- The OvmfX64Pkg.dsc includes SEV/TDX/normal OVMF basic boot capability.\r
The final binary can run on SEV/TDX/normal OVMF.\r
- No changes to existing OvmfPkgX64 image layout.\r
- - No need to add additional security features if they do not exist today.\r
- No need to remove features if they exist today.\r
- - RTMR is not supported.\r
- PEI phase is NOT skipped in either Td or Non-Td.\r
+ - RTMR based measurement is supported.\r
+ - External inputs from Host VMM are measured, such as TdHob, CFV.\r
+ - Other external inputs are measured, such as FW_CFG data, os loader,\r
+ initrd, etc.\r
\r
<b>Config-B:</b>\r
- - (*) Add a standalone IntelTdx.dsc to a TDX specific directory for a *full*\r
+ - Add a standalone IntelTdx.dsc to a TDX specific directory for a *full*\r
feature TDVF.(Align with existing SEV)\r
- - (*) Threat model: VMM is out of TCB. (We need necessary change to prevent\r
+ - Threat model: VMM is out of TCB. (We need necessary change to prevent\r
attack from VMM)\r
- - (*) IntelTdx.dsc includes TDX/normal OVMF basic boot capability. The final\r
+ - IntelTdx.dsc includes TDX/normal OVMF basic boot capability. The final\r
binary can run on TDX/normal OVMF.\r
- It might eventually merge with AmdSev.dsc, but NOT at this point of\r
time. And we don?t know when it will happen. We need sync with AMD in\r
initrd, etc.\r
- Need to remove unnecessary attack surfaces, such as network stack.\r
\r
-In current stage, <b>Config-A</b> has been merged into edk2-master branch.\r
-The corresponding pkg file is OvmfPkg/OvmfPkgX64.dsc.\r
-\r
-<b>Config-B</b> is split into several waves. The corresponding pkg file is\r
-OvmfPkg/IntelTdx/IntelTdxX64.dsc. The features with (*) have been implemented\r
-and merged into edk2-master branch. Others are in upstreaming progress.\r
-\r
Build\r
------\r
- Build the TDVF (Config-A) target:\r
projects / mirror_edk2.git / commitdiff