Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to prevent untrusted BIOS from loading compromised P-SEAM loader? #4

Open
JaewonHur opened this issue Jul 17, 2024 · 1 comment

Comments

@JaewonHur
Copy link

Hi, I am studying the loading procedure of TDX module,

Based on the SDMs, I found that ensuring the initial integrity of P-SEAM loader (which is loaded into the SEAM Range) is the key to protect following modules (e.g., TDX module, TDVMs).

Also, I read that NP-SEAM loader (authenticated by Intel) is responsible to load the P-SEAM loader.

However, aren't there any possibility that untrusted BIOS loads its own compromised P-SEAM loader and finalizes SEAM Range by configuring SEAMRR MSRs?

Is there any hardware mechanism that prevents untrusted BIOS from writing SEAMRR MSRs?

I could not find any information from the SDMs.

@iaxel77
Copy link

iaxel77 commented Jul 23, 2024

Thank you for showing interest in our TDX technology.
P-SEAM Loader can only be loaded by NP-SEAM Loader and both are part of the same Intel signed binary. Intel’s SEAM architecture prevents loading a non-Intel P-SEAM Loader.

Please find more details here:
Documentation for Intel® Trust Domain Extensions

Specifically in the following documents:
Intel CPU Architectural Extensions Specification
Intel TDX Loader Interface Specification

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants