[V2] Enable TDX measurement to RTMR register

[kenplusplus]

Intel Trust Domain Extensions(Intel TDX) refers to an Intel technology that extends Virtual Machine Extensions(VMX) and Multi-Key Total Memory Encryption(MK-TME) with a new kind of virtual machine guest called a Trust Domain(TD)[1]. A TD runs in a CPU mode that protects the confidentiality of its memory contents and its CPU state from any other software, including the hosting Virtual Machine Monitor (VMM).

Trust Domain Virtual Firmware (TDVF) is required to provide Intel TDX implementation and service for EFI_CC_MEASUREMENT_PROTOCOL[2]. The bugzilla for TDVF is at https://bugzilla.tianocore.org/show_bug.cgi?id=3625.

To support CC measurement/attestation with Intel TDX technology, following 4 RTMR registers will be extended by TDX service like TPM/TPM2 PCR:

• RTMR[0] is for TDVF configuration
• RTMR[1] is for the TD OS loader and kernel
• RTMR[2] is for the OS application
• RTMR[3] is reserved for special usage only

This patch adds TDX Implementation for CC Measurement protocol along with TPM/TPM2 protocol.

References: [1] https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-whitepaper-v4.pdf [2] https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-virtual-firmware-design-guide-rev-1.pdf [3] https://software.intel.com/content/dam/develop/external/us/en/documents/intel-tdx-guest-hypervisor-communication-interface-1.0-344426-002.pdf

Signed-off-by: Lu Ken ken.lu@intel.com

[kenplusplus]

Sorry for later response, since wait for the review of similar grub's patch at https://www.mail-archive.com/grub-devel@gnu.org/msg34244.html.

I resubmitted this V2 patch and close the previous one at https://github.com/rhboot/shim/pull/388:

1. Rebase from shim-15.4 to shim-15.5
2. Clean up unncessary comments for the CC structure to align with tpm1 & 2's structure.
3. Clean up the indentations to use tab

[kraxel]

Latest version looks fine to me.

[tuanggolt]

ok

[kenplusplus]

Hello, Sound like The CI build failure is caused by the code in mock-variables.c which is not related this commit. Do you need me rebase this patch to 15.6?

[frozencemetery]

Do you need me rebase this patch to 15.6?

Yes - your patch is targeted for main, so it should be based on main.

[kenplusplus]

@frozencemetery Thanks! I resubmitted V3 PR https://github.com/rhboot/shim/pull/485 , targeting to main branch. Could we close this PR and move to new V3 PR?

[frozencemetery]

Yes. Couple notes though:

• I believe you as the person who opened the PR are able to close your own PRs.
• You don't need to open a new PR - in the future you can just git push --force the branch.