I have few naive questions. Sorry if the answers were obvious.
>>TDVF also include a configuration firmware volume (CFV) that is separated
>>from the BFV. The reason is because the CFV is measured in RTMR, while
>>the BFV is measured in MRTD.
If I understand correctly, this means that the BFV is
> On Sep 1, 2021, at 9:53 AM, James Bottomley wrote:
>
> On Wed, 2021-09-01 at 08:59 +, Yao, Jiewen wrote:
>> Hi Min
>> I agree with Gerd and Ard in this case.
>>
>> It is NOT so obvious that the FTW is produced then consumed in the
>> code. What if the attacker prepares some special
On Wed, 2021-09-01 at 08:59 +, Yao, Jiewen wrote:
> Hi Min
> I agree with Gerd and Ard in this case.
>
> It is NOT so obvious that the FTW is produced then consumed in the
> code. What if the attacker prepares some special configuration to
> trigger the FTW process at the first boot, the code
dan L
> ; Brijesh Singh ; Erdem
> Aktas ; James Bottomley ;
> Yao, Jiewen ; Tom Lendacky
>
> Subject: RE: [edk2-devel] [PATCH V5 1/2] OvmfPkg: Introduce Tdx BFV/CFV PCDs
> and PcdOvmfImageSizeInKb
>
> On September 1, 2021 2:57 PM, Ard Biesheuvel wrote:
> > On Wed,
Hi,
> As to the spare part in varstore, it is not external input, is it?
It is part of the VARS file passed by the host to the guest.
With normal ovmf its part of the writable flash. I'd consider
that external input, although I think nothing actually uses it
so it should just be a zero-filled
On September 1, 2021 2:57 PM, Ard Biesheuvel wrote:
> On Wed, 1 Sept 2021 at 08:10, Gerd Hoffmann wrote:
> >
> > Hi,
> >
> > > > I didn't fully investigate what kind of attacks one can do. I'm
> > > > pretty sure simply making the variable store larger and the spare
> > > > smaller works, so
On Wed, 1 Sept 2021 at 08:10, Gerd Hoffmann wrote:
>
> Hi,
>
> > > I didn't fully investigate what kind of attacks one can do. I'm pretty
> > > sure simply
> > > making the variable store larger and the spare smaller works, so parts of
> > > the
> > > variable store are outside the area you
Hi,
> > I didn't fully investigate what kind of attacks one can do. I'm pretty
> > sure simply
> > making the variable store larger and the spare smaller works, so parts of
> > the
> > variable store are outside the area you are measuring. Not fully sure
> > whenever
> > one can actually
On August 31, 2021 6:21 PM, Gerd Hoffmann wrote:
> On Tue, Aug 31, 2021 at 06:17:29AM +, Xu, Min M wrote:
> > On August 31, 2021 1:13 PM, Gerd Hoffmann wrote:
> > > Hi,
> > >
> > > > > From a security point of view I don't think it is a good idea to
> > > > > hard code any assumptions about
On Tue, Aug 31, 2021 at 06:17:29AM +, Xu, Min M wrote:
> On August 31, 2021 1:13 PM, Gerd Hoffmann wrote:
> > Hi,
> >
> > > > From a security point of view I don't think it is a good idea to
> > > > hard code any assumptions about the layout of the vars volume.
> > > Do you mean I cannot
On August 31, 2021 1:13 PM, Gerd Hoffmann wrote:
> Hi,
>
> > > From a security point of view I don't think it is a good idea to
> > > hard code any assumptions about the layout of the vars volume.
> > Do you mean I cannot assume the layout of VarStore?
> > At least in Ovmf the VarStore.fdf.inc
Hi,
> > From a security point of view I don't think it is a good idea to hard code
> > any
> > assumptions about the layout of the vars volume.
> Do you mean I cannot assume the layout of VarStore?
> At least in Ovmf the VarStore.fdf.inc defines the layout of VarStore like
> below.
What
On Monday, August 30, 2021 3:04 PM, Gerd Hoffmann wrote:
>
> Hi,
>
> > In practice BFV is the code part of Ovmf image. CFV is the vars part
> > of Ovmf image (exclude the SPARE part).
>
> Why do you exclude the spare part?
CFV includes all the provisioned data, such as UEFI Secure Boot
Hi,
> In practice BFV is the code part of Ovmf image. CFV is the vars part of
> Ovmf image (exclude the SPARE part).
Why do you exclude the spare part?
>From a security point of view I don't think it is a good idea to hard
code any assumptions about the layout of the vars volume.
> +SET
RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
Tdx Virtual Firmware (TDVF) includes one Firmware Volume (FV) known
as the Boot Firmware Volume (BFV). The FV format is defined in the
UEFI Platform Initialization (PI) spec. BFV includes all TDVF components
required during boot.
TDVF also
15 matches
Mail list logo