Merged https://github.com/tianocore/edk2/pull/2943
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Min Xu
> Sent: Monday, May 16, 2022 3:42 PM
> To: devel@edk2.groups.io
> Cc: Xu, Min M <min.m.xu@intel.com>
> Subject: [edk2-devel] [PATCH V4 0/9] Enable RTMR based measurement and
> measure boot for Td guest
>
> RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853
>
> Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology
> that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory
> Encryption (MKTME) with a new kind of virutal machines guest called a
> Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the
> confidentiality of TD memory contents and the TD's CPU state from other
> software, including the hosting Virtual-Machine Monitor (VMM), unless
> explicitly shared by the TD itself.
>
> There are 2 configurations for TDVF to upstream. See below link for
> the definitions of the 2 configurations.
> https://edk2.groups.io/g/devel/message/76367
>
> This patch-set is to enable below features of Config-B in OvmfPkg.
> - Enable RTMR based measurement and measured boot
> - Install CC_MEASUREMENT_PROTOCOL instance in Td guest
>
> The measurement for the other components, such as kernel image, initrd,
> will be introduced in the following patch-sets.
>
> Patch 1:
> HashLibTdx provides SHA384 service and extend to RTMR registers.
>
> Patch 2:
> SecCryptLib is the cryptographic library instance for SEC.
>
> Patch 3 - 8:
> These 6 patches are related to RTMR based measurement and
> CC Eventlog ACPI table.
>
> Patch 9:
> Update IntelTdxX64.dsc/IntelTdxX64.fdf to support RTMR based
> measurement and measured boot.
>
> Code at: https://github.com/mxu9/edk2/tree/tdvf_wave4.v4
>
> v4 changes:
> - Update Rsvd field in EFI_CC_EVENTLOG_ACPI_TABLE to UINT16.
> - Rebase EDK2 code base. (commit: 708620d29db8)
>
> v3 changes:
> - Refine HashLibBaseCryptoRouterTdx to HashLibTdx
> - Add NULL version algorithms in SecCryptLib.
> - Add SecMeasurementLib which does the measurement in SEC phase.
> - Rebase EDK2 code base. (commit: 91a03f78ba)
>
> v2 changes:
> - Move the definition of EFI_CC_EVENT_HOB_GUID from MdePkg to
> SecurityPkg.
> - Update the definition of EFI_CC_EVENTLOG_ACPI_TABLE based
> on below discussion:
> https://edk2.groups.io/g/devel/message/87396
> https://edk2.groups.io/g/devel/message/87402
> - Update the code base to 94f905b3bf.
>
>
> Min Xu (9):
> Security: Add HashLibTdx
> CryptoPkg: Add SecCryptLib
> SecurityPkg: Add definition of EFI_CC_EVENT_HOB_GUID
> OvmfPkg: Introduce SecMeasurementLib
> OvmfPkg/IntelTdx: Measure Td HobList and Configuration FV
> OvmfPkg: Add PCDs for LAML/LASA field in CC EVENTLOG ACPI table
> MdePkg: Define CC Measure EventLog ACPI Table
> OvmfPkg/IntelTdx: Add TdTcg2Dxe
> OvmfPkg/IntelTdx: Enable RTMR based measurement and measure boot
>
> CryptoPkg/CryptoPkg.dsc | 4 +
> .../Library/BaseCryptLib/Hash/CryptMd5Null.c | 163 ++
> .../Library/BaseCryptLib/Hash/CryptSha1Null.c | 166 ++
> .../BaseCryptLib/Hash/CryptSha256Null.c | 162 ++
> .../Library/BaseCryptLib/Hash/CryptSm3Null.c | 164 ++
> .../BaseCryptLib/Pk/CryptPkcs7VerifyEkuNull.c | 152 +
> .../BaseCryptLib/Pk/CryptRsaBasicNull.c | 121 +
> .../Library/BaseCryptLib/SecCryptLib.inf | 91 +
> MdePkg/Include/Protocol/CcMeasurement.h | 21 +
> OvmfPkg/Include/Library/SecMeasurementLib.h | 46 +
> OvmfPkg/IntelTdx/IntelTdxX64.dsc | 16 +-
> OvmfPkg/IntelTdx/IntelTdxX64.fdf | 5 +
> .../IntelTdx/TdTcg2Dxe/MeasureBootPeCoff.c | 407 +++
> OvmfPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.c | 2489 +++++++++++++++++
> OvmfPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.inf | 101 +
> OvmfPkg/Library/PeilessStartupLib/IntelTdx.c | 163 ++
> .../PeilessStartupLib/PeilessStartup.c | 31 +
> .../PeilessStartupInternal.h | 17 +
> .../PeilessStartupLib/PeilessStartupLib.inf | 8 +-
> .../SecMeasurementLib/SecMeasurementLibTdx.c | 340 +++
> .../SecMeasurementLibTdx.inf | 30 +
> OvmfPkg/OvmfPkg.dec | 10 +
> SecurityPkg/Include/Guid/CcEventHob.h | 22 +
> SecurityPkg/Library/HashLibTdx/HashLibTdx.c | 207 ++
> SecurityPkg/Library/HashLibTdx/HashLibTdx.inf | 37 +
> SecurityPkg/SecurityPkg.dec | 4 +
> SecurityPkg/SecurityPkg.dsc | 10 +
> 27 files changed, 4984 insertions(+), 3 deletions(-)
> create mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5Null.c
> create mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1Null.c
> create mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256Null.c
> create mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3Null.c
> create mode 100644
> CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEkuNull.c
> create mode 100644 CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasicNull.c
> create mode 100644 CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
> create mode 100644 OvmfPkg/Include/Library/SecMeasurementLib.h
> create mode 100644 OvmfPkg/IntelTdx/TdTcg2Dxe/MeasureBootPeCoff.c
> create mode 100644 OvmfPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.c
> create mode 100644 OvmfPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.inf
> create mode 100644 OvmfPkg/Library/PeilessStartupLib/IntelTdx.c
> create mode 100644
> OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.c
> create mode 100644
> OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.inf
> create mode 100644 SecurityPkg/Include/Guid/CcEventHob.h
> create mode 100644 SecurityPkg/Library/HashLibTdx/HashLibTdx.c
> create mode 100644 SecurityPkg/Library/HashLibTdx/HashLibTdx.inf
>
> --
> 2.29.2.windows.2
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90178): https://edk2.groups.io/g/devel/message/90178
Mute This Topic: https://groups.io/mt/91135107/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-