From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web10.10514.1674029371690674837 for ; Wed, 18 Jan 2023 00:09:31 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=e2rg6wng; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1674029371; x=1705565371; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=tB37UnUTSCQzdypPBNsEMw31ze3/0EVu7/hBI+ME0WE=; b=e2rg6wngSd653eat7f2aaQQ9gXq6w2rlU/lLcta1cXXpx4ckCA3qJMKK wIZlk/bMIRNvRmA0YP30JWjYmjiYSiI79nJxFh+XiMPm3I2WzudrVNc+8 6JT7saGkf7sNsVlyoqv1WThnaOBc6aMaJ1q1ECaK+j/PXaolJfmxayA7A obxnhgFFlFIcEWAl97g/cer+RBrkwpVAIpW5ZV7zjSJdcnBTO/EOkRmnP mmgRNWgHQhkth5E50JE5aiEIlqimMbtcsoP//xCUNFNKgRG0K4LtfP7HD iISGelqk5Usf/EuZz0MC8shn46kFC7gwtcwNdLeDJjlC2AqABSyLnu+R7 g==; X-IronPort-AV: E=McAfee;i="6500,9779,10593"; a="411165911" X-IronPort-AV: E=Sophos;i="5.97,224,1669104000"; d="scan'208";a="411165911" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jan 2023 00:09:31 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10593"; a="690088502" X-IronPort-AV: E=Sophos;i="5.97,224,1669104000"; d="scan'208";a="690088502" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by orsmga008.jf.intel.com with ESMTP; 18 Jan 2023 00:09:30 -0800 Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16; Wed, 18 Jan 2023 00:09:30 -0800 Received: from fmsmsx601.amr.corp.intel.com (10.18.126.81) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16; Wed, 18 Jan 2023 00:09:29 -0800 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16 via Frontend Transport; Wed, 18 Jan 2023 00:09:29 -0800 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.43) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.16; Wed, 18 Jan 2023 00:09:29 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OMiyC6+Ykh4WD58gOdu4UetvY6RV2/+X/9OUCCpXDz/J39+S1uf7Fx/9DNYXv7ECwqbzQUPUiy2uEXWMwDGLVhR/zJEXoaHeuHxAI5QliK3xtBZWyR4QcAEZRosUdW0yQNTWL2rce53X0YMH9UfiGF87J9Swhcsa6I/QvQc1c3jee+fRBefZ3rG4/pSRlB/fhoSJGyu3WEXL/gBUk2I+UPhnidsYBNJ2dUHPwYAsCJkrl5mtPk0cKimvq4z/GnLrmrJvu+X9XE71YojKykYkXYXOrflk58Iqe1DOcfltXhTEJTrsQ0UosV3BY9nJCSX2f+VkFPeB+xWlA24qWMWVnw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=j0tREXpVu0b4as/rMIbRwqEL534lCTHVDnQSvDd4Kvo=; b=dVxyFw/5KDtOQmPeh+ZIRYSBKDbg0tg8aHgdxBMytPxyKterNLlyiKqZl/b2WomrVSWq9gZEUfeR4RZcFpgJ8FSEnaPZBy4Tmh9ax+FzwxZfQ99I29RfM8s0ZZgUoRhgv2/Zg3tkd+tR2qtqX+gaIvvHo/jFTMiTAR17lXsCAvr9InPm7VY4+FjGOv2orpKghRaqKCR1lxk/Qnat0ZFai3TwWiinzJXugiYGNmhZsCAoNqEvK0Tq2uaQQybYlmTzAqEPLLSz+Jl/4vr9ZVmtXq7IGWOB4YGu0shGTlLkOIaJQDoiLPZIbAQFoM8p9sLZizzek9j0CL+ZDSylxf8sBQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by PH7PR11MB6794.namprd11.prod.outlook.com (2603:10b6:510:1b8::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5986.23; Wed, 18 Jan 2023 08:09:21 +0000 Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::d87:9f99:2db2:43d1]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::d87:9f99:2db2:43d1%6]) with mapi id 15.20.6002.012; Wed, 18 Jan 2023 08:09:21 +0000 From: "Min Xu" To: "kraxel@redhat.com" CC: "devel@edk2.groups.io" , "Aktas, Erdem" , James