From: Qinkun Bao
The UEFI v2.10 spec defines the protocol EFI_CC_MEASUREMENT_PROTOCOL
to enable (for example) RTMR-based boot measurement for TDX VMs.
With the current UEFI spec’s “should not” wording and EDK2
implementation, TPM measurement in TDVF is disabled when
RTMR measurement is enabled.
On Fri, Mar 22, 2024 at 7:57 AM Dionna Amalie Glaze
wrote:
>
> On Fri, Mar 22, 2024 at 1:52 AM Gerd Hoffmann wrote:
> >
> > On Fri, Mar 22, 2024 at 02:39:20AM +, Yao, Jiewen wrote:
> > > Please aware that this option will cause potential security risk.
> > >
> > > In case that any the guest c
I brought the RFC into the CCC community
(https://github.com/confidential-computing/governance) and received
some comments.
Forward the email into the EDK2 dev and linux-coco.
Thanks,
Qinkun
-- Forwarded message -
From: Mingshen Sun
Date: Thu, Apr 4, 2024 at 1:43 PM
Subject: Re:
Hi Jiewen,
Thank you!
On Wed, Apr 10, 2024 at 3:20 PM Yao, Jiewen wrote:
>
> Hi Dionna/Qinkun
> I am not sure if systemd is the last software in guest we need to patch to
> support coexistence to extend the measurement.
The direct boot patch needs to be patched as well. Here is the link.
efi/l
Hi all,
Thank you all for the feedback.
> > In Intel, we had discussed and we did see the potential security risk. As I
> > mentioned in the first email, "In case that any the guest component only
> > knows one of vTPM or RTMR, and only extends one of vTPM or RTMR, but the
> > other one only v
