Ensuring the measurement register value(s) corresponds to an enclave running the entropy-tss binary #6

ameba23 · 2024-11-29T13:03:03Z

The MRTD register holds the build time measurement for an enclave, and is included in a TDX quote report.

We hope to use this value to determine whether validators are running the VM image from our release.

But currently, it seems that when binaries in the VM image .qcow2 file are modified, the MRTD value given in quotes does not change.

In the Whitepaper linux stacks for intel TDX v1.0 section 3.3, and section 4.2.3 it mentions that the secure boot variables are statically measured into the MRTD.

I'm not sure if this means we need to use secure boot (with Open Virtual Machine Firmware), or if there is some other way of ensuring that our binary gets used in the calculation of the MRTD value.

The canonical tutorial gives an example of using secure boot, but only with virsh (and i am currently using qemu). There are examples elsewhere of using secure boot with qemu.

The text was updated successfully, but these errors were encountered:

ameba23 · 2024-12-10T11:26:58Z

Other projects have solved this problem by instead using the fourth runtime measurement register (rtmr3) which is based on an append-only 'event log' which can be extended with arbitrary data, such as a proof.

ameba23 · 2025-01-06T08:14:30Z

Here is the TDX event log for one of our CVMs, which should give an idea of how RTMR 0, 1 and 2 are computed:

tdx@tdx-guest:~$ sudo tdx_eventlogs
=> Read CCEL ACPI Table
00000000  43 43 45 4C 38 00 00 00 01 C8 49 4E 54 45 4C 20  CCEL8.....INTEL
00000010  45 44 4B 32 20 20 20 20 02 00 00 00 20 20 20 20  EDK2    ....
00000020  13 00 00 01 02 00 00 00 00 00 01 00 00 00 00 00  ................
00000030  00 F0 BE 7F 00 00 00 00                          ........
Revision:     1
Length:       56
Checksum:     C8
OEM ID:       b'INTEL '
CC Type:      2
CC Sub-type:  0
Log Lenght:   0x00010000
Log Address:  0x7FBEF000

=> Read Event Log Data - Address: 0x7FBEF000(0x10000)
==== TDX Event Log Entry - 0 [0x7FBEF000] ====
RTMR              : 0
Type              : 3 (EV_NO_ACTION)
Length            : 65
Algorithms Number : 1
  Algorithms[0xC] Size: 384
RAW DATA: ----------------------------------------------
7FBEF000  01 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEF010  00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00  ............!...
7FBEF020  53 70 65 63 20 49 44 20 45 76 65 6E 74 30 33 00  Spec ID Event03.
7FBEF030  00 00 00 00 00 02 00 02 01 00 00 00 0C 00 30 00  ..............0.
7FBEF040  00                                               .
RAW DATA: ----------------------------------------------
==== TDX Event Log Entry - 1 [0x7FBEF041] ====
RTMR              : 0
Type              : 0x8000000B (UNKNOWN)
Length            : 108
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  0B 87 72 E5 B0 B4 1B 83 E6 04 4A 68 39 7E 02 F4  ..r.......Jh9~..
00000010  9F B4 70 66 B4 FB E4 91 7E A2 C4 5C 64 F3 23 FD  ..pf....~..\d.#.
00000020  AC BB 37 94 8F 82 1E BA F8 BC 9C 93 8B A8 A7 49  ..7............I
RAW DATA: ----------------------------------------------
7FBEF041  01 00 00 00 0B 00 00 80 01 00 00 00 0C 00 0B 87  ................
7FBEF051  72 E5 B0 B4 1B 83 E6 04 4A 68 39 7E 02 F4 9F B4  r.......Jh9~....
7FBEF061  70 66 B4 FB E4 91 7E A2 C4 5C 64 F3 23 FD AC BB  pf....~..\d.#...
7FBEF071  37 94 8F 82 1E BA F8 BC 9C 93 8B A8 A7 49 2A 00  7............I*.
7FBEF081  00 00 09 54 64 78 54 61 62 6C 65 00 01 00 00 00  ...TdxTable.....
7FBEF091  00 00 00 00 AF 96 BB 93 F2 B9 B8 4E 94 62 E0 BA  ...........N.b..
7FBEF0A1  74 56 42 36 00 90 80 00 00 00 00 00              tVB6........
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 2 [0x7FBEF0AD] ====
RTMR              : 0
Type              : 0x8000000A (UNKNOWN)
Length            : 124
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  34 4B C5 1C 98 0B A6 21 AA A0 0D A3 ED 74 36 F7  4K.....!.....t6.
00000010  D6 E5 49 19 7D FE 69 95 15 DF A2 C6 58 3D 95 E6  ..I.}.i.....X=..
00000020  41 2A F2 1C 09 7D 47 31 55 87 5F FD 56 1D 67 90  A*...}G1U._.V.g.
RAW DATA: ----------------------------------------------
7FBEF0AD  01 00 00 00 0A 00 00 80 01 00 00 00 0C 00 34 4B  ..............4K
7FBEF0BD  C5 1C 98 0B A6 21 AA A0 0D A3 ED 74 36 F7 D6 E5  .....!.....t6...
7FBEF0CD  49 19 7D FE 69 95 15 DF A2 C6 58 3D 95 E6 41 2A  I.}.i.....X=..A*
7FBEF0DD  F2 1C 09 7D 47 31 55 87 5F FD 56 1D 67 90 3A 00  ...}G1U._.V.g.:.
7FBEF0ED  00 00 29 46 76 28 58 58 58 58 58 58 58 58 2D 58  ..)Fv(XXXXXXXX-X
7FBEF0FD  58 58 58 2D 58 58 58 58 2D 58 58 58 58 2D 58 58  XXX-XXXX-XXXX-XX
7FBEF10D  58 58 58 58 58 58 58 58 58 58 29 00 00 00 C0 FF  XXXXXXXXXX).....
7FBEF11D  00 00 00 00 00 40 08 00 00 00 00 00              .....@......
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 3 [0x7FBEF129] ====
RTMR              : 0
Type              : 0x80000001 (EV_EFI_VARIABLE_DRIVER_CONFIG)
Length            : 118
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  9D C3 A1 F8 0B CE C9 15 39 1D CD A5 FF BB 15 E7  ........9.......
00000010  41 9F 77 EA B4 62 BB F7 2B 42 16 6F B7 0D 50 32  A.w..b..+B.o..P2
00000020  5E 37 B3 6F 93 53 7A 86 37 69 BC F9 BE DA E6 FB  ^7.o.Sz.7i......
RAW DATA: ----------------------------------------------
7FBEF129  01 00 00 00 01 00 00 80 01 00 00 00 0C 00 9D C3  ................
7FBEF139  A1 F8 0B CE C9 15 39 1D CD A5 FF BB 15 E7 41 9F  ......9.......A.
