Min M" <min.m.xu@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Aktas, Erdem" <erdemaktas@google.com>,
James Bottomley <jejb@linux.ibm.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Michael Roth <michael.roth@amd.com>
Subject: Re: [PATCH V5 00/13] Enable Tdx measurement in OvmfPkgX64
Date: Fri, 3 Feb 2023 02:25:55 +0000 [thread overview]
Message-ID: <MW4PR11MB58729886DED049F8B8A834D88CD79@MW4PR11MB5872.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20230128135842.980-1-min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@Intel.com>
> -----Original Message-----
> From: Xu, Min M <min.m.xu@intel.com>
> Sent: Saturday, January 28, 2023 9:58 PM
> To: devel@edk2.groups.io
> Cc: Xu, Min M <min.m.xu@intel.com>; Aktas, Erdem
> <erdemaktas@google.com>; James Bottomley <jejb@linux.ibm.com>; Yao,
> Jiewen <jiewen.yao@intel.com>; Gerd Hoffmann <kraxel@redhat.com>; Tom
> Lendacky <thomas.lendacky@amd.com>; Michael Roth
> <michael.roth@amd.com>
> Subject: [PATCH V5 00/13] Enable Tdx measurement in OvmfPkgX64
>
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243
>
> Tdx measurement (RTMR based measurement) is enabled in OvmfPkg/IntelTdx.
> This patch-set enables the feature in OvmfPkgX64 as well.
>
> Patch #1:
> Introduce TDX_MEASUREMETNS_DATA in SEC_TDX_WORK_AREA. That is
> because
> the RTMR measurement of TdHob and Configuration FV (CFV) are executed
> in very early stage of boot process. At that time the memory service is
> not ready and the measurement values have to be stored in OvmfWorkArea.
>
> Patch #2:
> Introduce TdxHelperLibNull which is the NULL instance of TdxHelperLib.
>
> Patch #3:
> Introduce SecTdxHelperLib which is the instance of TdxHelperLib for SEC
> Phase. This patch adds the stubs of TdxHelperLib functions. The actual
> implementation are in the following patches.
>
> Patch #4:
> Re-use the data struct of PLATFORM_FIRMWARE_BLOB2_STRUCT for
> FV_HANDOFF_TABLE_POINTERS2.
>
> Patch #5-7:
> These 3 patches move the functions ( which were implemented in
> PeilessStartupLib and PlatformInitLib ) to TdxHelperLib. So that they
> can be called in both OvmfPkgX64 and IntelTdxX64.
>
> Patch #8/9:
> These 2 patches are the changes for tdx measurement in IntelTdxX64.
>
> Patch #10-13:
> These 4 patches are the changes for OvmfPkgX64 to enable Tdx
> measurement.
>
> Code: https://github.com/mxu9/edk2/tree/TdxMeasurementInOvmfX64.v5
>
> v5 changes:
> - Re-organize the patches. Its purpose is not only to simplify review, but also
> to simplify testing. https://edk2.groups.io/g/devel/message/99209
>
> v4 changes:
> - To make the code reviewable, the implementation of
> TdxHelperBuildGuidHobForTdxMeasurement is split into 4 patches (5-8).
> - Call Sha384HashAll instead of the 3 Sha384XXX functions so that we
> need to allocate memory in SEC phase.
>
> v3 changes:
> - Use the definition of PLATFORM_FIRMWARE_BLOB2_STRUCT in
> Library/TcgEventLogRecordLib.h.
> - Rename TDX_ENABLE as TDX_MEASUREMENT_ENABLE because this flag is
> introduced for Tdx-measurement.
> - Split the patch of SecTdxHelperLib into 2 separate patches (#3/#9).
> Patch#3 implements TdxHelperMeasureTdHob and
> TdxHelperMeasureCfvImage.
> Patch#9 implements TdxHelperProcessTdHob. This is to make the patches
> more reviewable. The duplicated codes of TdxHelperProcessTdHob are
> deleted in Patch#9 as well.
> - The implementation of TdxHelperBuildGuidHobForTdxMeasurement and
> update
> of PeilessStartupLib are in one patch (#5). Because the implmentation
> of TdxHelperBuildGuidHobForTdxMeasurement was once in PeilessStartupLib.
>
> v2 changes:
> - Split the patch of TdxHelperLib into 4 separate patches. So that it is
> more reviewable.
> - Add commit message in Patch#1 to emphasize that the tdx-measurement in
> OvmfPkgX64 is supported in SEC phase.
