OvmfPkg/IntelTdx: Update README

TDVF's README is updated based on the latest feature.
 - RTMR based measurement is supported in OvmfPkgX64 (Config-A)
 - Features of Config-B have all been implemented, such as removing
   unnecessary attack surfaces.

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>

diff --git a/OvmfPkg/IntelTdx/README b/OvmfPkg/IntelTdx/README
index cc01ebca5c0a04f5dfbb7f54d9fea1313d34bfce..7307ede78fafea71d25abf258753f99cef5275c9 100644 (file)
--- a/OvmfPkg/IntelTdx/README
+++ b/OvmfPkg/IntelTdx/README
@@ -26,17 +26,19 @@ There are 2 configurations for TDVF.
  - The OvmfX64Pkg.dsc includes SEV/TDX/normal OVMF basic boot capability.\r
    The final binary can run on SEV/TDX/normal OVMF.\r
  - No changes to existing OvmfPkgX64 image layout.\r
  - The OvmfX64Pkg.dsc includes SEV/TDX/normal OVMF basic boot capability.\r
    The final binary can run on SEV/TDX/normal OVMF.\r
  - No changes to existing OvmfPkgX64 image layout.\r

- - No need to add additional security features if they do not exist today.\r

  - No need to remove features if they exist today.\r
  - No need to remove features if they exist today.\r

- - RTMR is not supported.\r

  - PEI phase is NOT skipped in either Td or Non-Td.\r
  - PEI phase is NOT skipped in either Td or Non-Td.\r

+ - RTMR based measurement is supported.\r
+ - External inputs from Host VMM are measured, such as TdHob, CFV.\r
+ - Other external inputs are measured, such as FW_CFG data, os loader,\r
+   initrd, etc.\r

 \r
 <b>Config-B:</b>\r
 \r
 <b>Config-B:</b>\r

- - (*) Add a standalone IntelTdx.dsc to a TDX specific directory for a *full*\r
+ - Add a standalone IntelTdx.dsc to a TDX specific directory for a *full*\r

    feature TDVF.(Align with existing SEV)\r
    feature TDVF.(Align with existing SEV)\r

- - (*) Threat model: VMM is out of TCB. (We need necessary change to prevent\r
+ - Threat model: VMM is out of TCB. (We need necessary change to prevent\r

    attack from VMM)\r
    attack from VMM)\r

- - (*) IntelTdx.dsc includes TDX/normal OVMF basic boot capability. The final\r
+ - IntelTdx.dsc includes TDX/normal OVMF basic boot capability. The final\r

    binary can run on TDX/normal OVMF.\r
  - It might eventually merge with AmdSev.dsc, but NOT at this point of\r
    time. And we don?t know when it will happen. We need sync with AMD in\r
    binary can run on TDX/normal OVMF.\r
  - It might eventually merge with AmdSev.dsc, but NOT at this point of\r
    time. And we don?t know when it will happen. We need sync with AMD in\r


@@ -48,13 +50,6 @@ There are 2 configurations for TDVF.
    initrd, etc.\r
  - Need to remove unnecessary attack surfaces, such as network stack.\r
 \r
    initrd, etc.\r
  - Need to remove unnecessary attack surfaces, such as network stack.\r
 \r

-In current stage, <b>Config-A</b> has been merged into edk2-master branch.\r
-The corresponding pkg file is OvmfPkg/OvmfPkgX64.dsc.\r
-\r
-<b>Config-B</b> is split into several waves. The corresponding pkg file is\r
-OvmfPkg/IntelTdx/IntelTdxX64.dsc. The features with (*) have been implemented\r
-and merged into edk2-master branch. Others are in upstreaming progress.\r
-\r

 Build\r
 ------\r
 - Build the TDVF (Config-A) target:\r
 Build\r
 ------\r
 - Build the TDVF (Config-A) target:\r