7FBEF149  77 EA B4 62 BB F7 2B 42 16 6F B7 0D 50 32 5E 37  w..b..+B.o..P2^7
7FBEF159  B3 6F 93 53 7A 86 37 69 BC F9 BE DA E6 FB 34 00  .o.Sz.7i......4.
7FBEF169  00 00 61 DF E4 8B CA 93 D2 11 AA 0D 00 E0 98 03  ..a.............
7FBEF179  2B 8C 0A 00 00 00 00 00 00 00 00 00 00 00 00 00  +...............
7FBEF189  00 00 53 00 65 00 63 00 75 00 72 00 65 00 42 00  ..S.e.c.u.r.e.B.
7FBEF199  6F 00 6F 00 74 00                                o.o.t.
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 4 [0x7FBEF19F] ====
RTMR              : 0
Type              : 0x80000001 (EV_EFI_VARIABLE_DRIVER_CONFIG)
Length            : 102
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  6F 2E 3C BC 14 F9 DE F8 69 80 F5 F6 6F D8 5E 99  o.<.....i...o.^.
00000010  D6 3E 69 A7 30 14 ED 8A 56 33 CE 56 EC A5 B6 4B  .>i.0...V3.V...K
00000020  69 21 08 C5 61 10 E2 2A CA DC EF 58 C3 25 0F 1B  i!..a..*...X.%..
RAW DATA: ----------------------------------------------
7FBEF19F  01 00 00 00 01 00 00 80 01 00 00 00 0C 00 6F 2E  ..............o.
7FBEF1AF  3C BC 14 F9 DE F8 69 80 F5 F6 6F D8 5E 99 D6 3E  <.....i...o.^..>
7FBEF1BF  69 A7 30 14 ED 8A 56 33 CE 56 EC A5 B6 4B 69 21  i.0...V3.V...Ki!
7FBEF1CF  08 C5 61 10 E2 2A CA DC EF 58 C3 25 0F 1B 24 00  ..a..*...X.%..$.
7FBEF1DF  00 00 61 DF E4 8B CA 93 D2 11 AA 0D 00 E0 98 03  ..a.............
7FBEF1EF  2B 8C 02 00 00 00 00 00 00 00 00 00 00 00 00 00  +...............
7FBEF1FF  00 00 50 00 4B 00                                ..P.K.
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 5 [0x7FBEF205] ====
RTMR              : 0
Type              : 0x80000001 (EV_EFI_VARIABLE_DRIVER_CONFIG)
Length            : 104
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  D6 07 C0 EF B4 1C 0D 75 7D 69 BC A0 61 5C 3A 9A  .......u}i..a\:.
00000010  C0 B1 DB 06 C5 57 D9 92 E9 06 C6 B7 DE E4 0E 0E  .....W..........
00000020  03 16 40 C7 BF D7 BC D3 58 44 EF 9E DE AD C6 F9  [email protected]......
RAW DATA: ----------------------------------------------
7FBEF205  01 00 00 00 01 00 00 80 01 00 00 00 0C 00 D6 07  ................
7FBEF215  C0 EF B4 1C 0D 75 7D 69 BC A0 61 5C 3A 9A C0 B1  .....u}i..a\:...
7FBEF225  DB 06 C5 57 D9 92 E9 06 C6 B7 DE E4 0E 0E 03 16  ...W............
7FBEF235  40 C7 BF D7 BC D3 58 44 EF 9E DE AD C6 F9 26 00  @.....XD......&.
7FBEF245  00 00 61 DF E4 8B CA 93 D2 11 AA 0D 00 E0 98 03  ..a.............
7FBEF255  2B 8C 03 00 00 00 00 00 00 00 00 00 00 00 00 00  +...............
7FBEF265  00 00 4B 00 45 00 4B 00                          ..K.E.K.
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 6 [0x7FBEF26D] ====
RTMR              : 0
Type              : 0x80000001 (EV_EFI_VARIABLE_DRIVER_CONFIG)
Length            : 102
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  08 A7 4F 89 63 B3 37 AC B6 C9 36 82 F9 34 49 63  ..O.c.7...6..4Ic
00000010  73 67 9D D2 6A F1 08 9C B4 EA F0 C3 0C F2 60 A1  sg..j.........`.
00000020  2E 81 48 56 38 5A B8 84 3E 56 A9 AC EA 19 E1 27  ..HV8Z..>V.....'
RAW DATA: ----------------------------------------------
7FBEF26D  01 00 00 00 01 00 00 80 01 00 00 00 0C 00 08 A7  ................
7FBEF27D  4F 89 63 B3 37 AC B6 C9 36 82 F9 34 49 63 73 67  O.c.7...6..4Icsg
7FBEF28D  9D D2 6A F1 08 9C B4 EA F0 C3 0C F2 60 A1 2E 81  ..j.........`...
7FBEF29D  48 56 38 5A B8 84 3E 56 A9 AC EA 19 E1 27 24 00  HV8Z..>V.....'$.
7FBEF2AD  00 00 CB B2 19 D7 3A 3D 96 45 A3 BC DA D0 0E 67  ......:=.E.....g
7FBEF2BD  65 6F 02 00 00 00 00 00 00 00 00 00 00 00 00 00  eo..............
7FBEF2CD  00 00 64 00 62 00                                ..d.b.
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 7 [0x7FBEF2D3] ====
RTMR              : 0
Type              : 0x80000001 (EV_EFI_VARIABLE_DRIVER_CONFIG)
Length            : 104
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  18 CC 6E 01 F0 C6 EA 99 AA 23 F8 A2 80 42 3E 94  ..n......#...B>.
00000010  AD 81 D9 6D 0A EB 51 80 50 4F C0 F7 A4 0C B3 61  ...m..Q.PO.....a
00000020  9D D3 9B D6 A9 5E C1 68 0A 86 ED 6A B0 F9 82 8D  .....^.h...j....
RAW DATA: ----------------------------------------------
7FBEF2D3  01 00 00 00 01 00 00 80 01 00 00 00 0C 00 18 CC  ................
7FBEF2E3  6E 01 F0 C6 EA 99 AA 23 F8 A2 80 42 3E 94 AD 81  n......#...B>...
7FBEF2F3  D9 6D 0A EB 51 80 50 4F C0 F7 A4 0C B3 61 9D D3  .m..Q.PO.....a..
7FBEF303  9B D6 A9 5E C1 68 0A 86 ED 6A B0 F9 82 8D 26 00  ...^.h...j....&.
7FBEF313  00 00 CB B2 19 D7 3A 3D 96 45 A3 BC DA D0 0E 67  ......:=.E.....g
7FBEF323  65 6F 03 00 00 00 00 00 00 00 00 00 00 00 00 00  eo..............
7FBEF333  00 00 64 00 62 00 78 00                          ..d.b.x.
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 8 [0x7FBEF33B] ====
RTMR              : 0
Type              : 0x4 (EV_SEPARATOR)
Length            : 70
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  39 43 41 B7 18 2C D2 27 C5 C6 B0 7E F8 00 0C DF  9CA..,.'...~....
