Reviewed-by: Jiewen Yao <jiewen....@intel.com> > -----Original Message----- > From: Xu, Min M <min.m...@intel.com> > Sent: Friday, February 3, 2023 10:04 PM > To: devel@edk2.groups.io > Cc: Xu, Min M <min.m...@intel.com>; Aktas, Erdem > <erdemak...@google.com>; James Bottomley <j...@linux.ibm.com>; Yao, > Jiewen <jiewen....@intel.com>; Gerd Hoffmann <kra...@redhat.com>; Tom > Lendacky <thomas.lenda...@amd.com>; Michael Roth > <michael.r...@amd.com> > Subject: [PATCH V1 1/1] OvmfPkg/IntelTdx: Update README > > From: Min M Xu <min.m...@intel.com> > > TDVF's README is updated based on the latest feature. > - RTMR based measurement is supported in OvmfPkgX64 (Config-A) > - Features of Config-B have all been implemented, such as removing > unnecessary attack surfaces. > > Cc: Erdem Aktas <erdemak...@google.com> > Cc: James Bottomley <j...@linux.ibm.com> > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Gerd Hoffmann <kra...@redhat.com> > Cc: Tom Lendacky <thomas.lenda...@amd.com> > Cc: Michael Roth <michael.r...@amd.com> > Signed-off-by: Min Xu <min.m...@intel.com> > --- > OvmfPkg/IntelTdx/README | 19 +++++++------------ > 1 file changed, 7 insertions(+), 12 deletions(-) > > diff --git a/OvmfPkg/IntelTdx/README b/OvmfPkg/IntelTdx/README > index cc01ebca5c0a..7307ede78faf 100644 > --- a/OvmfPkg/IntelTdx/README > +++ b/OvmfPkg/IntelTdx/README > @@ -26,17 +26,19 @@ There are 2 configurations for TDVF. > - The OvmfX64Pkg.dsc includes SEV/TDX/normal OVMF basic boot capability. > The final binary can run on SEV/TDX/normal OVMF. > - No changes to existing OvmfPkgX64 image layout. > - - No need to add additional security features if they do not exist today. > - No need to remove features if they exist today. > - - RTMR is not supported. > - PEI phase is NOT skipped in either Td or Non-Td. > + - RTMR based measurement is supported. > + - External inputs from Host VMM are measured, such as TdHob, CFV. > + - Other external inputs are measured, such as FW_CFG data, os loader, > + initrd, etc. > > <b>Config-B:</b> > - - (*) Add a standalone IntelTdx.dsc to a TDX specific directory for a *full* > + - Add a standalone IntelTdx.dsc to a TDX specific directory for a *full* > feature TDVF.(Align with existing SEV) > - - (*) Threat model: VMM is out of TCB. (We need necessary change to prevent > + - Threat model: VMM is out of TCB. (We need necessary change to prevent > attack from VMM) > - - (*) IntelTdx.dsc includes TDX/normal OVMF basic boot capability. The final > + - IntelTdx.dsc includes TDX/normal OVMF basic boot capability. The final > binary can run on TDX/normal OVMF. > - It might eventually merge with AmdSev.dsc, but NOT at this point of > time. And we don?t know when it will happen. We need sync with AMD in > @@ -48,13 +50,6 @@ There are 2 configurations for TDVF. > initrd, etc. > - Need to remove unnecessary attack surfaces, such as network stack. > > -In current stage, <b>Config-A</b> has been merged into edk2-master branch. > -The corresponding pkg file is OvmfPkg/OvmfPkgX64.dsc. > - > -<b>Config-B</b> is split into several waves. The corresponding pkg file is > -OvmfPkg/IntelTdx/IntelTdxX64.dsc. The features with (*) have been > implemented > -and merged into edk2-master branch. Others are in upstreaming progress. > - > Build > ------ > - Build the TDVF (Config-A) target: > -- > 2.29.2.windows.2
-=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99599): https://edk2.groups.io/g/devel/message/99599 Mute This Topic: https://groups.io/mt/96722962/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
