Branch: refs/heads/master
Home: https://github.com/tianocore/edk2
Commit: 72c5afd0b47b26d569451bbee4cef18b0dd6e043
https://github.com/tianocore/edk2/commit/72c5afd0b47b26d569451bbee4cef18b0dd6e043
Author: Min Xu <min.m...@intel.com>
Date: 2022-06-03 (Fri, 03 Jun 2022)
Changed paths:
A SecurityPkg/Library/HashLibTdx/HashLibTdx.c
A SecurityPkg/Library/HashLibTdx/HashLibTdx.inf
M SecurityPkg/SecurityPkg.dsc
Log Message:
-----------
Security: Add HashLibTdx
RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853
This library provides hash service by registered hash handler in Td
guest. Currently only SHA384 is supported. After that the hash value is
extended to Td RTMR registers which is similar to TPM PCRs.
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Jian J Wang <jian.j.w...@intel.com>
Cc: Gerd Hoffmann <kra...@redhat.com>
Reviewed-by: Jiewen Yao <jiewen....@intel.com>
Signed-off-by: Min Xu <min.m...@intel.com>
Commit: b1567b2e15239b06952e81f15c295574fae983e3
https://github.com/tianocore/edk2/commit/b1567b2e15239b06952e81f15c295574fae983e3
Author: Min Xu <min.m...@intel.com>
Date: 2022-06-03 (Fri, 03 Jun 2022)
Changed paths:
M CryptoPkg/CryptoPkg.dsc
A CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5Null.c
A CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1Null.c
A CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256Null.c
A CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3Null.c
A CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEkuNull.c
A CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasicNull.c
A CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
Log Message:
-----------
CryptoPkg: Add SecCryptLib
RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853
This is the Cryptographic library instance for SEC. The motivation of
this library is to support SHA384 in SEC phase for Td guest. So only
Hash/CryptSha512.c is included which supports SHA384 and SHA512. Other
cryptographics are added with the null version, such as CryptMd5Null.c.
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Jian J Wang <jian.j.w...@intel.com>
Cc: Xiaoyu Lu <xiaoyu1...@intel.com>
Cc: Guomin Jiang <guomin.ji...@intel.com>
Cc: Gerd Hoffmann <kra...@redhat.com>
Reviewed-by: Jiewen Yao <jiewen....@intel.com>
Signed-off-by: Min Xu <min.m...@intel.com>
Commit: dc443e4437d0ec58aa0bf81ff91d11f1b30ac63f
https://github.com/tianocore/edk2/commit/dc443e4437d0ec58aa0bf81ff91d11f1b30ac63f
Author: Min Xu <min.m...@intel.com>
Date: 2022-06-03 (Fri, 03 Jun 2022)
Changed paths:
A SecurityPkg/Include/Guid/CcEventHob.h
M SecurityPkg/SecurityPkg.dec
Log Message:
-----------
SecurityPkg: Add definition of EFI_CC_EVENT_HOB_GUID
RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853
EFI_CC_EVENT_HOB_GUID is the global ID of a GUIDed HOB used to pass
TDX_DIGEST_VALUE from SEC to a DXE Driver ( This DXE driver will
be introduced in the following commit in this patch-sets ). In that
DXE driver this GUIDed HOB will be parsed and the TDX_DIGEST_VALUE
then will be extracted. After that a EFI_CC_EVENT will be created
based on it.
Cc: Gerd Hoffmann <kra...@redhat.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Sami Mujawar <sami.muja...@arm.com>
Cc: Jian J Wang <jian.j.w...@intel.com>
Reviewed-by: Jiewen Yao <jiewen....@intel.com>
Signed-off-by: Min Xu <min.m...@intel.com>
Commit: a708536dce4d4095b44d48fb9a90e89b11362e83
https://github.com/tianocore/edk2/commit/a708536dce4d4095b44d48fb9a90e89b11362e83
Author: Min Xu <min.m...@intel.com>
Date: 2022-06-03 (Fri, 03 Jun 2022)
Changed paths:
A OvmfPkg/Include/Library/SecMeasurementLib.h
A OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.c
A OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.inf
M OvmfPkg/OvmfPkg.dec
Log Message:
-----------
OvmfPkg: Introduce SecMeasurementLib
RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853
SecMeasurementLib is designed to do the measurement in SEC phase. In
current stage there are 2 functions introduced:
- MeasureHobList: Measure the Hoblist passed from the VMM.
