Skip to content

Commit

Permalink
OvmfPkg/OvmfPkgX64: Set default value of CC_MEASUREMENT_ENABLE to TRUE
Browse files Browse the repository at this point in the history 
CC_MEASUREMENT_ENABLE is designed to control the loading of TdTcg2Dxe
driver which is for EFI_CC_MEASUREMENT_PROTOCOL. TdTcg2Dxe is TD-Guest
specific driver.

From the security perspective a TD-Guest shall always load the TdTcg2Dxe
driver so that EFI_CC_MEASUREMENT_PROTOCOL is installed and booting
events are measured and extended to RTMRs.

TdTcg2Dxe will check if it is running in a TD-Guest. If not then it
returns right now and no EFI_CC_MEASUREMENT_PROTOCOL is installed.

Cc: Ard Biesheuvel <[email protected]>
Cc: Jiewen Yao <[email protected]>
Cc: Gerd Hoffmann <[email protected]>
Cc: Erdem Aktas <[email protected]>
Cc: Tom Lendacky <[email protected]>
Cc: Michael Roth <[email protected]>
Signed-off-by: Min Xu <[email protected]>
  • Loading branch information
@mxu9 @mergify
mxu9 authored and mergify[bot] committed Jul 12, 2024
1 parent 2e7230f commit 2b6d0eb
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
4 changes: 2 additions & 2 deletions OvmfPkg/IntelTdx/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,8 +61,8 @@ Build
cd /path/to/edk2
source edksetup.sh
## without CC_MEASUREMENT enabled
build -p OvmfPkg/OvmfPkgX64.dsc -a X64 -t GCC5 -b RELEASE
## CC_MEASUREMENT disabled
build -p OvmfPkg/OvmfPkgX64.dsc -a X64 -t GCC5 -D CC_MEASUREMENT_ENABLE=FALSE -b RELEASE
## CC_MEASUREMENT enabled
build -p OvmfPkg/OvmfPkgX64.dsc -a X64 -t GCC5 -D CC_MEASUREMENT_ENABLE=TRUE -b RELEASE
Expand Down
2 changes: 1 addition & 1 deletion OvmfPkg/OvmfPkgX64.dsc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE SMM_REQUIRE = FALSE
DEFINE SOURCE_DEBUG_ENABLE = FALSE
DEFINE CC_MEASUREMENT_ENABLE = FALSE
DEFINE CC_MEASUREMENT_ENABLE = TRUE

!include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc

Expand Down

0 comments on commit 2b6d0eb

Please sign in to comment.