Bottomley , "Yao, Jiewen" , Tom Lendacky , Michael Roth Subject: Re: [edk2-devel] [PATCH V1 1/7] OvmfPkg: Add Tdx measurement data structure in WorkArea Thread-Topic: [edk2-devel] [PATCH V1 1/7] OvmfPkg: Add Tdx measurement data structure in WorkArea Thread-Index: AQHZKkb+kLGHGhsZ0EaxI7fCLdFmVq6ieF4AgADcl8CAAH2IgIAAAMJg Date: Wed, 18 Jan 2023 08:09:20 +0000 Message-ID: References: <20230117074016.1056-1-min.m.xu@intel.com> <20230117074016.1056-2-min.m.xu@intel.com> <20230117112554.opz5cc7edq26raty@sirius.home.kraxel.org> <20230118080443.i2h6lgwzgthr54aj@sirius.home.kraxel.org> In-Reply-To: <20230118080443.i2h6lgwzgthr54aj@sirius.home.kraxel.org> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PH0PR11MB5064:EE_|PH7PR11MB6794:EE_ x-ms-office365-filtering-correlation-id: 8468cb2f-5ed5-4c1e-a731-08daf92b4dc0 x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: JwNoRacl9m81QlRpaPHJ7v8E/2cqQ/0XSRAzGPtn6Ox7csQbb1ZCInX7RQAPlFxje8c+PVkaSsyrwLxlEuKbspXiDWx27v9UngHpqeAAB/1xxGjWQPyuu7WThTTuJNE6l7SkN7c13nGq3OPnYrRr+3R2ILw92wj/2cIHkhzos65y2PUhZ8r+MF6q1sGyHirYfhY8Y4aCodhTruLbMKLFz+/0p/1NwMBSA2Ypm4Prr25XQi+1R57JABcWqtJ6O7LXYsBTHzk0vv+Snq95iVjqN5TAMY8mD7xHZrfQJ46OmnqFmwWpA25bmXA0DCb787VjuNjHtcEWDTbG0R6S++DhhUgbTmhIdkfQm/Jqb4N8VEBnqZN59livL6nkafPIsylXmI1KqMBVFD+bHoO5CVDRnZbewTu2w0YIPQt4AFPV3FKKhgTnt6QYZpXKM1PHy4vRV+Z/EShsWKJOWEb0Rhdybqk5PHXxnjZDW8v4QgWrq2+RnwbLv/9fZaHc7BzEETjLLNlCedW2G8jEPs8W6Rd5JAiBO/XVovvwfiYquOXSC7OpA4zjYt/+zuW7Jgj0qCwrrL8qGfRIzO9bUZFUh42s5aNtw1E0gq4A5WDZpC7AdUHQTx5QCGmOkFLI1SkMWkcF4GuAu+jV90DDZrdjsfSYGOdTxzWt7QjVisDXWTHgQj4PWXj970wl/UBDvCX50gsZX9/Y8+wirs5NKzG62q2wWg== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(396003)(376002)(366004)(136003)(39860400002)(346002)(451199015)(8936002)(38070700005)(86362001)(83380400001)(66476007)(8676002)(52536014)(66556008)(76116006)(66946007)(64756008)(66446008)(6916009)(55016003)(5660300002)(2906002)(4326008)(38100700002)(82960400001)(122000001)(33656002)(316002)(71200400001)(7696005)(54906003)(41300700001)(26005)(9686003)(6506007)(186003)(478600001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?cfPdhoT8ECnZyRaOVlJz09fX4PQMWjfa/sPJLsua+GbHPnVtdkwxf4RszI9u?= =?us-ascii?Q?SFoYuRAC/SegyD5OHHWWOzr6Ugzo6RxK+p4R4dbHelam8vskbhRQaoHLKQur?= =?us-ascii?Q?gtjSPY2n/Er9q0VMAm9Sa6nqzdGzBzx5RlmCk+lsxTrNwBJiKJYlFW+NwflO?= =?us-ascii?Q?EJi8zLvbOIsrhTDwtR2YH6dwvdBLj78tN3E2aXcFk6N/Nq+r5svGSNEOVNHe?= =?us-ascii?Q?bcON8N2lJOb/FW49pFauQpLWAHpaRuTEA9BGS6uqxGQqRpEryGUlzebc9WDe?= =?us-ascii?Q?vxCZ+9Pn0wvY48BMCgxEkaadMB3OOWEwWmA5SLuLe7iZ8fQDg8lvL2RTJeJX?= =?us-ascii?Q?og8XrCKjQTIr45hClABp4htyw6XbodmkFrgUy+BzY+hukqkN6S6OJKt85t9F?= =?us-ascii?Q?WduNqQLCJoHOM+sQLXDCGIrrO51gadhFakTbNFBmaudDstMfakXMOSH6FrLO?= =?us-ascii?Q?aUNkTerWY5oLok7jH4s8Y23ZI15bz/IaRlcwQNYjX6tlyDZK1hbTBDMi5YHv?= =?us-ascii?Q?og582QkFlAg4G3vI8fRL8n8d5cuhEphDadAfPWueK2ZalBGMsheuJoB4Ik5i?= =?us-ascii?Q?WZ0AvpPSMevRGLI8cpeHtFroB05PDcQpI5U/wfugRWQyYOT5ai0bcE4m9adU?= =?us-ascii?Q?8zqncpHJRA6sjW+uPqTYW8EFNHo8F9YzaMOa7hV1tnvkcDJ3pAigvlpQuH8A?