- MeasureFvImage: Measure the FV image.
SecMeasurementLibTdx is the TDX version of the library.
Cc: Brijesh Singh <brijesh.si...@amd.com>
Cc: Erdem Aktas <erdemak...@google.com>
Cc: James Bottomley <j...@linux.ibm.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: Ken Lu <ken...@intel.com>
Cc: Sami Mujawar <sami.muja...@arm.com>
Cc: Gerd Hoffmann <kra...@redhat.com>
Reviewed-by: Jiewen Yao <jiewen....@intel.com>
Signed-off-by: Min Xu <min.m...@intel.com>
Commit: 4b0a622635f8ec18892b55c53ea69a0d22279af6
https://github.com/tianocore/edk2/commit/4b0a622635f8ec18892b55c53ea69a0d22279af6
Author: Min Xu <min.m...@intel.com>
Date: 2022-06-03 (Fri, 03 Jun 2022)
Changed paths:
M OvmfPkg/IntelTdx/IntelTdxX64.dsc
A OvmfPkg/Library/PeilessStartupLib/IntelTdx.c
M OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c
M OvmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h
M OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf
Log Message:
-----------
OvmfPkg/IntelTdx: Measure Td HobList and Configuration FV
RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853
TdHobList and Configuration FV are external data provided by Host VMM.
These are not trusted in Td guest. So they should be validated , measured
and extended to Td RTMR registers. In the meantime 2 EFI_CC_EVENT_HOB are
created. These 2 GUIDed HOBs carry the hash value of TdHobList and
Configuration FV. In DXE phase EFI_CC_EVENT can be created based on these
2 GUIDed HOBs.
Cc: Ard Biesheuvel <ardb+tianoc...@kernel.org>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Jordan Justen <jordan.l.jus...@intel.com>
Cc: Brijesh Singh <brijesh.si...@amd.com>
Cc: Erdem Aktas <erdemak...@google.com>
Cc: James Bottomley <j...@linux.ibm.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: Gerd Hoffmann <kra...@redhat.com>
Reviewed-by: Jiewen Yao <jiewen....@intel.com>
Signed-off-by: Min Xu <min.m...@intel.com>
Commit: ac03c339de9c905344a018eafb4fb9775b90398b
https://github.com/tianocore/edk2/commit/ac03c339de9c905344a018eafb4fb9775b90398b
Author: Min Xu <min.m...@intel.com>
Date: 2022-06-03 (Fri, 03 Jun 2022)
Changed paths:
M OvmfPkg/OvmfPkg.dec
Log Message:
-----------
OvmfPkg: Add PCDs for LAML/LASA field in CC EVENTLOG ACPI table
RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853
Add PCDs to records LAML/LASA field in CC EVENTLOG ACPI table.
Cc: Brijesh Singh <brijesh.si...@amd.com>
Cc: Erdem Aktas <erdemak...@google.com>
Cc: James Bottomley <j...@linux.ibm.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: Ken Lu <ken...@intel.com>
Cc: Sami Mujawar <sami.muja...@arm.com>
Cc: Gerd Hoffmann <kra...@redhat.com>
Reviewed-by: Jiewen Yao <jiewen....@intel.com>
Signed-off-by: Min Xu <min.m...@intel.com>
Commit: f8264e130396d60dd09f1858d766610d8eb9c04b
https://github.com/tianocore/edk2/commit/f8264e130396d60dd09f1858d766610d8eb9c04b
Author: Min Xu <min.m...@intel.com>
Date: 2022-06-03 (Fri, 03 Jun 2022)
Changed paths:
M MdePkg/Include/Protocol/CcMeasurement.h
Log Message:
-----------
MdePkg: Define CC Measure EventLog ACPI Table
RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853
TDVF set up an ACPI table (EFI_CC_EVENTLOG_ACPI_TABLE) to pass the
event-log information. The event log created by the TD owner contains
the hashes to reconstruct the MRTD and RTMR registers.