00000010  D8 61 36 C4 29 2B 8E 57 65 73 AD 7E D9 AE 41 01  .a6.)+.Wes.~..A.
00000020  9F 58 18 B4 B9 71 C9 EF FC 60 E1 AD 9F 12 89 F0  .X...q...`......
RAW DATA: ----------------------------------------------
7FBEF33B  01 00 00 00 04 00 00 00 01 00 00 00 0C 00 39 43  ..............9C
7FBEF34B  41 B7 18 2C D2 27 C5 C6 B0 7E F8 00 0C DF D8 61  A..,.'...~.....a
7FBEF35B  36 C4 29 2B 8E 57 65 73 AD 7E D9 AE 41 01 9F 58  6.)+.Wes.~..A..X
7FBEF36B  18 B4 B9 71 C9 EF FC 60 E1 AD 9F 12 89 F0 04 00  ...q...`........
7FBEF37B  00 00 00 00 00 00                                ......
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 9 [0x7FBEF381] ====
RTMR              : 0
Type              : 0xA (EV_PLATFORM_CONFIG_FLAGS)
Length            : 75
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  F9 5E EC 58 60 C6 C0 6B D0 A0 7A A7 8F EC 17 A9  .^.X`..k..z.....
00000010  A9 B3 E7 48 3B B2 0D 75 88 D8 6A B4 96 8A 1E 91  ...H;..u..j.....
00000020  08 C0 F4 AC E4 29 BF FF AC F8 AF 15 43 B4 B1 B6  .....)......C...
RAW DATA: ----------------------------------------------
7FBEF381  01 00 00 00 0A 00 00 00 01 00 00 00 0C 00 F9 5E  ...............^
7FBEF391  EC 58 60 C6 C0 6B D0 A0 7A A7 8F EC 17 A9 A9 B3  .X`..k..z.......
7FBEF3A1  E7 48 3B B2 0D 75 88 D8 6A B4 96 8A 1E 91 08 C0  .H;..u..j.......
7FBEF3B1  F4 AC E4 29 BF FF AC F8 AF 15 43 B4 B1 B6 09 00  ...)......C.....
7FBEF3C1  00 00 41 43 50 49 20 44 41 54 41                 ..ACPI DATA
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 10 [0x7FBEF3CC] ====
RTMR              : 0
Type              : 0xA (EV_PLATFORM_CONFIG_FLAGS)
Length            : 75
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  3A 4C 13 EB 8F FE A2 1D F7 3E 5F 46 D9 9F BD 76  :L.......>_F...v
00000010  7D 1C EF 8D 44 CE A9 E3 7E 1E 25 A8 52 39 44 B7  }...D...~.%.R9D.
00000020  4E 8F 9D 0A CC F0 0A 52 8D 03 CE EA 92 B3 20 62  N......R...... b
RAW DATA: ----------------------------------------------
7FBEF3CC  01 00 00 00 0A 00 00 00 01 00 00 00 0C 00 3A 4C  ..............:L
7FBEF3DC  13 EB 8F FE A2 1D F7 3E 5F 46 D9 9F BD 76 7D 1C  .......>_F...v}.
7FBEF3EC  EF 8D 44 CE A9 E3 7E 1E 25 A8 52 39 44 B7 4E 8F  ..D...~.%.R9D.N.
7FBEF3FC  9D 0A CC F0 0A 52 8D 03 CE EA 92 B3 20 62 09 00  .....R...... b..
7FBEF40C  00 00 41 43 50 49 20 44 41 54 41                 ..ACPI DATA
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 11 [0x7FBEF417] ====
RTMR              : 0
Type              : 0xA (EV_PLATFORM_CONFIG_FLAGS)
Length            : 75
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  25 6F F2 CE E2 77 2F E2 85 5A DF 3B 31 EE BF D0  %o...w/..Z.;1...
00000010  CD 0E F2 2C 1B 87 F3 FE 5F F9 EB B8 EB 35 3C 93  ...,...._....5<.
00000020  BE 96 A1 4E 54 1D 0E 57 9D DE 5D 7D A8 C4 39 D1  ...NT..W..]}..9.
RAW DATA: ----------------------------------------------
7FBEF417  01 00 00 00 0A 00 00 00 01 00 00 00 0C 00 25 6F  ..............%o
7FBEF427  F2 CE E2 77 2F E2 85 5A DF 3B 31 EE BF D0 CD 0E  ...w/..Z.;1.....
7FBEF437  F2 2C 1B 87 F3 FE 5F F9 EB B8 EB 35 3C 93 BE 96  .,...._....5<...
7FBEF447  A1 4E 54 1D 0E 57 9D DE 5D 7D A8 C4 39 D1 09 00  .NT..W..]}..9...
7FBEF457  00 00 41 43 50 49 20 44 41 54 41                 ..ACPI DATA
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 12 [0x7FBEF462] ====
RTMR              : 0
Type              : 0x80000002 (EV_EFI_VARIABLE_BOOT)
Length            : 132
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  3B B1 E7 E6 DD 42 EA 34 9B D1 B3 16 01 24 1B 62  ;....B.4.....$.b
00000010  07 6E 2A B5 6C 22 39 0A 8A 1A 40 FB C1 A2 8D 50  .n*.l"[email protected]
00000020  D0 64 35 55 F4 FE 17 1D 90 B6 F1 E1 F3 B5 87 54  .d5U...........T
RAW DATA: ----------------------------------------------
7FBEF462  01 00 00 00 02 00 00 80 01 00 00 00 0C 00 3B B1  ..............;.
7FBEF472  E7 E6 DD 42 EA 34 9B D1 B3 16 01 24 1B 62 07 6E  ...B.4.....$.b.n
7FBEF482  2A B5 6C 22 39 0A 8A 1A 40 FB C1 A2 8D 50 D0 64  *.l"[email protected]
7FBEF492  35 55 F4 FE 17 1D 90 B6 F1 E1 F3 B5 87 54 42 00  5U...........TB.
7FBEF4A2  00 00 61 DF E4 8B CA 93 D2 11 AA 0D 00 E0 98 03  ..a.............
7FBEF4B2  2B 8C 09 00 00 00 00 00 00 00 10 00 00 00 00 00  +...............
7FBEF4C2  00 00 42 00 6F 00 6F 00 74 00 4F 00 72 00 64 00  ..B.o.o.t.O.r.d.
7FBEF4D2  65 00 72 00 07 00 00 00 01 00 02 00 03 00 04 00  e.r.............
7FBEF4E2  05 00 06 00                                      ....
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 13 [0x7FBEF4E6] ====
RTMR              : 0
Type              : 0x80000002 (EV_EFI_VARIABLE_BOOT)
Length            : 232
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  80 6B 53 C8 87 CC 0E 79 E6 DA BD D8 BE 46 E1 4B  .kS....y.....F.K
00000010  79 ED 03 74 8B C3 08 B6 E0 6B 70 F4 3B 4C EE A8  y..t.....kp.;L..
