OvmfPkg/IntelTdx: Measure TdHob and Configuration FV in SecMain

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243

TdHob and Configuration FV (Cfv) are external inputs from VMM. From the
security perspective, they should be measured before they're consumed.
This patch measures TdHob and Cfv and stores the measurement values in
WorkArea.

After TdHob and Configuration FV (Cfv) are measured in SecMain, the
same measurements in PeilessStartupLib are deleted.

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>

1 files changed, 0 insertions, 3 deletions

diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index 920f1c6080..41de2e9428 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -548,11 +548,8 @@
   OvmfPkg/IntelTdx/Sec/SecMain.inf {

     <LibraryClasses>

       NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf

-      TpmMeasurementLib|SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf

       NULL|OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf

       BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf

-      HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf

-      NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf

   }

 

   #