CC_MEASUREMENT_ENABLE is designed to control the loading of TdTcg2Dxe driver which is for EFI_CC_MEASUREMENT_PROTOCOL. TdTcg2Dxe is TD-Guest specific driver.

From the security perspective a TD-Guest shall always load the TdTcg2Dxe driver so that EFI_CC_MEASUREMENT_PROTOCOL is installed and booting events are measured and extended to RTMRs.

TdTcg2Dxe will check if it is running in a TD-Guest. If not then it returns right now and no EFI_CC_MEASUREMENT_PROTOCOL is installed.

Cc: Ard Biesheuvel ardb+tianocore@kernel.org Cc: Jiewen Yao jiewen.yao@intel.com Cc: Gerd Hoffmann kraxel@redhat.com Cc: Erdem Aktas erdemaktas@google.com Cc: Tom Lendacky thomas.lendacky@amd.com Cc: Michael Roth michael.roth@amd.com

Description

<_Include a description of the change and why this change was made._> <_For each item, place an "x" in between `[` and `]` if true. Example: `[x]` (you can also check items in GitHub UI)_> <_Create the PR as a Draft PR if it is only created to run CI checks._> <_Delete lines in \<\> tags before creating the PR._> - [ ] Breaking change? - **Breaking change** - Does this PR cause a break in build or boot behavior? - Examples: Does it add a new library class or move a module to a different repo. - [ ] Impacts security? - **Security** - Does this PR have a direct security impact? - Examples: Crypto algorithm change or buffer overflow fix. - [ ] Includes tests? - **Tests** - Does this PR include any explicit test code? - Examples: Unit tests or integration tests. ## How This Was Tested <_Describe the test(s) that were run to verify the changes._> ## Integration Instructions <_Describe how these changes should be integrated. Use N/A if nothing is required._>

tianocore / edk2

OvmfPkgX64: Set default value of CC_MEASUREMENT_ENABLE to TRUE #5900

Description