00000020  97 2F A4 BA CA CD 10 35 D8 46 CF C3 C0 07 3C 49  ./.....5.F....<I
RAW DATA: ----------------------------------------------
7FBEF4E6  01 00 00 00 02 00 00 80 01 00 00 00 0C 00 80 6B  ...............k
7FBEF4F6  53 C8 87 CC 0E 79 E6 DA BD D8 BE 46 E1 4B 79 ED  S....y.....F.Ky.
7FBEF506  03 74 8B C3 08 B6 E0 6B 70 F4 3B 4C EE A8 97 2F  .t.....kp.;L.../
7FBEF516  A4 BA CA CD 10 35 D8 46 CF C3 C0 07 3C 49 A6 00  .....5.F....<I..
7FBEF526  00 00 61 DF E4 8B CA 93 D2 11 AA 0D 00 E0 98 03  ..a.............
7FBEF536  2B 8C 08 00 00 00 00 00 00 00 76 00 00 00 00 00  +.........v.....
7FBEF546  00 00 42 00 6F 00 6F 00 74 00 30 00 30 00 30 00  ..B.o.o.t.0.0.0.
7FBEF556  37 00 01 00 00 00 62 00 55 00 62 00 75 00 6E 00  7.....b.U.b.u.n.
7FBEF566  74 00 75 00 00 00 04 01 2A 00 0F 00 00 00 00 28  t.u.....*......(
7FBEF576  00 00 00 00 00 00 00 50 03 00 00 00 00 00 66 7C  .......P......f|
7FBEF586  C0 AB FF E0 48 49 87 6D 86 F3 89 A9 63 65 02 02  ....HI.m....ce..
7FBEF596  04 04 34 00 5C 00 45 00 46 00 49 00 5C 00 75 00  ..4.\.E.F.I.\.u.
7FBEF5A6  62 00 75 00 6E 00 74 00 75 00 5C 00 73 00 68 00  b.u.n.t.u.\.s.h.
7FBEF5B6  69 00 6D 00 78 00 36 00 34 00 2E 00 65 00 66 00  i.m.x.6.4...e.f.
7FBEF5C6  69 00 00 00 7F FF 04 00                          i.......
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 14 [0x7FBEF5CE] ====
RTMR              : 0
Type              : 0x80000002 (EV_EFI_VARIABLE_BOOT)
Length            : 176
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  23 AD A0 7F 52 61 F1 2F 34 A0 BD 8E 46 76 09 62  #...Ra./4...Fv.b
00000010  D6 B4 D5 76 A4 16 F1 FE A1 C6 4B C6 56 B1 D2 8E  ...v......K.V...
00000020  AC F7 04 7A E6 E9 67 C5 8F D2 A9 8B FA 74 C2 98  ...z..g......t..
RAW DATA: ----------------------------------------------
7FBEF5CE  01 00 00 00 02 00 00 80 01 00 00 00 0C 00 23 AD  ..............#.
7FBEF5DE  A0 7F 52 61 F1 2F 34 A0 BD 8E 46 76 09 62 D6 B4  ..Ra./4...Fv.b..
7FBEF5EE  D5 76 A4 16 F1 FE A1 C6 4B C6 56 B1 D2 8E AC F7  .v......K.V.....
7FBEF5FE  04 7A E6 E9 67 C5 8F D2 A9 8B FA 74 C2 98 6E 00  .z..g......t..n.
7FBEF60E  00 00 61 DF E4 8B CA 93 D2 11 AA 0D 00 E0 98 03  ..a.............
7FBEF61E  2B 8C 08 00 00 00 00 00 00 00 3E 00 00 00 00 00  +.........>.....
7FBEF62E  00 00 42 00 6F 00 6F 00 74 00 30 00 30 00 30 00  ..B.o.o.t.0.0.0.
7FBEF63E  30 00 09 01 00 00 2C 00 55 00 69 00 41 00 70 00  0.....,.U.i.A.p.
7FBEF64E  70 00 00 00 04 07 14 00 C9 BD B8 7C EB F8 34 4F  p..........|..4O
7FBEF65E  AA EA 3E E4 AF 65 16 A1 04 06 14 00 21 AA 2C 46  ..>..e......!.,F
7FBEF66E  14 76 03 45 83 6E 8A B6 F4 66 23 31 7F FF 04 00  .v.E.n...f#1....
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 15 [0x7FBEF67E] ====
RTMR              : 0
Type              : 0x80000002 (EV_EFI_VARIABLE_BOOT)
Length            : 192
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  B2 E2 A1 B3 20 2E B1 32 FA 75 95 BA 25 BA 32 60  .... ..2.u..%.2`
00000010  48 24 2E F0 2A 6E B0 07 74 DD 3F 7E C5 52 6C C9  H$..*n..t.?~.Rl.
00000020  41 F9 F5 AC D2 41 65 AE 0C 5B FC F4 11 F6 8D 1E  A....Ae..[......
RAW DATA: ----------------------------------------------
7FBEF67E  01 00 00 00 02 00 00 80 01 00 00 00 0C 00 B2 E2  ................
7FBEF68E  A1 B3 20 2E B1 32 FA 75 95 BA 25 BA 32 60 48 24  .. ..2.u..%.2`H$
7FBEF69E  2E F0 2A 6E B0 07 74 DD 3F 7E C5 52 6C C9 41 F9  ..*n..t.?~.Rl.A.
7FBEF6AE  F5 AC D2 41 65 AE 0C 5B FC F4 11 F6 8D 1E 7E 00  ...Ae..[......~.
7FBEF6BE  00 00 61 DF E4 8B CA 93 D2 11 AA 0D 00 E0 98 03  ..a.............
7FBEF6CE  2B 8C 08 00 00 00 00 00 00 00 4E 00 00 00 00 00  +.........N.....
7FBEF6DE  00 00 42 00 6F 00 6F 00 74 00 30 00 30 00 30 00  ..B.o.o.t.0.0.0.
7FBEF6EE  31 00 01 00 00 00 16 00 55 00 45 00 46 00 49 00  1.......U.E.F.I.
7FBEF6FE  20 00 4D 00 69 00 73 00 63 00 20 00 44 00 65 00   .M.i.s.c. .D.e.
7FBEF70E  76 00 69 00 63 00 65 00 00 00 02 01 0C 00 D0 41  v.i.c.e........A
7FBEF71E  03 0A 00 00 00 00 01 01 06 00 00 02 7F FF 04 00  ................
7FBEF72E  4E AC 08 81 11 9F 59 4D 85 0E E2 1A 52 2C 59 B2  N.....YM....R,Y.
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 16 [0x7FBEF73E] ====
RTMR              : 0
Type              : 0x80000002 (EV_EFI_VARIABLE_BOOT)
Length            : 282
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  9D 89 6E 11 0D F8 8C 7D 1B C4 5C 61 C3 99 DA 52  ..n....}..\a...R
00000010  88 67 31 35 18 AC 9D BD F6 59 F0 0D 13 B5 E7 E3  .g15.....Y......
