Re: [PATCH V2 0/3] Introduce TdProtocol into EDK2
Thank you for this patch.
I think it would greatly help if the EFI_TD_PROTOCOL is changed to something more architecture neutral. As I understand, this patch series is removing the dependency on TPM for measurement and is instead providing a lightweight interface for extending measurements for Confidential Compute Architecture (CCA) guests.
Considering this, it would be good to generalise EFI_TD_PROTOCOL as a Confidential Compute Architecture Measurement (CCAM) protocol.
In fact, your v2 series demonstrates this need with the introduction of MEASURE_BOOT_PROTOCOLS in "[PATCH V2 2/3] SecurityPkg: Support TdProtocol in DxeTpm2MeasureBootLib [https://edk2.groups.io/g/devel/message/81651]".
As it stands, I feel most of the code can be reused/common. Some interfaces may need to use an architecture specific library, and some configuration options would need to be defined using PCDs.
Kindly let me know your thoughts.
On 08/10/2021, 06:24, "firstname.lastname@example.org on behalf of Min Xu via groups.io" <email@example.com on behalf of firstname.lastname@example.org> wrote:
If TD-Guest firmware supports measurement and an event is created,
TD-Guest firmware is designed to report the event log with the same data
structure in TCG-Platform-Firmware-Profile specification with
The TD-Guest firmware supports measurement, the TD Guest Firmware is
designed to produce EFI_TD_PROTOCOL with new GUID EFI_TD_PROTOCOL_GUID
to report event log and provides hash capability.
Section 4.3.2 includes the EFI_TD_PROTOCOL.
Introduce the TD Protocol definition into MdePkg
Update DxeTpm2MeasureBootLib to support TD based measure boot.
Update DxeTpmMeasurementLib to support TD based measurement.
Code is at https://github.com/mxu9/edk2/tree/td_protocol.v2
- TD based measure boot is implemented in DxeTpm2MeasureBootLib.
This minimize the code changes.
- TD based measurement is added. It is implemented in
- Fix the typo in comments.
Cc: Michael D Kinney <email@example.com>
Cc: Liming Gao <firstname.lastname@example.org>
Cc: Zhiguang Liu <email@example.com>
Cc: Jiewen Yao <firstname.lastname@example.org>
Cc: Jian J Wang <email@example.com>
Cc: Ken Lu <firstname.lastname@example.org>
Signed-off-by: Min Xu <email@example.com>
Min Xu (3):
MdePkg: Introduce TdProtocol for TD-Guest firmware
SecurityPkg: Support TdProtocol in DxeTpm2MeasureBootLib
SecurityPkg: Support TdProtocol in DxeTpmMeasurementLib
MdePkg/Include/Protocol/TdProtocol.h | 305 +++++++++++++++
MdePkg/MdePkg.dec | 3 +
.../DxeTpm2MeasureBootLib.c | 346 ++++++++++++++----
.../DxeTpm2MeasureBootLib.inf | 1 +
.../DxeTpmMeasurementLib.c | 87 ++++-
.../DxeTpmMeasurementLib.inf | 1 +
6 files changed, 672 insertions(+), 71 deletions(-)
create mode 100644 MdePkg/Include/Protocol/TdProtocol.h