From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web11.14007.1655025721126710454 for ; Sun, 12 Jun 2022 02:22:02 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=ZSg2CJjh; spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1655025721; x=1686561721; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=7JnweEAasirN7Z3Cn1g5+zJquVVICZCG/IKWol7mf0M=; b=ZSg2CJjhL40TtU6cv4WH4ksrG1+cjOOhMMM0gWKfH3Itb17+XCtwpePg cEsvnT2U4up8S0xk6ySmaxad/Ehye74q8mAKs4WLo09M+KQFpbUruX+iF csaeERSmW4iE7VIS85vNfyzzEhPXFSDOo1EULe+KLGtzfuz6VRzA2P1KV PkF2MtZFerA4e3ElJs1XQrAy6R7I6DUQ33uN9k6qUZo4M9QdY44sSTGRh L+KHsgnMhf3oRuhGd7SXp8bNd4PIRgr9KbMou0f02KrXvCL4Jg2pJkOq9 5uCFHTaU4KuLVB3SxmTxHYpRTXzEz7FtDlg0qy6D2dgUoCjtb+9pD7DnP A==; X-IronPort-AV: E=McAfee;i="6400,9594,10375"; a="266736018" X-IronPort-AV: E=Sophos;i="5.91,294,1647327600"; d="scan'208";a="266736018" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Jun 2022 02:21:59 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,294,1647327600"; d="scan'208";a="672724065" Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by FMSMGA003.fm.intel.com with ESMTP; 12 Jun 2022 02:21:59 -0700 Received: from orsmsx604.amr.corp.intel.com (10.22.229.17) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Sun, 12 Jun 2022 02:21:59 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx604.amr.corp.intel.com (10.22.229.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Sun, 12 Jun 2022 02:21:59 -0700 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.177) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Sun, 12 Jun 2022 02:21:58 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=W28xSLRnMXYNtX7qz/Cndn4O1MReVcvbX9d1TMXO2LGVbvpKFjxaEeduSomQSwzNHEGSnJn9N/qIMCPvjHZhvF3Mgr7si+fRWsl+qcFIbO7HuPqzJTNp+GNbDtKVaAc41FZUa8qVqPfCWqApf65xG7GigxWBoScs2PjkIDIakRBi9ZhIytEZiYy9+o42J1jAfrtXEa1WoNb6dUqcZGmf0Utjss0xGwmvMFoqDDpMelLvWe69OnjK0VkcMc5Xanqq3zsKZ/X5JDaS5GiIXy4neIjwwrFjmtCYr1z80aU1E4dsiq0SoDetkIX8Wac9q6MeUSZMtxvX5/vN0VcbqcXYWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7JnweEAasirN7Z3Cn1g5+zJquVVICZCG/IKWol7mf0M=; b=PgWlMeR2glq6WF8+n5CZ7tEsFsl9+PA7n5x+0UuW6aU/w53NGomDmNwDweCGa1lVaOukJyEMkPQsB734uBpH+FPRCkf6k6/q/hftUxwWL0kYvUebYViozSgNQ0XxcISV6zfcXFMeUP70VVfY15BGD0oSgO0hizvxypbweA1NmkxvnFypBdiXK1JsguCkXbVUnAQTGaiciUGy27q3qTAEKoZLL6RlgkvUeVf8DDOYLleqf7Y80xyxSLoyST8nyv4WJK55VMSo/sP7gXnTWKJ/mMXHQN0JdJ54OS1Xorg40qpuYGj6yPVPFcseTxKT6V04oddtKrUmj5pYTQJf3KIWpg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from SA2SPR01MB0002.namprd11.prod.outlook.com (2603:10b6:806:110::6) by BN9PR11MB5243.namprd11.prod.outlook.com (2603:10b6:408:134::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5332.13; Sun, 12 Jun 2022 09:21:56 +0000 Received: from SA2SPR01MB0002.namprd11.prod.outlook.com ([fe80::5986:272:e85d:e362]) by SA2SPR01MB0002.namprd11.prod.outlook.com ([fe80::5986:272:e85d:e362%9]) with mapi id 