00000020  3E 14 E8 8F 14 E7 D6 AF 56 56 9D DA 0F CD 46 5B  >.......VV....F[
RAW DATA: ----------------------------------------------
7FBEF73E  01 00 00 00 02 00 00 80 01 00 00 00 0C 00 9D 89  ................
7FBEF74E  6E 11 0D F8 8C 7D 1B C4 5C 61 C3 99 DA 52 88 67  n....}..\a...R.g
7FBEF75E  31 35 18 AC 9D BD F6 59 F0 0D 13 B5 E7 E3 3E 14  15.....Y......>.
7FBEF76E  E8 8F 14 E7 D6 AF 56 56 9D DA 0F CD 46 5B D8 00  ......VV....F[..
7FBEF77E  00 00 61 DF E4 8B CA 93 D2 11 AA 0D 00 E0 98 03  ..a.............
7FBEF78E  2B 8C 08 00 00 00 00 00 00 00 A8 00 00 00 00 00  +...............
7FBEF79E  00 00 42 00 6F 00 6F 00 74 00 30 00 30 00 30 00  ..B.o.o.t.0.0.0.
7FBEF7AE  32 00 01 00 00 00 56 00 55 00 45 00 46 00 49 00  2.....V.U.E.F.I.
7FBEF7BE  20 00 50 00 58 00 45 00 76 00 34 00 20 00 28 00   .P.X.E.v.4. .(.
7FBEF7CE  4D 00 41 00 43 00 3A 00 35 00 32 00 35 00 34 00  M.A.C.:.5.2.5.4.
7FBEF7DE  30 00 30 00 31 00 32 00 33 00 34 00 35 00 36 00  0.0.1.2.3.4.5.6.
7FBEF7EE  29 00 00 00 02 01 0C 00 D0 41 03 0A 00 00 00 00  )........A......
7FBEF7FE  01 01 06 00 00 01 03 0B 25 00 52 54 00 12 34 56  ........%.RT..4V
7FBEF80E  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEF81E  00 00 00 00 00 00 00 00 00 00 01 03 0C 1B 00 00  ................
7FBEF82E  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEF83E  00 00 00 00 00 00 7F FF 04 00 4E AC 08 81 11 9F  ..........N.....
7FBEF84E  59 4D 85 0E E2 1A 52 2C 59 B2                    YM....R,Y.
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 17 [0x7FBEF858] ====
RTMR              : 0
Type              : 0x80000002 (EV_EFI_VARIABLE_BOOT)
Length            : 315
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  65 F2 3F B8 42 07 F5 5A 0B A3 28 56 EA 26 44 94  e.?.B..Z..(V.&D.
00000010  E5 23 25 0B D9 DB 6A C8 83 F5 E7 9A 46 F0 EE 57  .#%...j.....F..W
00000020  82 0D 5C 35 38 76 C8 71 0C E6 58 0E 4B 1C C9 60  ..\58v.q..X.K..`
RAW DATA: ----------------------------------------------
7FBEF858  01 00 00 00 02 00 00 80 01 00 00 00 0C 00 65 F2  ..............e.
7FBEF868  3F B8 42 07 F5 5A 0B A3 28 56 EA 26 44 94 E5 23  ?.B..Z..(V.&D..#
7FBEF878  25 0B D9 DB 6A C8 83 F5 E7 9A 46 F0 EE 57 82 0D  %...j.....F..W..
7FBEF888  5C 35 38 76 C8 71 0C E6 58 0E 4B 1C C9 60 F9 00  \58v.q..X.K..`..
7FBEF898  00 00 61 DF E4 8B CA 93 D2 11 AA 0D 00 E0 98 03  ..a.............
7FBEF8A8  2B 8C 08 00 00 00 00 00 00 00 C9 00 00 00 00 00  +...............
7FBEF8B8  00 00 42 00 6F 00 6F 00 74 00 30 00 30 00 30 00  ..B.o.o.t.0.0.0.
7FBEF8C8  33 00 01 00 00 00 77 00 55 00 45 00 46 00 49 00  3.....w.U.E.F.I.
7FBEF8D8  20 00 50 00 58 00 45 00 76 00 36 00 20 00 28 00   .P.X.E.v.6. .(.
7FBEF8E8  4D 00 41 00 43 00 3A 00 35 00 32 00 35 00 34 00  M.A.C.:.5.2.5.4.
7FBEF8F8  30 00 30 00 31 00 32 00 33 00 34 00 35 00 36 00  0.0.1.2.3.4.5.6.
7FBEF908  29 00 00 00 02 01 0C 00 D0 41 03 0A 00 00 00 00  )........A......
7FBEF918  01 01 06 00 00 01 03 0B 25 00 52 54 00 12 34 56  ........%.RT..4V
7FBEF928  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEF938  00 00 00 00 00 00 00 00 00 00 01 03 0D 3C 00 00  .............<..
7FBEF948  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEF958  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEF968  00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00  ......@.........
7FBEF978  00 00 00 00 00 00 00 7F FF 04 00 4E AC 08 81 11  ...........N....
7FBEF988  9F 59 4D 85 0E E2 1A 52 2C 59 B2                 .YM....R,Y.
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 18 [0x7FBEF993] ====
RTMR              : 0
Type              : 0x80000002 (EV_EFI_VARIABLE_BOOT)
Length            : 288
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  00 04 6B 41 FF 41 1C 58 EF 94 75 C2 2D 69 7B 35  ..kA.A.X..u.-i{5
00000010  BD 14 3E 88 22 B5 61 DE 31 65 53 8A 63 A4 34 4C  ..>.".a.1eS.c.4L
00000020  54 91 CB 64 6B 28 FE AB 94 03 F2 8A DE 7F 7C BA  T..dk(........|.
RAW DATA: ----------------------------------------------
7FBEF993  01 00 00 00 02 00 00 80 01 00 00 00 0C 00 00 04  ................
7FBEF9A3  6B 41 FF 41 1C 58 EF 94 75 C2 2D 69 7B 35 BD 14  kA.A.X..u.-i{5..
7FBEF9B3  3E 88 22 B5 61 DE 31 65 53 8A 63 A4 34 4C 54 91  >.".a.1eS.c.4LT.
7FBEF9C3  CB 64 6B 28 FE AB 94 03 F2 8A DE 7F 7C BA DE 00  .dk(........|...
7FBEF9D3  00 00 61 DF E4 8B CA 93 D2 11 AA 0D 00 E0 98 03  ..a.............
7FBEF9E3  2B 8C 08 00 00 00 00 00 00 00 AE 00 00 00 00 00  +...............
7FBEF9F3  00 00 42 00 6F 00 6F 00 74 00 30 00 30 00 30 00  ..B.o.o.t.0.0.0.
7FBEFA03  34 00 01 00 00 00 5A 00 55 00 45 00 46 00 49 00  4.....Z.U.E.F.I.
7FBEFA13  20 00 48 00 54 00 54 00 50 00 76 00 34 00 20 00   .H.T.T.P.v.4. .
