OvmfPkg/IntelTdx/Sec/SecMain.inf {\r
<LibraryClasses>\r
NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf\r
- TpmMeasurementLib|SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf\r
NULL|OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf\r
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf\r
- HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf\r
- NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf\r
}\r
\r
#\r
volatile UINT8 *Table;\r
\r
if (CcProbe () == CcGuestTypeIntelTdx) {\r
+ //\r
+ // From the security perspective all the external input should be measured before\r
+ // it is consumed. TdHob and Configuration FV (Cfv) image are passed from VMM\r
+ // and should be measured here.\r
+ //\r
+ if (EFI_ERROR (TdxHelperMeasureTdHob ())) {\r
+ CpuDeadLoop ();\r
+ }\r
+\r
+ if (EFI_ERROR (TdxHelperMeasureCfvImage ())) {\r
+ CpuDeadLoop ();\r
+ }\r
+\r
//\r
// For Td guests, the memory map info is in TdHobLib. It should be processed\r
// first so that the memory is accepted. Otherwise access to the unaccepted\r
\r
if (TdIsEnabled ()) {\r
//\r
- // Measure HobList\r
- //\r
- Status = TdxHelperMeasureTdHob ();\r
- if (EFI_ERROR (Status)) {\r
- ASSERT (FALSE);\r
- CpuDeadLoop ();\r
- }\r
-\r
- //\r
- // Measure Tdx CFV\r
- //\r
- Status = TdxHelperMeasureCfvImage ();\r
- if (EFI_ERROR (Status)) {\r
- ASSERT (FALSE);\r
- CpuDeadLoop ();\r
- }\r
-\r
- //\r
- // Build GuidHob for tdx measurement\r
+ // Build GuidHob for the tdx measurements which were done in SEC phase.\r
//\r
Status = TdxHelperBuildGuidHobForTdxMeasurement ();\r
if (EFI_ERROR (Status)) {\r
PrePiLib\r
QemuFwCfgLib\r
PlatformInitLib\r
- HashLib\r
- TpmMeasurementLib\r
\r
[Guids]\r
gEfiHobMemoryAllocModuleGuid\r
projects / mirror_edk2.git / commitdiff