On Wed, Jan 18, 2023 at 01:41:15AM +0000, Xu, Min M wrote: > On January 17, 2023 7:26 PM, Gerd Hoffmann wrote: > > So the measurement is done early and the hashes are stored to create the > > event log entries later, correct? > Yes. > > > > Why both TdHob and CFV are handled this way? It should be needed for > > TdHob only, right? The work area has a fixed size, IMHO we should not store > > data there unless we absolutely have to, and for CFV I don't see the > > justification. > In our first design CFV was measured and extended in PEI phase. Because CFV > is consumed in PlatformInitEmuVariableNvStore. > But then we find a problem. That we must either refactor the > HashLibBaseCryptoRouterPei or introduce a new HashLib in PEI phase. > 1) If HashLibBaseCryptoRouterPei is to be refactored to support > tdx-measurement, then it must detect the tdx-guest in run-time so that it can > determine to call Tpm2PcrExtend or call TdxExtendRtmr. > 2) If we import a new HashLib in PEI phase, we are facing another problem, > that we have to load either the new HashLib or HashLibBaseCryptoRouterPei in > run-time.
So, in short, we don't have support for TDX measurements in PEI, so you are doing it in SEC instead. Can you note that in the commit message? thanks, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#98772): https://edk2.groups.io/g/devel/message/98772 Mute This Topic: https://groups.io/mt/96325908/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
