diff options
Diffstat (limited to 'OvmfPkg/IntelTdx/Sec/SecMain.c')
| -rw-r--r-- | OvmfPkg/IntelTdx/Sec/SecMain.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c index 41bd5c66ba..ccb217b709 100644 --- a/OvmfPkg/IntelTdx/Sec/SecMain.c +++ b/OvmfPkg/IntelTdx/Sec/SecMain.c @@ -63,6 +63,19 @@ SecCoreStartupWithStack ( if (CcProbe () == CcGuestTypeIntelTdx) {
//
+ // From the security perspective all the external input should be measured before
+ // it is consumed. TdHob and Configuration FV (Cfv) image are passed from VMM
+ // and should be measured here.
+ //
+ if (EFI_ERROR (TdxHelperMeasureTdHob ())) {
+ CpuDeadLoop ();
+ }
+
+ if (EFI_ERROR (TdxHelperMeasureCfvImage ())) {
+ CpuDeadLoop ();
+ }
+
+ //
// For Td guests, the memory map info is in TdHobLib. It should be processed
// first so that the memory is accepted. Otherwise access to the unaccepted
// memory will trigger tripple fault.
|