diff options
| author | Min M Xu <min.m.xu@intel.com> | 2023-02-03 11:31:43 +0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2023-02-04 03:38:15 +0000 |
| commit | 019621d0780df546637a4a032994f123eb91037d (patch) | |
| tree | 7a5dc32666a6c750700d6a30e57c98f45707f361 /OvmfPkg/Library/PeilessStartupLib | |
| parent | c0984d1ff28325a8f1c76e23a79141cbb12c3e4f (diff) | |
| download | edk2-019621d0780df546637a4a032994f123eb91037d.zip edk2-019621d0780df546637a4a032994f123eb91037d.tar.gz edk2-019621d0780df546637a4a032994f123eb91037d.tar.bz2 | |
OvmfPkg/IntelTdx: Measure TdHob and Configuration FV in SecMain
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243
TdHob and Configuration FV (Cfv) are external inputs from VMM. From the
security perspective, they should be measured before they're consumed.
This patch measures TdHob and Cfv and stores the measurement values in
WorkArea.
After TdHob and Configuration FV (Cfv) are measured in SecMain, the
same measurements in PeilessStartupLib are deleted.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'OvmfPkg/Library/PeilessStartupLib')
| -rw-r--r-- | OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c | 20 | ||||
| -rw-r--r-- | OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf | 2 |
2 files changed, 1 insertions, 21 deletions
diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c b/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c index 79d3a17..164aa2d 100644 --- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c +++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c @@ -176,25 +176,7 @@ PeilessStartup ( if (TdIsEnabled ()) {
//
- // Measure HobList
- //
- Status = TdxHelperMeasureTdHob ();
- if (EFI_ERROR (Status)) {
- ASSERT (FALSE);
- CpuDeadLoop ();
- }
-
- //
- // Measure Tdx CFV
- //
- Status = TdxHelperMeasureCfvImage ();
- if (EFI_ERROR (Status)) {
- ASSERT (FALSE);
- CpuDeadLoop ();
- }
-
- //
- // Build GuidHob for tdx measurement
+ // Build GuidHob for the tdx measurements which were done in SEC phase.
//
Status = TdxHelperBuildGuidHobForTdxMeasurement ();
if (EFI_ERROR (Status)) {
diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf index 4ced5dd..e77ad7b 100644 --- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf +++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf @@ -56,8 +56,6 @@ PrePiLib
QemuFwCfgLib
PlatformInitLib
- HashLib
- TpmMeasurementLib
[Guids]
gEfiHobMemoryAllocModuleGuid
|