[svsm-devel] SVSM Development Call - June 12th, 2024

Yao, Jiewen jiewen.yao at intel.com
Wed Jun 12 12:22:22 CEST 2024 

Comment below:


> -----Original Message-----
> From: Svsm-devel <svsm-devel-bounces at coconut-svsm.dev> On Behalf Of
> Stefano Garzarella
> Sent: Wednesday, June 12, 2024 6:01 PM
> To: Claudio Siqueira de Carvalho <cclaudio at ibm.com>
> Cc: James.Bottomley at HansenPartnership.com; linux-coco at lists.linux.dev; svsm-
> devel at coconut-svsm.dev
> Subject: Re: [svsm-devel] SVSM Development Call - June 12th, 2024
> 
> Hi Claudio,
> 
> On Tue, Jun 11, 2024 at 10:46 PM Claudio Siqueira de Carvalho
> <cclaudio at ibm.com> wrote:
> >
> > Hi,
> >
> > I would like to add two topics to the SVSM meeting agenda:
> 
> I won't be able to participate in today's call because I'm on my way
> to Brno for DevConf, so I post a few thoughts below.
> 
> >
> > - What does TPM locality[1] mean for the SVSM vTPM?
> 
> Interesting, IIUC an example could be to use different "localities"
> for SVSM itself, edk2, kernel, etc.  right ?

[Jiewen] The main usage of TPM locality is to support DRTM model, but not SRTM.
I am not sure the value to support locality if we just adopt SRTM.



> 
> > - Is there any SVSM boot event that we want to record in the TPM PCRs/Event
> log?
> > E.g. a SVSM configuration, the OVMF hash, etc
> 
> Talking with Daniel, it seems that now EDK2 is self-measuring itself
> in PCR0, so maybe it would be better to do this in SVSM.
> So it would be nice to have SVSM measuring itself in PCR0, SVSM
> measuring EDK2 in PCR0, and EDK2 stopping doing it.

[Jiewen] Yes. Intel is working on a patch to let SVSM measure EDK2 OVMF directly to PCR[0].
With this change, the EDK2 OVMF over SVSM will skip the PCR[0] measurement but only create event log.



> 
> Obviously SVSM and EDK2 are already measured by the SNP attestation
> report, so it's not a blocking thing for now, since the guest OS can
> use that mechanism to measure them.
> 
> Thanks for raising these topics!
> Stefano
> 
> >
> > [1]
> > https://trustedcomputinggroup.org/wp-content/uploads/PC-Client-Specific-
> Platform-TPM-Profile-for-TPM-2p0-v1p05p_r14_pub.pdf
> >
> > Thanks,
> > Claudio
> > --
> > Svsm-devel mailing list
> > Svsm-devel at coconut-svsm.dev
> > https://mail.8bytes.org/cgi-bin/mailman/listinfo/svsm-devel
> >
> 
> --
> Svsm-devel mailing list
> Svsm-devel at coconut-svsm.dev
> https://mail.8bytes.org/cgi-bin/mailman/listinfo/svsm-devel

More information about the Svsm-devel mailing list