7FBEFA23  28 00 4D 00 41 00 43 00 3A 00 35 00 32 00 35 00  (.M.A.C.:.5.2.5.
7FBEFA33  34 00 30 00 30 00 31 00 32 00 33 00 34 00 35 00  4.0.0.1.2.3.4.5.
7FBEFA43  36 00 29 00 00 00 02 01 0C 00 D0 41 03 0A 00 00  6.)........A....
7FBEFA53  00 00 01 01 06 00 00 01 03 0B 25 00 52 54 00 12  ..........%.RT..
7FBEFA63  34 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00  4V..............
7FBEFA73  00 00 00 00 00 00 00 00 00 00 00 00 01 03 0C 1B  ................
7FBEFA83  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEFA93  00 00 00 00 00 00 00 00 03 18 04 00 7F FF 04 00  ................
7FBEFAA3  4E AC 08 81 11 9F 59 4D 85 0E E2 1A 52 2C 59 B2  N.....YM....R,Y.
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 19 [0x7FBEFAB3] ====
RTMR              : 0
Type              : 0x80000002 (EV_EFI_VARIABLE_BOOT)
Length            : 321
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  7F F8 33 FD BB 0B 77 E1 4A 14 3B 85 C0 82 D4 6A  ..3...w.J.;....j
00000010  53 60 13 F8 A5 92 C8 79 3F 2A AD 0E 31 FD F3 04  S`.....y?*..1...
00000020  2F 8B A9 8B 0D F1 9B BD 4F 38 DA 6A F2 98 4E E9  /.......O8.j..N.
RAW DATA: ----------------------------------------------
7FBEFAB3  01 00 00 00 02 00 00 80 01 00 00 00 0C 00 7F F8  ................
7FBEFAC3  33 FD BB 0B 77 E1 4A 14 3B 85 C0 82 D4 6A 53 60  3...w.J.;....jS`
7FBEFAD3  13 F8 A5 92 C8 79 3F 2A AD 0E 31 FD F3 04 2F 8B  .....y?*..1.../.
7FBEFAE3  A9 8B 0D F1 9B BD 4F 38 DA 6A F2 98 4E E9 FF 00  ......O8.j..N...
7FBEFAF3  00 00 61 DF E4 8B CA 93 D2 11 AA 0D 00 E0 98 03  ..a.............
7FBEFB03  2B 8C 08 00 00 00 00 00 00 00 CF 00 00 00 00 00  +...............
7FBEFB13  00 00 42 00 6F 00 6F 00 74 00 30 00 30 00 30 00  ..B.o.o.t.0.0.0.
7FBEFB23  35 00 01 00 00 00 7B 00 55 00 45 00 46 00 49 00  5.....{.U.E.F.I.
7FBEFB33  20 00 48 00 54 00 54 00 50 00 76 00 36 00 20 00   .H.T.T.P.v.6. .
7FBEFB43  28 00 4D 00 41 00 43 00 3A 00 35 00 32 00 35 00  (.M.A.C.:.5.2.5.
7FBEFB53  34 00 30 00 30 00 31 00 32 00 33 00 34 00 35 00  4.0.0.1.2.3.4.5.
7FBEFB63  36 00 29 00 00 00 02 01 0C 00 D0 41 03 0A 00 00  6.)........A....
7FBEFB73  00 00 01 01 06 00 00 01 03 0B 25 00 52 54 00 12  ..........%.RT..
7FBEFB83  34 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00  4V..............
7FBEFB93  00 00 00 00 00 00 00 00 00 00 00 00 01 03 0D 3C  ...............<
7FBEFBA3  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEFBB3  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEFBC3  00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00  ........@.......
7FBEFBD3  00 00 00 00 00 00 00 00 00 03 18 04 00 7F FF 04  ................
7FBEFBE3  00 4E AC 08 81 11 9F 59 4D 85 0E E2 1A 52 2C 59  .N.....YM....R,Y
7FBEFBF3  B2                                               .
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 20 [0x7FBEFBF4] ====
RTMR              : 0
Type              : 0x80000002 (EV_EFI_VARIABLE_BOOT)
Length            : 202
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  F0 FB 2C DC C4 7B F2 04 B4 1A 85 8F 68 78 B5 80  ..,..{......hx..
00000010  9C 3A 9B F6 AC BD 5C 4A 13 0F 66 69 37 A7 10 07  .:....\J..fi7...
00000020  0C 5C F9 59 D3 B5 9C 80 07 B6 E6 30 18 09 7D 9A  .\.Y.......0..}.
RAW DATA: ----------------------------------------------
7FBEFBF4  01 00 00 00 02 00 00 80 01 00 00 00 0C 00 F0 FB  ................
7FBEFC04  2C DC C4 7B F2 04 B4 1A 85 8F 68 78 B5 80 9C 3A  ,..{......hx...:
7FBEFC14  9B F6 AC BD 5C 4A 13 0F 66 69 37 A7 10 07 0C 5C  ....\J..fi7....\
7FBEFC24  F9 59 D3 B5 9C 80 07 B6 E6 30 18 09 7D 9A 88 00  .Y.......0..}...
7FBEFC34  00 00 61 DF E4 8B CA 93 D2 11 AA 0D 00 E0 98 03  ..a.............
7FBEFC44  2B 8C 08 00 00 00 00 00 00 00 58 00 00 00 00 00  +.........X.....
7FBEFC54  00 00 42 00 6F 00 6F 00 74 00 30 00 30 00 30 00  ..B.o.o.t.0.0.0.
7FBEFC64  36 00 01 00 00 00 2C 00 45 00 46 00 49 00 20 00  6.....,.E.F.I. .
7FBEFC74  49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00  I.n.t.e.r.n.a.l.
7FBEFC84  20 00 53 00 68 00 65 00 6C 00 6C 00 00 00 04 07   .S.h.e.l.l.....
7FBEFC94  14 00 C9 BD B8 7C EB F8 34 4F AA EA 3E E4 AF 65  .....|..4O..>..e
7FBEFCA4  16 A1 04 06 14 00 83 A5 04 7C 3E 9E 1C 4F AD 65  .........|>..O.e
7FBEFCB4  E0 52 68 D0 B4 D1 7F FF 04 00                    .Rh.......
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 21 [0x7FBEFCBE] ====
RTMR              : 1
Type              : 0x80000007 (EV_EFI_ACTION)
Length            : 106
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  77 A0 DA B2 31 2B 4E 1E 57 A8 4D 86 5A 21 E5 B2  w...1+N.W.M.Z!..
00000010  EE 8D 67 7A 21 01 2A DA 81 9D 0A 98 98 80 78 D3  ..gz!.*.......x.
00000020  D7 40 F6 34 6B FE 0A BA A9 38 CA 20 43 9A 8D 71  [email protected]. C..q
RAW DATA: ----------------------------------------------
7FBEFCBE  02 00 00 00 07 00 00 80 01 00 00 00 0C 00 77 A0  ..............w.
