Re: [edk2-devel] [PATCH V1 1/7] OvmfPkg: Add Tdx measurement data structure in WorkArea

["Min Xu" <min.m.xu@intel.com>]

On January 18, 2023 4:05 PM, Gerd Hoffmann wrote:
> On Wed, Jan 18, 2023 at 01:41:15AM +0000, Xu, Min M wrote:
> > On January 17, 2023 7:26 PM, Gerd Hoffmann wrote:
> > > So the measurement is done early and the hashes are stored to create
> > > the event log entries later, correct?
> > Yes.
> > >
> > > Why both TdHob and CFV are handled this way?  It should be needed
> > > for TdHob only, right?  The work area has a fixed size, IMHO we
> > > should not store data there unless we absolutely have to, and for
> > > CFV I don't see the justification.
> > In our first design CFV was measured and extended in PEI phase. Because
> CFV is consumed in PlatformInitEmuVariableNvStore.
> > But then we find a problem. That we must either refactor the
> HashLibBaseCryptoRouterPei or introduce a new HashLib in PEI phase.
> > 1) If HashLibBaseCryptoRouterPei is to be refactored to support tdx-
> measurement, then it must detect the tdx-guest in run-time so that it can
> determine to call Tpm2PcrExtend or call TdxExtendRtmr.
> > 2) If we import a new HashLib in PEI phase, we are facing another problem,
> that we have to load either the new HashLib or HashLibBaseCryptoRouterPei
> in run-time.
> 
> So, in short, we don't have support for TDX measurements in PEI, so you are
> doing it in SEC instead.  Can you note that in the commit message?
Right, this patch-set doesn't support tdx measurement in PEI phase. I will note it in the commit message.

Thanks
Min