applied/ubuntu/hirsute-tdx : lp:~kenplusplus/ubuntu/+source/shim : Git : Code : shim package : Ubuntu

Get this branch:: git clone -b applied/ubuntu/hirsute-tdx https://git.launchpad.net/~kenplusplus/ubuntu/+source/shim

Only Lu Ken can upload to this branch. If you are Lu Ken please log in for upload directions.

Branch merges

Branch information

Name:: applied/ubuntu/hirsute-tdx

Repository:: lp:~kenplusplus/ubuntu/+source/shim

Recent commits

e691be9... by Lu Ken on 2021-07-04

Enable TDX measurement to RTMR register

Intel Trust Domain Extensions(Intel TDX) refers to an Intel technology
that extends Virtual Machine Extensions(VMX) and Multi-Key Total Memory
Encryption(MK-TME) with a new kind of virtual machine guest called a
Trust Domain(TD)[1]. A TD runs in a CPU mode that protects the confidentiality
of its memory contents and its CPU state from any other software, including
the hosting Virtual Machine Monitor (VMM).

Trust Domain Virtual Firmware (TDVF) is required to provide TD services to
the TD guest OS.[2] Its reference code is available at https://github.com/tianocore/edk2-staging/tree/TDVF.

To support TD measurement/attestation, TDs provide 4 RTMR registers like
TPM/TPM2 PCR as below:
- RTMR[0] is for TDVF configuration
- RTMR[1] is for the TD OS loader and kernel
- RTMR[2] is for the OS application
- RTMR[3] is reserved for special usage only

This patch adds TD Measurement protocol support along with TPM/TPM2 protocol.

References:
[1] https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-whitepaper-v4.pdf
[2] https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-virtual-firmware-design-guide-rev-1.pdf