Re: [PATCH V2 0/3] Introduce TdProtocol into EDK2

Sami Mujawar

Hi Min,

Thank you for this patch.

I think it would greatly help if the EFI_TD_PROTOCOL is changed to something more architecture neutral. As I understand, this patch series is removing the dependency on TPM for measurement and is instead providing a lightweight interface for extending measurements for Confidential Compute Architecture (CCA) guests.

Considering this, it would be good to generalise EFI_TD_PROTOCOL as a Confidential Compute Architecture Measurement (CCAM) protocol.
In fact, your v2 series demonstrates this need with the introduction of MEASURE_BOOT_PROTOCOLS in "[PATCH V2 2/3] SecurityPkg: Support TdProtocol in DxeTpm2MeasureBootLib []".

As it stands, I feel most of the code can be reused/common. Some interfaces may need to use an architecture specific library, and some configuration options would need to be defined using PCDs.

Kindly let me know your thoughts.


Sami Mujawar

´╗┐On 08/10/2021, 06:24, " on behalf of Min Xu via" < on behalf of> wrote:


If TD-Guest firmware supports measurement and an event is created,
TD-Guest firmware is designed to report the event log with the same data
structure in TCG-Platform-Firmware-Profile specification with

The TD-Guest firmware supports measurement, the TD Guest Firmware is
designed to produce EFI_TD_PROTOCOL with new GUID EFI_TD_PROTOCOL_GUID
to report event log and provides hash capability.
Section 4.3.2 includes the EFI_TD_PROTOCOL.

Patch #1:
Introduce the TD Protocol definition into MdePkg

Patch #2:
Update DxeTpm2MeasureBootLib to support TD based measure boot.

Patch #3:
Update DxeTpmMeasurementLib to support TD based measurement.

Code is at

v2 changes:
- TD based measure boot is implemented in DxeTpm2MeasureBootLib.
This minimize the code changes.
- TD based measurement is added. It is implemented in
- Fix the typo in comments.

Cc: Michael D Kinney <>
Cc: Liming Gao <>
Cc: Zhiguang Liu <>
Cc: Jiewen Yao <>
Cc: Jian J Wang <>
Cc: Ken Lu <>
Signed-off-by: Min Xu <>

Min Xu (3):
MdePkg: Introduce TdProtocol for TD-Guest firmware
SecurityPkg: Support TdProtocol in DxeTpm2MeasureBootLib
SecurityPkg: Support TdProtocol in DxeTpmMeasurementLib

MdePkg/Include/Protocol/TdProtocol.h | 305 +++++++++++++++
MdePkg/MdePkg.dec | 3 +
.../DxeTpm2MeasureBootLib.c | 346 ++++++++++++++----
.../DxeTpm2MeasureBootLib.inf | 1 +
.../DxeTpmMeasurementLib.c | 87 ++++-
.../DxeTpmMeasurementLib.inf | 1 +
6 files changed, 672 insertions(+), 71 deletions(-)
create mode 100644 MdePkg/Include/Protocol/TdProtocol.h


Join to automatically receive all group messages.