From nobody Mon Feb 9 11:29:47 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+98846+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+98846+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1674098924; cv=none; d=zohomail.com; s=zohoarc; b=LrHHOFTKOZhWPHJxmT4iG6Y7Kvl9F1H40FkM26CcZrL4cYLbaop5fVd3VbWAufHm01or4tPvCONo834pCm9gEdYnektIAgt6o4YMIXkF93CDQvnsFJP+twFmbTFaw+FG0K5KfE1AUOf5AFuzbsITmIoYrBA/2/mRwFXTJ7zaPXE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1674098924; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=mwnCOFe3Afihur7RY01vOJZTab3dONn9GwFgkkEZ/mk=; b=eSOfRzKzGwXAdpg/uTsAzxgurjnrk8bFunbMb2iF84TdRK2dCq5SNuWeA5gv3wmmWu8TBYhySMEdT/a7ryeIw6WvtsVQ1Y6glcnIfu4d8+4fDM+vP6bX4wOQK5/2szR+Pks2srf9guLMGYNR+VCcIS2eZv1Kh9g4Ap3NdDmb6kE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+98846+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 167409892447845.581053084284804; Wed, 18 Jan 2023 19:28:44 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id YbPqYY1788612xnr9r3iPLUZ; Wed, 18 Jan 2023 19:28:44 -0800 X-Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.37667.1674098921938942214 for ; Wed, 18 Jan 2023 19:28:43 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10594"; a="387531100" X-IronPort-AV: E=Sophos;i="5.97,226,1669104000"; d="scan'208";a="387531100" X-Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jan 2023 19:28:43 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10594"; a="692264210" X-IronPort-AV: E=Sophos;i="5.97,226,1669104000"; d="scan'208";a="692264210" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.254.211.169]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jan 2023 19:28:40 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min M Xu , Erdem Aktas , James Bottomley , Jiewen Yao , Gerd Hoffmann , Tom Lendacky , Michael Roth Subject: [edk2-devel] [PATCH V2 01/10] OvmfPkg: Add Tdx measurement data structure in WorkArea Date: Thu, 19 Jan 2023 11:28:13 +0800 Message-Id: <20230119032822.1406-2-min.m.xu@intel.com> In-Reply-To: <20230119032822.1406-1-min.m.xu@intel.com> References: <20230119032822.1406-1-min.m.xu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: SccUI06u81rNcOdh0zTGHG2Yx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1674098924; bh=eMqwqLBsU7KrAC0v+UHz9RS6ke8XN0amkpvuxi0qhpo=; h=Cc:Date:From:Reply-To:Subject:To; b=w0nLUtkCoQ61wq4Iul4L56USRGyzAcz4/R8Q497Uoj7SctouZ0OBs7glqYTy6OlwBOw 5Ear1uIqbkOUUyEK/xiekGw2mSMVMQ9uYSDjsmq7HPwN550iBAC8smZcwdXP7nYQx2rJR 32jiOtxZXn3QQHX8scwJnsOdZbuE5/2jALs= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1674098926609100006 Content-Type: text/plain; charset="utf-8" From: Min M Xu BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4243 From the perspective of security any external input should be measured and extended to some registers (TPM PCRs or TDX RTMR registers). There are below 2 external input in a Td guest: - TdHob - Configuration FV (CFV) TdHob contains the resource information passed from VMM, such as unaccepted memory region. CFV contains the configurations, such as secure boot variables. TdHob and CFV should be measured and extended to RTMRs before they're consumed. TdHob is consumed in the very early stage of boot process. At that moment the memory service is not ready. Cfv is consumed in PlatformPei to initialize the EmuVariableNvStore. To make the implementation simple and clean, these 2 external input are measured and extended to RTMRs in SEC phase. That is to say the tdx measurement is only supported in SEC phase. After the measurement the hash values are stored in WorkArea. Then after the Hob service is available, these 2 measurement values are retrieved and GuidHobs for these 2 tdx measurements are generated. This patch defines the structure of TDX_MEASUREMENTS_DATA in SEC_TDX_WORK_AREA to store above 2 tdx measurements. It can be extended to store more tdx measurements if needed in the future. Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Gerd Hoffmann Cc: Tom Lendacky Cc: Michael Roth Signed-off-by: Min Xu Acked-by: Gerd Hoffmann --- OvmfPkg/Include/WorkArea.h | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/OvmfPkg/Include/WorkArea.h b/OvmfPkg/Include/WorkArea.h index 6c3702b716f0..b1c7045ce18c 100644 --- a/OvmfPkg/Include/WorkArea.h +++ b/OvmfPkg/Include/WorkArea.h @@ -11,6 +11,7 @@ #define __OVMF_WORK_AREA_H__ =20 #include +#include =20 // // Confidential computing work area header definition. Any change @@ -64,13 +65,27 @@ typedef struct _SEV_WORK_AREA { SEC_SEV_ES_WORK_AREA SevEsWorkArea; } SEV_WORK_AREA; =20 +// +// Start of TDX Specific WorkArea definition +// + +#define TDX_MEASUREMENT_TDHOB_BITMASK 0x1 +#define TDX_MEASUREMENT_CFVIMG_BITMASK 0x2 + +typedef struct _TDX_MEASUREMENTS_DATA { + UINT32 MeasurementsBitmap; + UINT8 TdHobHashValue[SHA384_DIGEST_SIZE]; + UINT8 CfvImgHashValue[SHA384_DIGEST_SIZE]; +} TDX_MEASUREMENTS_DATA; + // // The TDX work area definition // typedef struct _SEC_TDX_WORK_AREA { - UINT32 PageTableReady; - UINT32 Gpaw; - UINT64 HobList; + UINT32 PageTableReady; + UINT32 Gpaw; + UINT64 HobList; + TDX_MEASUREMENTS_DATA TdxMeasurementsData; } SEC_TDX_WORK_AREA; =20 typedef struct _TDX_WORK_AREA { @@ -78,6 +93,10 @@ typedef struct _TDX_WORK_AREA { SEC_TDX_WORK_AREA SecTdxWorkArea; } TDX_WORK_AREA; =20 +// +// End of TDX Specific WorkArea definition +// + typedef union { CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER Header; SEV_WORK_AREA SevWorkArea; --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#98846): https://edk2.groups.io/g/devel/message/98846 Mute This Topic: https://groups.io/mt/96370894/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-