mirror of
https://github.com/Dasharo/systemd.git
synced 2026-03-06 15:02:31 -08:00
7ff0e0a5e0
In confidential computing, a virtual firmware may support measurement and event log based upon the hardware Trusted Execution Environment (TEE) capability. The UEFI specification defines an interface between the virtual guest OS and virtual firmware as EFI_CC_MEASUREMENT_PROTOCOL. The (vendor specific) measurements are captured in the CC eventlog that follows the TCG2 format. OVMF virtual firmware has the EFI_CC_MEASUREMENT_PROTOCOL support for Intel Trust Domain Extensions (TDX). Intel TDX has 4 runtime measurement registers (RTMR) defined as: RTMR[0] for TDVF configuration RTMR[1] for the TD OS loader and kernel RTMR[2] for the OS application RTMR[3] reserved for special usage only The RTMR to PCR mappings are defined in the UEFI Spec 2.10 Section 38.4.1 as follows: TPM PCR Index | CC Measurement Register Index | TDX-measurement register ------------------------------------------------------------------------ 0 | 0 | MRTD 1, 7 | 1 | RTMR[0] 2-6 | 2 | RTMR[1] 8-15 | 3 | RTMR[2] The CC measurement eventlog is currently exposed as a raw CCEL ACPI table by the guest OS and the events can be replayed to check log matches with the RTMR values. Add EFI CC measurement protocol to stub to get the UKI components measured and included in the remote attestation reports when vTPMs are not available.