Please refer to Sec 4.3.3 in blow link:
https://www.intel.com/content/dam/develop/external/us/en/documents/
intel-tdx-guest-hypervisor-communication-interface-1.0-344426-002.pdf
Please be noted, the definition of EFI_CC_EVENTLOG_ACPI_TABLE is a
little different from the above document. This difference is based on
below discussion:
- https://edk2.groups.io/g/devel/message/87396
- https://edk2.groups.io/g/devel/message/87402
This change will be reflected in the next version of the above document.
Cc: Michael D Kinney <michael.d.kin...@intel.com>
Cc: Liming Gao <gaolim...@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang....@intel.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Jian J Wang <jian.j.w...@intel.com>
Cc: Ken Lu <ken...@intel.com>
Cc: Sami Mujawar <sami.muja...@arm.com>
Cc: Gerd Hoffmann <kra...@redhat.com>
Reviewed-by: Liming Gao <gaolim...@byosoft.com.cn>
Reviewed-by: Jiewen Yao <jiewen....@intel.com>
Signed-off-by: Min Xu <min.m...@intel.com>
Commit: 57a6ee346170c50fc5b0de49b7b2af4bdc0f2548
https://github.com/tianocore/edk2/commit/57a6ee346170c50fc5b0de49b7b2af4bdc0f2548
Author: Min Xu <min.m...@intel.com>
Date: 2022-06-03 (Fri, 03 Jun 2022)
Changed paths:
A OvmfPkg/IntelTdx/TdTcg2Dxe/MeasureBootPeCoff.c
A OvmfPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.c
A OvmfPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.inf
Log Message:
-----------
OvmfPkg/IntelTdx: Add TdTcg2Dxe
RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853
TdTcg2Dxe mimics the Security/Tcg/Tcg2Dxe. It does below tasks:
- Set up and install CC_EVENTLOG ACPI table
- Parse the GUIDed HOB (gCcEventEntryHobGuid) and create CC event log
- Measure handoff tables, Boot##### variables etc
- Measure Exit Boot Service failed
- Install CcMeasurement Protocol
Cc: Brijesh Singh <brijesh.si...@amd.com>
Cc: Erdem Aktas <erdemak...@google.com>
Cc: James Bottomley <j...@linux.ibm.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: Ken Lu <ken...@intel.com>
Cc: Sami Mujawar <sami.muja...@arm.com>
Cc: Gerd Hoffmann <kra...@redhat.com>
Reviewed-by: Jiewen Yao <jiewen....@intel.com>
Signed-off-by: Min Xu <min.m...@intel.com>
Commit: 0a4019ec9de64c6565ea545dc8d847afe2b30d6c
https://github.com/tianocore/edk2/commit/0a4019ec9de64c6565ea545dc8d847afe2b30d6c
Author: Min Xu <min.m...@intel.com>
Date: 2022-06-03 (Fri, 03 Jun 2022)
Changed paths:
M OvmfPkg/IntelTdx/IntelTdxX64.dsc
M OvmfPkg/IntelTdx/IntelTdxX64.fdf
Log Message:
-----------
OvmfPkg/IntelTdx: Enable RTMR based measurement and measure boot
RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853
Enable RTMR based measurement and measure boot for Td guest.
Cc: Brijesh Singh <brijesh.si...@amd.com>
Cc: Erdem Aktas <erdemak...@google.com>
Cc: James Bottomley <j...@linux.ibm.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: Ken Lu <ken...@intel.com>
Cc: Sami Mujawar <sami.muja...@arm.com>
Cc: Gerd Hoffmann <kra...@redhat.com>
Reviewed-by: Jiewen Yao <jiewen....@intel.com>
Signed-off-by: Min Xu <min.m...@intel.com>
Compare: https://github.com/tianocore/edk2/compare/bf25f27e0021...0a4019ec9de6
_______________________________________________
edk2-commits mailing list
edk2-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-commits