15.20.5332.019; Sun, 12 Jun 2022 09:21:56 +0000 From: "Min Xu" To: Gerd Hoffmann CC: "devel@edk2.groups.io" , Ard Biesheuvel , "Yao, Jiewen" , "Justen, Jordan L" , Brijesh Singh , "Aktas, Erdem" , James Bottomley , Tom Lendacky Subject: Re: [PATCH V4 5/9] OvmfPkg/IntelTdx: Measure Td HobList and Configuration FV Thread-Topic: [PATCH V4 5/9] OvmfPkg/IntelTdx: Measure Td HobList and Configuration FV Thread-Index: AQHYaPiSflW+8XLHMUGqbqVE4HR//a1IyDwAgALhQ2A= Date: Sun, 12 Jun 2022 09:21:55 +0000 Message-ID: References: <20220610132210.54deaotdn32pidui@sirius.home.kraxel.org> In-Reply-To: <20220610132210.54deaotdn32pidui@sirius.home.kraxel.org> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.6.500.17 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: af560488-b70b-47f0-cd89-08da4c54fea5 x-ms-traffictypediagnostic: BN9PR11MB5243:EE_ x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: OBKu8YA3N0ipnoFF0ib+d56plmiJDd5KK+NKHa5q4mMow2EihP4SLUpqbEauo+x3Vz7xt4ToPFatrvY6b2txc1DbN/O1R584cOBGGmAH9jK4rTTrFB37RImoCgkpe8QY/QkWchTrWQLl4+4AZhARSGj+lJEF9GUKjKTE6iupJIxCi3QakB/KJ/JNSj4/X333wBTyWsWRcnKLGA7o8Di5usPIehIRHdeGNeFfBDRq/NZrrelun0nac0AXY62EAaw91BhyyaIRaiZ+dTqbRhQp4akMcjWj9Hp25CGO4y/IzyNHKejJNEKaPXkSTzrZYgEiziLxdavJYD7G86gQS6wOLGBD5DxlbI0dUtaNLogw9zgSBiBtb4y4qXDPzaHPHD1H4/+4HZpk2tlQ9DUEgBeG5L4itRKzedtCkvIKCNq0F9ryrsAz7c4/MNZtJDX4wndIKIPQpvDWKQO+yTA7DOTqQETV0laEyoslIuh85TSrga8Fv1RFUG1n2zFolQYA3pkzFfSrgyHkRAU7zPETuNG/7oZICNFKQHmirSGlBYKha90Y2SqQLe3/wtNu7+pSvfS/qddZHBj9HuXQgaS7QVebGk4mxlDCm1r+TQJDLICf9e9VIH5xxSjk4/BlZFHVtZrB1wzliKJEOjTUlJs5w5TukMb+ja2yBy/qcWIi4XyvX+/AbdVWu6ML+tq9FhB94RjV0VwnAW0jsM/I38zxih26A2gGveADUedayZ7g4xEUA5KlUPnXkyi0je8sruZ8MKJvv3b0/ex0k0GE38JPvWcJiufLuPZG+L9eQ6ELXWVEUWQ= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA2SPR01MB0002.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230016)(366004)(8676002)(122000001)(38100700002)(8936002)(966005)(52536014)(26005)(9686003)(66476007)(66446008)(64756008)(66946007)(66556008)(76116006)(54906003)(38070700005)(316002)(6916009)(7696005)(4744005)(83380400001)(71200400001)(186003)(82960400001)(508600001)(4326008)(2906002)(55016003)(86362001)(5660300002)(33656002)(6506007);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?41cw8N/cQ5uvFfhNJzTtbBv8Yg9i3ynUS2Pj9ps7vuMPKdGNHGWA5+eFCcdu?= =?us-ascii?Q?3UKEC7da60Ar5pXXVy3m7IzCFrP9Kr5w/MfxLavcU9iYbr1ZHOTK5iSVp3BO?= =?us-ascii?Q?uDZJCDHsElRCuVbihQKTTpEoIgk7cHrWLWJe/MvPdmPiKUh72AHI71dMM4dv?= =?us-ascii?Q?NANDMf11SPQn1bJTHynT4fpvgA2joSEVVR+qCIjs8Pmd61jvldnZNWWzo2aO?= =?us-ascii?Q?POmoBvzqbsmqhD57OiOvT+K682aOR/PF0gcFFAmVyUXMAc6aBv1BlG1pt5bD?= =?us-ascii?Q?cGxugmOuJVvhecl/sXwjULzuF3aK2FV0UH8r1aE+sJuJbqK5uJdZifpA9hnm?= =?us-ascii?Q?+SeDervPL24SeKWqOn2erVRsYqLrlBAwG/ZtENi08uZ4cET/jdjbGLeR9WUK?= =?us-ascii?Q?MNA58tE3OLPqqrScPccSy3NBv93XQKmVszmq8YnaFaw2qhbqs6V62nzUEyrB?= =?us-ascii?Q?/tAQxA4JAjT7h/Wu25h8V2lNdL9jIL+xm8oL0OJ7CZw2MUnk8GDsk4c19PWx?