Re: [edk2-devel] [PATCH V1 1/1] OvmfPkg/QemuBootOrderLib: Measure the etc/boot-menu-wait

Tue, 12 Mar 2024 04:04:15 -0700 

On Wed, Mar 13, 2024 at 07:51:46AM +0800, Ceping Sun wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4415
> 
> Refer to the section 8.3.4 of tdx-virtual-firmware-design-guide spec,
> OVMF would uses FW_CFG_IO_SELECTOR(0x510) and FW_CFG_IO_DATA(0x511)
> to get configuration data from QEMU. From the security perspective,
> if TDVF uses this method, configuration data must be measured into
> RTMR[0].
> 
> Currently, the etc/boot-menu-wait is using in TDVF, it required to be
> measured into RTMR[0].

That config item doesn't change the control flow.
Do we have to measure it?

> This is the first patch and will continue to be updated to measure
> additional configuration data.

What else is in the pipeline?  At least ACPI and smbios tables I assume?

I'd like to have a more complete picture first.  Also I think it makes
sense to have a single patch series implementing all of it instead of
merging it piece by piece, to avoid having multiple edk2 releases where
the measurements are changing.

Note that the current code (looking at a non-tdx build) reads several
fw_cfg items multiple times.  Entries 0 and 1 (used for probing fw_cfg
presence), 0x19 (file directory) are read most frequently.  etc/e820 is
scanned multiple times too; tvdf in tdx mode wouldn't use it though.

If we are going to measure the fw_cfg bits used by ovmf / tdvf I think
we have to:

  (1) Make sure we read + measure the data once.
  (2) Make sure we measure the fw_cfg entries in a deterministic
      order so the measurements are stable.
  (3) Cache the measured data somewhere if needed multiple times
      (or simply cache unconditionally).

We probably wouldn't measure all fw_cfg entries.  The ones used by
direct kernel boot can be skipped for example.  The kernel image will
be measured anyway before it is launched.

> +#define EV_POSTCODE_INFO_QEMU_BOOTMENU_WAIT_TIME_DATA  "QEMU BOOTMENU WAIT 
> TIME"

"QEMU FW CFG" ?

I think it makes sense to have one name and one struct for all qemu
fw_cfg items.  Or maybe two, one for the file-name based entries and
one for the others.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116677): https://edk2.groups.io/g/devel/message/116677
Mute This Topic: https://groups.io/mt/104880546/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to