tools/tdx-measure: address upstream RTMR calculation changes

This commit [^1] changed the way RTMR 0 and RTMR 1 are calculated when booting a TD in OVMF. The separator got moved from RTMR 0 to RTMR 1, which means we just have to do the same in our precalculation tool. [^1]: tianocore/edk2@efaf893#diff-d7a1c39ce3475b95ef5d09de899d1114395bab0ce6280ee455680c8792e1867aR2171
edgelesssys · Dec 18, 2024 · a86e0a5 · a86e0a5
1 parent aa10752
commit a86e0a5
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/tools/tdx-measure/rtmr/rtmr.go b/tools/tdx-measure/rtmr/rtmr.go
@@ -237,8 +237,6 @@ func CalcRtmr0(firmware []byte) ([48]byte, error) {
 	}
 	rtmr.extendVariableValue(boot0000)
 
-	rtmr.extendSeparator()
-
 	return rtmr.Get(), nil
 }
 
@@ -254,6 +252,10 @@ func CalcRtmr1(kernelFile, initrdFile []byte) ([48]byte, error) {
 
 	// https://github.com/tianocore/edk2/blob/0f3867fa6ef0553e26c42f7d71ff6bdb98429742/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c#L2155
 	rtmr.hashAndExtend([]byte("Calling EFI Application from Boot Option"))
+
+	// https://github.com/tianocore/edk2/blob/efaf8931bbfa33a81b8792fbf9e2ccc239d53204/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c#L2171
+	rtmr.extendSeparator()
+
 	// https://github.com/tianocore/edk2/blob/0f3867fa6ef0553e26c42f7d71ff6bdb98429742/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c#L2243
 	rtmr.hashAndExtend([]byte("Exit Boot Services Invocation"))
 	// https://github.com/tianocore/edk2/blob/0f3867fa6ef0553e26c42f7d71ff6bdb98429742/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c#L2254