= =?us-ascii?Q?Ag1x4XMD8h3aH/UxPKlv9TILJA24qPS2QQIX1OggOs4DFaLTjHuUgWDwKlFN?= =?us-ascii?Q?VPx092BiwLzKJZuZvA/EXc4HQbe++sQ27+BRobXv0OwU8jCOvjlPJ5BBuC1z?= =?us-ascii?Q?KQHdK63+jMpxk8KfNGkWb7txh82IvzMdtzHeIzfyVeTbEDI2fJ5Rvi1e9vpd?= =?us-ascii?Q?Y+0r3llY0DekSTskIC0IUixdAzH8Gfq0MNn+wNttVsDt9k1/el8QQRHJ/ayO?= =?us-ascii?Q?oxB+kQOWk1F3X1KSJ4YtN7QOl+5UOXAD2T3aelIsXkXu2L2jphacObJy2ZHD?= =?us-ascii?Q?68NhGvXtJibijZX/fCUAiMU5ehgvVQwuNWPL0KwLe0p4iYHfBy2Og9uWgcvA?= =?us-ascii?Q?Yb+KtdvkTn3sl5+ZskEAt1S6ni7t4a4MaOsvPcH+GGrr3IrV5iMkXD8hZyDE?= =?us-ascii?Q?7+UGEHilNyhvZ2o+oEg+/lquqdDCyOjXoTtg+nYOJYhPCBF275GGbPU//Iq8?= =?us-ascii?Q?p6cU+6Ysmo6YN5v6fmVXsY5BbH9wSzga2G2sKVlJzRKRrKnbxqW1RwlVoroS?= =?us-ascii?Q?gmtOtEb21NrOfWs/oft6ewfUG0dlcAFTit2HdBbX0LBWt3sMFJNJbnVF2F6N?= =?us-ascii?Q?oXmnca6WtNPjmj+Ag9PNgs8rtWSK3jFqmNlsXB1cv1MHfDGpyMxh83Okocno?= =?us-ascii?Q?eQHr2Q53t8ZNtJXaFaa+Jl/lefHGy7sEnwIaU2F/gpZBOirDaqs3g9ji1Vry?= =?us-ascii?Q?KxP1ICS66O+xhABM40vXdidYlmQRB9xXiqZ4ZfqqZPqTfp7j5O54BPbhc8ye?= =?us-ascii?Q?0KrXYoGirJjrY0BTEXW0hPuLQvOhZi+Xs4wNzvkII8JpYWv7GYNw7q1gqX5M?= =?us-ascii?Q?cCodD7UqIxwwzZ1DMGCZaQA3/eJiNIcUFRadGzfMrfykIdBSCbDCkQkUuwIL?= =?us-ascii?Q?inuIhX2zFHKsRSvy4N29MKjmy2Qs9SfAk06N/PnqbyMSOhOwUJhIDi7CxmLq?= =?us-ascii?Q?bx5DLebEjUCt9PMaNbyUQxnM0AepS9Kdcock1cDtDq3x7oNZ1/3N5LX9bflS?= =?us-ascii?Q?3OEIYfAw2e3z9o3s+UE568bxNpt4J+WVKkTmCAnRl+T7AksWZkelxbilgvZs?= =?us-ascii?Q?LlRjimSCdPB2+OADnGx9LoQFhn+iG7dzfl6Zo3d2r/1V9vc+ATXL/NUAvv2W?= =?us-ascii?Q?gXJFa/JQA/Ly7xoBwKs2FciGCkQ2eR0SrnarWZ7Y3HdtQx35S1OhOxNX2INY?= =?us-ascii?Q?aLXooFWe3Q=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SA2SPR01MB0002.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: af560488-b70b-47f0-cd89-08da4c54fea5 X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jun 2022 09:21:55.9121 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: RcD5YvSgwJNSHgETsI6x4QqEHni3tqQfSp93USzVGN5y13H7xaZwgO0ALha9kdQ+ZX/YjkmNU4y7tb84bzdWcw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN9PR11MB5243 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On June 10, 2022 9:22 PM, Gerd Hoffmann wrote: > On Mon, May 16, 2022 at 03:42:19PM +0800, Min Xu wrote: > > RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3853 > > > > TdHobList and Configuration FV are external data provided by Host VMM. > > These are not trusted in Td guest. So they should be validated , > > measured and extended to Td RTMR registers. In the meantime 2 > > EFI_CC_EVENT_HOB are created. These 2 GUIDed HOBs carry the hash > value > > of TdHobList and Configuration FV. In DXE phase EFI_CC_EVENT can be > > created based on these > > 2 GUIDed HOBs. >=20 > This breaks booting the IntelTdx build without tdx: >=20 > ASSERT > /home/kraxel/projects/edk2/SecurityPkg/Library/HashLibTdx/HashLibTdx.c( > 189): TdIsEnabled () >=20 Thanks for reminder. I will submit a fix right now. Thanks Min