>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Michael Roth <michael.roth@amd.com>
> Signed-off-by: Min Xu <min.m.xu@intel.com>
>
> Min M Xu (13):
> OvmfPkg: Add Tdx measurement data structure in WorkArea
> OvmfPkg/IntelTdx: Add TdxHelperLibNull
> OvmfPkg/IntelTdx: Add SecTdxHelperLib
> OvmfPkg/PeilessStartupLib: Update the define of
> FV_HANDOFF_TABLE_POINTERS2
> OvmfPkg: Refactor MeasureHobList
> OvmfPkg: Refactor MeaureFvImage
> OvmfPkg: Refactor ProcessHobList
> OvmfPkg/IntelTdx: Measure TdHob and Configuration FV in SecMain
> OvmfPkg/PeilessStartupLib: Delete the duplicated tdx measurement
> OvmfPkg/IntelTdx: Add PeiTdxHelperLib
> OvmfPkg/OvmfPkgX64: Measure TdHob and Configuration FV in SecMain
> OvmfPkg/PlatformPei: Build GuidHob for Tdx measurement
> OvmfPkg: Support Tdx measurement in OvmfPkgX64
>
> OvmfPkg/AmdSev/AmdSevX64.dsc | 5 +-
> OvmfPkg/CloudHv/CloudHvX64.dsc | 5 +-
> OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc | 10 +-
> .../Include/Dsc/OvmfTpmSecurityStub.dsc.inc | 8 +
> OvmfPkg/Include/Library/PlatformInitLib.h | 17 -
> OvmfPkg/Include/Library/TdxHelperLib.h | 70 ++
> OvmfPkg/Include/WorkArea.h | 25 +-
> OvmfPkg/IntelTdx/IntelTdxX64.dsc | 4 +-
> OvmfPkg/IntelTdx/Sec/SecMain.c | 17 +-
> OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelper.c | 91 +++
> .../IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf | 48 ++
> .../TdxHelperLib/SecTdxHelper.c} | 304 +++----
> .../IntelTdx/TdxHelperLib/SecTdxHelperLib.inf | 53 ++
> .../TdxHelperLib/TdxHelperLibNull.inf | 32 +
> OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperNull.c | 79 ++
> .../IntelTdx/TdxHelperLib/TdxMeasurementHob.c | 259 ++++++
> OvmfPkg/Library/PeilessStartupLib/IntelTdx.c | 196 -----
> .../PeilessStartupLib/PeilessStartup.c | 16 +-
> .../PeilessStartupInternal.h | 36 -
> .../PeilessStartupLib/PeilessStartupLib.inf | 6 -
> OvmfPkg/Library/PlatformInitLib/IntelTdx.c | 768 ------------------
> .../Library/PlatformInitLib/IntelTdxNull.c | 20 -
> .../PlatformInitLib/PlatformInitLib.inf | 1 -
> OvmfPkg/Microvm/MicrovmX64.dsc | 5 +-
> OvmfPkg/OvmfPkg.dec | 4 +
> OvmfPkg/OvmfPkgX64.dsc | 20 +-
> OvmfPkg/OvmfPkgX64.fdf | 7 +
> OvmfPkg/PlatformPei/IntelTdx.c | 3 +
> OvmfPkg/Sec/SecMain.c | 17 +-
> 29 files changed, 915 insertions(+), 1211 deletions(-)
> create mode 100644 OvmfPkg/Include/Library/TdxHelperLib.h
> create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelper.c
> create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf
> copy OvmfPkg/{Library/PlatformInitLib/IntelTdx.c =>
> IntelTdx/TdxHelperLib/SecTdxHelper.c} (80%)
> create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf
> create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperLibNull.inf
> create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperNull.c
> create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/TdxMeasurementHob.c
> delete mode 100644 OvmfPkg/Library/PeilessStartupLib/IntelTdx.c
>
> --
> 2.29.2.windows.2
prev parent reply other threads:[~2023-02-03 2:26 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-28 13:58 [PATCH V5 00/13] Enable Tdx measurement in OvmfPkgX64 Min Xu
2023-01-28 13:58 ` [PATCH V5 01/13] OvmfPkg: Add Tdx measurement data structure in WorkArea Min Xu
2023-01-28 13:58 ` [PATCH V5 02/13] OvmfPkg/IntelTdx: Add TdxHelperLibNull Min Xu
2023-01-28 13:58 ` [PATCH V5 03/13] OvmfPkg/IntelTdx: Add SecTdxHelperLib Min Xu
2023-02-02 12:54 ` Gerd Hoffmann
2023-01-28 13:58 ` [PATCH V5 04/13] OvmfPkg/PeilessStartupLib: Update the define of FV_HANDOFF_TABLE_POINTERS2 Min Xu
2023-02-02 12:56 ` Gerd Hoffmann
2023-01-28 13:58 ` [PATCH V5 05/13] OvmfPkg: Refactor MeasureHobList Min Xu
2023-02-02 13:09 ` Gerd Hoffmann
2023-01-28 13:58 ` [PATCH V5 06/13] OvmfPkg: Refactor MeaureFvImage Min Xu
2023-02-02 13:09 ` Gerd Hoffmann
2023-01-28 13:58 ` [PATCH V5 07/13] OvmfPkg: Refactor ProcessHobList Min Xu
2023-02-02 13:09 ` Gerd Hoffmann
2023-01-28 13:58 ` [PATCH V5 08/13] OvmfPkg/IntelTdx: Measure TdHob and Configuration FV in SecMain Min Xu
2023-01-28 13:58 ` [PATCH V5 09/13] OvmfPkg/PeilessStartupLib: Delete the duplicated tdx measurement Min Xu
2023-02-02 13:10 ` Gerd Hoffmann
2023-02-02 23:27 ` Min Xu
2023-01-28 13:58 ` [PATCH V5 10/13] OvmfPkg/IntelTdx: Add PeiTdxHelperLib Min Xu
2023-01-28 13:58 ` [PATCH V5 11/13] OvmfPkg/OvmfPkgX64: Measure TdHob and Configuration FV in SecMain Min Xu
2023-02-02 13:15 ` Gerd Hoffmann
2023-01-28 13:58 ` [PATCH V5 12/13] OvmfPkg/PlatformPei: Build GuidHob for Tdx measurement Min Xu
2023-02-02 13:15 ` Gerd Hoffmann
2023-01-28 13:58 ` [PATCH V5 13/13] OvmfPkg: Support Tdx measurement in OvmfPkgX64 Min Xu
2023-02-02 13:15 ` Gerd Hoffmann
2023-02-03 2:25 ` Yao, Jiewen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MW4PR11MB58729886DED049F8B8A834D88CD79@MW4PR11MB5872.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox