Hi
I am not clear about the design. Some questions:
1. This should be generic feature for trusted boot. Not TDX specific. Right?
2. Why we need BlobMeasurementLib?
We already have TpmMeasurementLib. Why we cannot use it?
3. Why we need BlobMeasurementLibTdx?
Even if we really need BlobMeasurementLib, the flow should be: ->BlobMeasurementLib->TpmMeasurementLib->TpmMeasurementLibTdx
4. Why we need BlobMeasurementLibNull?
We already have TpmMeasurementLibNull. What is benefit to add one more NULL MeasurementLib?
Thank you
Yao Jiewen
> -----Original Message-----
> From: Xu, Min M <min.m.xu@intel.com>
> Sent: Monday, May 23, 2022 1:56 PM
> To: devel@edk2.groups.io
> Cc: Xu, Min M <min.m.xu@intel.com>; Ard Biesheuvel
> <ardb+tianocore@kernel.org>; Justen, Jordan L <jordan.l.justen@intel.com>;
> Ashish Kalra <ashish.kalra@amd.com>; Brijesh Singh <brijesh.singh@amd.com>;
> Aktas, Erdem <erdemaktas@google.com>; James Bottomley
> <jejb@linux.ibm.com>; Yao, Jiewen <jiewen.yao@intel.com>; Tom Lendacky
> <thomas.lendacky@amd.com>; Sami Mujawar <sami.mujawar@arm.com>;
> Gerd Hoffmann <kraxel@redhat.com>
> Subject: [PATCH 0/4] Measure kernel blob
>
> Kernel blobs include the kernel image, initrd, command line. These are
> external inputs from host VMM. In some platforms,such as Tdx environment,
> Host VMM is treated as un-trusted. So these external inputs should be
> measured.
>
> This patch-set imports a new library class (BlobMeasurementLib). It is
> designed to do the blob measurement, including the kernel blob
> measurement. In the future, it will do other blob measurement, such as
> measuring ACPI table which is also passed from host VMM.
>
> The code is at: https://github.com/mxu9/edk2/tree/MeasureKernelBlob.v1
>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Ashish Kalra <ashish.kalra@amd.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Sami Mujawar <sami.mujawar@arm.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Signed-off-by: Min Xu <min.m.xu@intel.com>
>
> Min Xu (4):
> OvmfPkg: Add library class BlobMeasurementLib with null implementation
> OvmfPkg: Add BlobMeasurementLibNull to dsc
> OvmfPkg: Implement BlobMeasurementLibTdx
> OvmfPkg: Call MeasureKernelBlob after fetch from fw_cfg
>
> ArmVirtPkg/ArmVirtQemu.dsc | 1 +
> ArmVirtPkg/ArmVirtQemuKernel.dsc | 1 +
> OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +
> OvmfPkg/CloudHv/CloudHvX64.dsc | 1 +
> OvmfPkg/Include/Library/BlobMeasurementLib.h | 38 ++++++++
> .../BlobMeasurementLibTdx/BlobMeasurement.c | 87 +++++++++++++++++++
> .../BlobMeasurementLibTdx.inf | 30 +++++++
> OvmfPkg/IntelTdx/IntelTdxX64.dsc | 1 +
> .../BlobMeasurementLibNull.c | 34 ++++++++
> .../BlobMeasurementLibNull.inf | 24 +++++
> OvmfPkg/Microvm/MicrovmX64.dsc | 1 +
> OvmfPkg/OvmfPkg.dec | 3 +
> OvmfPkg/OvmfPkgIa32.dsc | 1 +
> OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
> OvmfPkg/OvmfPkgX64.dsc | 1 +
> OvmfPkg/OvmfXen.dsc | 1 +
> .../QemuKernelLoaderFsDxe.c | 13 +++
> 17 files changed, 240 insertions(+)
> create mode 100644 OvmfPkg/Include/Library/BlobMeasurementLib.h
> create mode 100644
> OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurement.c
> create mode 100644
> OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf
> create mode 100644
> OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.c
> create mode 100644
> OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.inf
>
> --
> 2.29.2.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#89960): https://edk2.groups.io/g/devel/message/89960
Mute This Topic: https://groups.io/mt/91282945/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-