diff options
author | Min M Xu <min.m.xu@intel.com> | 2024-07-10 21:05:53 -0400 |
---|---|---|
committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2024-07-12 07:58:34 +0000 |
commit | 2b6d0eb43439891e641750cd5054b1bc3fb40e72 (patch) | |
tree | 5bdda5ded47d439ac358946f4f93231243be5f4d /OvmfPkg/IntelTdx | |
parent | 2e7230f1ba65e0ec9e6a3e191cca3a8b04e22ca8 (diff) | |
download | edk2-2b6d0eb43439891e641750cd5054b1bc3fb40e72.tar.gz edk2-2b6d0eb43439891e641750cd5054b1bc3fb40e72.tar.bz2 edk2-2b6d0eb43439891e641750cd5054b1bc3fb40e72.zip |
OvmfPkg/OvmfPkgX64: Set default value of CC_MEASUREMENT_ENABLE to TRUE
CC_MEASUREMENT_ENABLE is designed to control the loading of TdTcg2Dxe
driver which is for EFI_CC_MEASUREMENT_PROTOCOL. TdTcg2Dxe is TD-Guest
specific driver.
From the security perspective a TD-Guest shall always load the TdTcg2Dxe
driver so that EFI_CC_MEASUREMENT_PROTOCOL is installed and booting
events are measured and extended to RTMRs.
TdTcg2Dxe will check if it is running in a TD-Guest. If not then it
returns right now and no EFI_CC_MEASUREMENT_PROTOCOL is installed.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Diffstat (limited to 'OvmfPkg/IntelTdx')
-rw-r--r-- | OvmfPkg/IntelTdx/README.md | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/OvmfPkg/IntelTdx/README.md b/OvmfPkg/IntelTdx/README.md index c168167c12..6e13c1748e 100644 --- a/OvmfPkg/IntelTdx/README.md +++ b/OvmfPkg/IntelTdx/README.md @@ -61,8 +61,8 @@ Build cd /path/to/edk2
source edksetup.sh
-## without CC_MEASUREMENT enabled
-build -p OvmfPkg/OvmfPkgX64.dsc -a X64 -t GCC5 -b RELEASE
+## CC_MEASUREMENT disabled
+build -p OvmfPkg/OvmfPkgX64.dsc -a X64 -t GCC5 -D CC_MEASUREMENT_ENABLE=FALSE -b RELEASE
## CC_MEASUREMENT enabled
build -p OvmfPkg/OvmfPkgX64.dsc -a X64 -t GCC5 -D CC_MEASUREMENT_ENABLE=TRUE -b RELEASE
|