= =?us-ascii?Q?5u1bsH1DhBmObYwk3pYLdaPZN3mUIjLQh1Wi3t1Zq+7xCWJuZgLYrckpnm7W?= =?us-ascii?Q?Fj5h2WsWCCrI2SGnjHhjVGFFhSCXStpttfwBMLFe2qNiY4tnMtP4cBmjCqgw?= =?us-ascii?Q?HAjVApLUgpRtwMWodVyfvXWdOE33MVwo0moYVCj7f6PiV8SUQAcp4r7R/ZgO?= =?us-ascii?Q?6afyWWJxO85LxKj2GnonXezWWBv4q7svXJEbktwvPzKNq7yD2mpYu324adR5?= =?us-ascii?Q?NAOqZN4oxf8VLzScPJ4afzVtUa0ze/lz3ga+6BDc9N+/uslic/FID+ILj7qi?= =?us-ascii?Q?GmFi9ddhfJcyjPgFntlKdcaHu5Dgf9ANeMJfla1DynF2dlcTc6FPjoUPckaI?= =?us-ascii?Q?qIpRT05f0cpUrpZprCQojTOgRbjxTqfsQPYtudYYLLVZSNQQwDmdT1fN0xTD?= =?us-ascii?Q?OoKdiWAPmRI8LO2vLuTGUkQRrnjkFa2rvEFfJZlQWYGQx4fJWGiuxkGL85H3?= =?us-ascii?Q?G3uYmG+HO5Y0l+l40qDqr4YlMMHVI0g1alyx1haq3GkjG+Q9N41lRgXf9x/N?= =?us-ascii?Q?Bybi2wCvT6ny9S7cUalSA8htPnmJCH+T9vS22uEPntXvHrEzwvNP59vczV2y?= =?us-ascii?Q?LMZZKuu9IM2hlYsdjHGeHMGkdoP5ApXOuQDLEBS1sZxIYQrF6r5SAhIFmJhV?= =?us-ascii?Q?V4T+dwXofWWLj3d6Wjg+SkvClt5cRXjJktgYJG7SKY447UgwxXENW4KavVrP?= =?us-ascii?Q?FSoV0Ze+LdACp0uou4lrzEhwQ4aFplmAr54fEuL5wHfTiU42yhwjIaqadx9L?= =?us-ascii?Q?GZxZwQ7/ee+A+na5CnkubU9v2cCt5Lwqa5+tHJpaDHM6TQkB4LZAbXj3sgru?= =?us-ascii?Q?hdGB6d8ODLbCCBatjmuO5fjBovCtxe5ovRvwfFxe?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8468cb2f-5ed5-4c1e-a731-08daf92b4dc0 X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jan 2023 08:09:20.9415 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: lJyxo8eii7kBGXBO3Q/qCWEOeVEmoAIove2rvZEXRYPNkghfqR6ajYKTHPj2F64ICq8coc4741B4X0Kl+1R1Aw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB6794 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On January 18, 2023 4:05 PM, Gerd Hoffmann wrote: > On Wed, Jan 18, 2023 at 01:41:15AM +0000, Xu, Min M wrote: > > On January 17, 2023 7:26 PM, Gerd Hoffmann wrote: > > > So the measurement is done early and the hashes are stored to create > > > the event log entries later, correct? > > Yes. > > > > > > Why both TdHob and CFV are handled this way? It should be needed > > > for TdHob only, right? The work area has a fixed size, IMHO we > > > should not store data there unless we absolutely have to, and for > > > CFV I don't see the justification. > > In our first design CFV was measured and extended in PEI phase. Because > CFV is consumed in PlatformInitEmuVariableNvStore. > > But then we find a problem. That we must either refactor the > HashLibBaseCryptoRouterPei or introduce a new HashLib in PEI phase. > > 1) If HashLibBaseCryptoRouterPei is to be refactored to support tdx- > measurement, then it must detect the tdx-guest in run-time so that it can > determine to call Tpm2PcrExtend or call TdxExtendRtmr. > > 2) If we import a new HashLib in PEI phase, we are facing another probl= em, > that we have to load either the new HashLib or HashLibBaseCryptoRouterPei > in run-time. >=20 > So, in short, we don't have support for TDX measurements in PEI, so you a= re > doing it in SEC instead. Can you note that in the commit message? Right, this patch-set doesn't support tdx measurement in PEI phase. I will = note it in the commit message. Thanks Min