7FBEFCCE  DA B2 31 2B 4E 1E 57 A8 4D 86 5A 21 E5 B2 EE 8D  ..1+N.W.M.Z!....
7FBEFCDE  67 7A 21 01 2A DA 81 9D 0A 98 98 80 78 D3 D7 40  gz!.*.......x..@
7FBEFCEE  F6 34 6B FE 0A BA A9 38 CA 20 43 9A 8D 71 28 00  .4k....8. C..q(.
7FBEFCFE  00 00 43 61 6C 6C 69 6E 67 20 45 46 49 20 41 70  ..Calling EFI Ap
7FBEFD0E  70 6C 69 63 61 74 69 6F 6E 20 66 72 6F 6D 20 42  plication from B
7FBEFD1E  6F 6F 74 20 4F 70 74 69 6F 6E                    oot Option
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 22 [0x7FBEFD28] ====
RTMR              : 0
Type              : 0x4 (EV_SEPARATOR)
Length            : 70
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  39 43 41 B7 18 2C D2 27 C5 C6 B0 7E F8 00 0C DF  9CA..,.'...~....
00000010  D8 61 36 C4 29 2B 8E 57 65 73 AD 7E D9 AE 41 01  .a6.)+.Wes.~..A.
00000020  9F 58 18 B4 B9 71 C9 EF FC 60 E1 AD 9F 12 89 F0  .X...q...`......
RAW DATA: ----------------------------------------------
7FBEFD28  01 00 00 00 04 00 00 00 01 00 00 00 0C 00 39 43  ..............9C
7FBEFD38  41 B7 18 2C D2 27 C5 C6 B0 7E F8 00 0C DF D8 61  A..,.'...~.....a
7FBEFD48  36 C4 29 2B 8E 57 65 73 AD 7E D9 AE 41 01 9F 58  6.)+.Wes.~..A..X
7FBEFD58  18 B4 B9 71 C9 EF FC 60 E1 AD 9F 12 89 F0 04 00  ...q...`........
7FBEFD68  00 00 00 00 00 00                                ......
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 23 [0x7FBEFD6E] ====
RTMR              : 1
Type              : 0x80000006 (EV_EFI_GPT_EVENT)
Length            : 678
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  CF 92 C6 82 C0 5B B8 D9 E9 2A 60 DA 14 D9 F7 E2  .....[...*`.....
00000010  D6 02 BD 8B 53 6E 9C 9D DB 8A 2E 3E 5E 64 98 44  ....Sn.....>^d.D
00000020  E6 0C 0D F8 AB E2 49 11 31 70 AE 40 04 4B 9C 5D  [email protected].]
RAW DATA: ----------------------------------------------
7FBEFD6E  02 00 00 00 06 00 00 80 01 00 00 00 0C 00 CF 92  ................
7FBEFD7E  C6 82 C0 5B B8 D9 E9 2A 60 DA 14 D9 F7 E2 D6 02  ...[...*`.......
7FBEFD8E  BD 8B 53 6E 9C 9D DB 8A 2E 3E 5E 64 98 44 E6 0C  ..Sn.....>^d.D..
7FBEFD9E  0D F8 AB E2 49 11 31 70 AE 40 04 4B 9C 5D 64 02  [email protected].]d.
7FBEFDAE  00 00 45 46 49 20 50 41 52 54 00 00 01 00 5C 00  ..EFI PART....\.
7FBEFDBE  00 00 76 F9 F0 41 00 00 00 00 01 00 00 00 00 00  ..v..A..........
7FBEFDCE  00 00 FF FF AF 06 00 00 00 00 22 00 00 00 00 00  ..........".....
7FBEFDDE  00 00 DE FF AF 06 00 00 00 00 9A 2C 46 11 AF F5  ...........,F...
7FBEFDEE  AA 48 A7 60 E3 09 B1 CA 0F 65 02 00 00 00 00 00  .H.`.....e......
7FBEFDFE  00 00 80 00 00 00 80 00 00 00 5F 9B 15 D1 04 00  .........._.....
7FBEFE0E  00 00 00 00 00 00 AF 3D C6 0F 83 84 72 47 8E 79  .......=....rG.y
7FBEFE1E  3D 69 D8 47 7D E4 B3 71 D2 60 06 1B 1A 41 94 90  =i.G}..q.`...A..
7FBEFE2E  D9 8B 7E 60 88 5F 00 08 20 00 00 00 00 00 DE FF  ..~`._.. .......
7FBEFE3E  AF 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEFE4E  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEFE5E  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEFE6E  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEFE7E  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEFE8E  00 00 00 00 00 00 48 61 68 21 49 64 6F 6E 74 4E  ......Hah!IdontN
7FBEFE9E  65 65 64 45 46 49 0D 3A 4C 3A C4 7C 5A 40 A6 AC  eedEFI.:L:.|Z@..
7FBEFEAE  FC 6D A7 51 4F D6 00 08 00 00 00 00 00 00 FF 27  .m.QO..........'
7FBEFEBE  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEFECE  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEFEDE  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEFEEE  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEFEFE  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEFF0E  00 00 00 00 00 00 28 73 2A C1 1F F8 D2 11 BA 4B  ......(s*......K
7FBEFF1E  00 A0 C9 3E C9 3B 66 7C C0 AB FF E0 48 49 87 6D  ...>.;f|....HI.m
7FBEFF2E  86 F3 89 A9 63 65 00 28 00 00 00 00 00 00 FF 77  ....ce.(.......w
7FBEFF3E  03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEFF4E  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEFF5E  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEFF6E  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEFF7E  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEFF8E  00 00 00 00 00 00 FF C2 13 BC E6 59 62 42 A3 52  ...........YbB.R
7FBEFF9E  B2 75 FD 6F 71 72 43 09 14 86 E8 10 5D 41 A5 DC  .u.oqrC.....]A..
7FBEFFAE  5B A1 04 C0 04 98 00 78 03 00 00 00 00 00 00 00  [......x........
7FBEFFBE  20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ...............
7FBEFFCE  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEFFDE  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEFFEE  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBEFFFE  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
7FBF000E  00 00 00 00 00 00                                ......
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 24 [0x7FBF0014] ====
RTMR              : 1
Type              : 0x80000003 (EV_EFI_BOOT_SERVICES_APPLICATION)
Length            : 214
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  46 37 FB 5C D3 08 47 E5 F0 9A E2 4F 8A 50 CE 16  F7.\..G....O.P..
00000010  11 C4 D2 1A FD 0E CB 69 C8 EC 40 BC 82 DC 11 BC  .......i..@.....
00000020  48 AB DA 1F 80 44 FE 34 0B FB 70 B2 96 06 EB 47  H....D.4..p....G
RAW DATA: ----------------------------------------------
7FBF0014  02 00 00 00 03 00 00 80 01 00 00 00 0C 00 46 37  ..............F7
7FBF0024  FB 5C D3 08 47 E5 F0 9A E2 4F 8A 50 CE 16 11 C4  .\..G....O.P....
