Enable measurements for Intel TDX
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| edk2 (Ubuntu) |
Fix Released
|
Undecided
|
dann frazier | ||
Bug Description
In the scope of enabling the TDX on 24.04, remote attestation feature of TDX needs measurements to be enabled in the firmware.
Right now, the feature is disable (CC_MEASUREMENT
Here is an snippet example on how to do it:
diff --git a/debian/rules b/debian/rules
index 116c9c74b7.
--- a/debian/rules
+++ b/debian/rules
@@ -30,6 +30,7 @@ COMMON_FLAGS = -DNETWORK_
COMMON_FLAGS += -DNETWORK_
COMMON_FLAGS += -DNETWORK_
COMMON_FLAGS += -DSECURE_
+COMMON_FLAGS += -DCC_MEASUREMEN
COMMON_FLAGS += $(PCD_FLAGS)
OVMF_COMMON_FLAGS = $(COMMON_FLAGS)
OVMF_COMMON_FLAGS += -DTPM2_ENABLE=TRUE
The firmware with this change has been tested and did not show any regression. The test cases can be found here : https:/
| Paride Legovini (paride) wrote | #1 |
| dann frazier (dannf) wrote | #2 |
| Changed in edk2 (Ubuntu): | |
| assignee: | nobody → dann frazier (dannf) |
| Changed in edk2 (Ubuntu): | |
| status: | New → Fix Committed |
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in edk2 (Ubuntu): | |
| status: | Fix Committed → Fix Released |
@dann I am not familiar with the package but this looks reasonable. Will you handle this on the Debian side?