Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AP-TEE event log #29

Closed
jyao1 opened this issue Dec 6, 2023 · 10 comments
Closed

AP-TEE event log #29

jyao1 opened this issue Dec 6, 2023 · 10 comments

Comments

@jyao1
Copy link
Contributor

jyao1 commented Dec 6, 2023

Since AP-TEE includes dynamic_measurements, should AP-TEE also need measurement event log?

Other attestation related spec defined the event log clearly, such as

Do we want to use similar concept to add RISC-V extension for CC event log?

This is a direction check. If we do want to, we can work out next level detail.

For example, we may need add an extension to UEFI spec

#define EFI_CC_TYPE_RISCV_COVE  3
@rsahita
Copy link
Collaborator

rsahita commented Jan 16, 2024

This is a good idea to maintain compatibility @jyao1 - would this add requirements into the CoVE ABI or would it be limited to the UEFI (TVM guest firmware)?

@jyao1
Copy link
Contributor Author

jyao1 commented Jan 21, 2024

My recommendation is:

  1. Submit RISCV COVE proposal to UEFI specification. If you agree, I can help on this.
  2. Just mention CoVE ABI, that: if a UEFI firmware is used to initialize the RISCV COVE guest environment, then refer to UEFI specification confidential computing chapter for CC runtime measurement extension and event log creation.

@sameo
Copy link
Collaborator

sameo commented Jan 21, 2024
edited
Loading

My recommendation is:

1. Submit RISCV COVE proposal to UEFI specification. If you agree, I can help on this.

I think we should proceed with that, yes. @rsahita do you agree?

2. Just mention CoVE ABI, that: if a UEFI firmware is used to initialize the RISCV COVE guest environment, then refer to UEFI specification [confidential computing chapter](https://uefi.org/specs/UEFI/2.10/38_Confidential_Computing.html) for CC runtime measurement extension and event log creation.

Right, so there would not be any CoVE ABI impact, but only a spec addition describing that if a TVM boots a UEFI firmware, then it may provide the UEFI CC protocol (unless the firmware implements a full virtual TPM iiuc).

@jyao1
Copy link
Contributor Author

jyao1 commented Jan 31, 2024

@rsahita do we reach consensus to submit UEFI spec change?

@rsahita
Copy link
Collaborator

rsahita commented Feb 23, 2024

sorry for the delay - yes lets submit the required request to the UEFI spec

@rsahita
Copy link
Collaborator

rsahita commented Mar 10, 2024

@jyao1 @sameo

@rsahita
Copy link
Collaborator

rsahita commented Mar 20, 2024
edited
Loading

added a note in spec - PR #73
cc @jyao1

@jyao1
Copy link
Contributor Author

jyao1 commented Mar 23, 2024
edited
Loading

Thanks @rsahita, I created
CodeFirst - Add RISC-V CC-EventLog 002.docx.

Please review it and feedback.

Once we agree the content in AP-TEE TG, we can submit to UEFI together.

@jyao1
Copy link
Contributor Author

jyao1 commented Mar 27, 2024
edited
Loading

Thank you @rsahita, I have submitted to https://bugzilla.tianocore.org/show_bug.cgi?id=4738, and UEFI mantis 2449.

Update CodeFirst.-.Add.RISC-V.CC-EventLog.003.docx with informative text - adding URL for AP-TEE.

@rsahita
Copy link
Collaborator

rsahita commented Apr 5, 2024

thanks - closing this issue.

@rsahita rsahita closed this as completed Apr 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sameo @rsahita @jyao1