7FBF0034  D2 1A FD 0E CB 69 C8 EC 40 BC 82 DC 11 BC 48 AB  [email protected].
7FBF0044  DA 1F 80 44 FE 34 0B FB 70 B2 96 06 EB 47 94 00  ...D.4..p....G..
7FBF0054  00 00 18 C0 7F 7D 00 00 00 00 08 C0 0E 00 00 00  .....}..........
7FBF0064  00 00 00 00 00 00 00 00 00 00 74 00 00 00 00 00  ..........t.....
7FBF0074  00 00 02 01 0C 00 D0 41 03 0A 00 00 00 00 01 01  .......A........
7FBF0084  06 00 00 02 04 01 2A 00 0F 00 00 00 00 28 00 00  ......*......(..
7FBF0094  00 00 00 00 00 50 03 00 00 00 00 00 66 7C C0 AB  .....P......f|..
7FBF00A4  FF E0 48 49 87 6D 86 F3 89 A9 63 65 02 02 04 04  ..HI.m....ce....
7FBF00B4  34 00 5C 00 45 00 46 00 49 00 5C 00 75 00 62 00  4.\.E.F.I.\.u.b.
7FBF00C4  75 00 6E 00 74 00 75 00 5C 00 73 00 68 00 69 00  u.n.t.u.\.s.h.i.
7FBF00D4  6D 00 78 00 36 00 34 00 2E 00 65 00 66 00 69 00  m.x.6.4...e.f.i.
7FBF00E4  00 00 7F FF 04 00                                ......
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 25 [0x7FBF00EA] ====
RTMR              : 2
Type              : 0xD (EV_IPL)
Length            : 74
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  05 33 57 EA 65 18 5F 01 0B 8C AA 1F C2 65 CF D5  .3W.e._......e..
00000010  E8 0C 7C C7 81 25 4F A3 F1 E5 EA 9D 34 5A 87 00  ..|..%O.....4Z..
00000020  3C F7 61 47 2A 2F 04 23 F1 52 97 F5 5C FE 24 8F  <.aG*/.#.R..\.$.
RAW DATA: ----------------------------------------------
7FBF00EA  03 00 00 00 0D 00 00 00 01 00 00 00 0C 00 05 33  ...............3
7FBF00FA  57 EA 65 18 5F 01 0B 8C AA 1F C2 65 CF D5 E8 0C  W.e._......e....
7FBF010A  7C C7 81 25 4F A3 F1 E5 EA 9D 34 5A 87 00 3C F7  |..%O.....4Z..<.
7FBF011A  61 47 2A 2F 04 23 F1 52 97 F5 5C FE 24 8F 08 00  aG*/.#.R..\.$...
7FBF012A  00 00 4D 6F 6B 4C 69 73 74 00                    ..MokList.
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 26 [0x7FBF0134] ====
RTMR              : 2
Type              : 0xD (EV_IPL)
Length            : 75
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  80 EE 25 71 33 4A 57 BF 90 23 8D 21 96 44 47 E5  ..%q3JW..#.!.DG.
00000010  42 07 9D 48 05 FA 87 88 78 17 A9 7D CB 72 09 06  B..H....x..}.r..
00000020  68 3A 09 B1 AC 63 4C 76 C0 C0 BE 11 77 F7 61 10  h:...cLv....w.a.
RAW DATA: ----------------------------------------------
7FBF0134  03 00 00 00 0D 00 00 00 01 00 00 00 0C 00 80 EE  ................
7FBF0144  25 71 33 4A 57 BF 90 23 8D 21 96 44 47 E5 42 07  %q3JW..#.!.DG.B.
7FBF0154  9D 48 05 FA 87 88 78 17 A9 7D CB 72 09 06 68 3A  .H....x..}.r..h:
7FBF0164  09 B1 AC 63 4C 76 C0 C0 BE 11 77 F7 61 10 09 00  ...cLv....w.a...
7FBF0174  00 00 4D 6F 6B 4C 69 73 74 58 00                 ..MokListX.
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 27 [0x7FBF017F] ====
RTMR              : 0
Type              : 0x800000E0 (EV_EFI_VARIABLE_AUTHORITY)
Length            : 134
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  F1 43 E2 94 8D 63 FC D3 44 2E 84 1B B3 6A 7E 18  .C...c..D....j~.
00000010  08 71 F0 A8 94 65 41 96 1F E9 D1 2E 70 D0 72 78  .q...eA.....p.rx
00000020  74 60 09 56 26 4D BA 53 1E 2E DD 87 29 C5 EB 38  t`.V&M.S....)..8
RAW DATA: ----------------------------------------------
7FBF017F  01 00 00 00 E0 00 00 80 01 00 00 00 0C 00 F1 43  ...............C
7FBF018F  E2 94 8D 63 FC D3 44 2E 84 1B B3 6A 7E 18 08 71  ...c..D....j~..q
7FBF019F  F0 A8 94 65 41 96 1F E9 D1 2E 70 D0 72 78 74 60  ...eA.....p.rxt`
7FBF01AF  09 56 26 4D BA 53 1E 2E DD 87 29 C5 EB 38 44 00  .V&M.S....)..8D.
7FBF01BF  00 00 50 AB 5D 60 46 E0 00 43 AB B6 3D D8 10 DD  ..P.]`F..C..=...
7FBF01CF  8B 23 09 00 00 00 00 00 00 00 12 00 00 00 00 00  .#..............
7FBF01DF  00 00 53 00 62 00 61 00 74 00 4C 00 65 00 76 00  ..S.b.a.t.L.e.v.
7FBF01EF  65 00 6C 00 73 62 61 74 2C 31 2C 32 30 32 31 30  e.l.sbat,1,20210
7FBF01FF  33 30 32 31 38 0A                                30218.
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 28 [0x7FBF0205] ====
RTMR              : 2
Type              : 0xD (EV_IPL)
Length            : 81
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  8D 2C E8 7D 86 F5 5F CF AB 77 0A 04 7B 09 0D A2  .,.}.._..w..{...
00000010  32 70 FA 20 68 32 DF EA 7E 0C 94 6F FF 45 1F 81  2p. h2..~..o.E..
00000020  9A DD 24 23 74 BE 55 1B 0D 63 18 ED 6C 7D 41 D8  ..$#t.U..c..l}A.
RAW DATA: ----------------------------------------------
7FBF0205  03 00 00 00 0D 00 00 00 01 00 00 00 0C 00 8D 2C  ...............,
7FBF0215  E8 7D 86 F5 5F CF AB 77 0A 04 7B 09 0D A2 32 70  .}.._..w..{...2p
7FBF0225  FA 20 68 32 DF EA 7E 0C 94 6F FF 45 1F 81 9A DD  . h2..~..o.E....
7FBF0235  24 23 74 BE 55 1B 0D 63 18 ED 6C 7D 41 D8 0F 00  $#t.U..c..l}A...
7FBF0245  00 00 4D 6F 6B 4C 69 73 74 54 72 75 73 74 65 64  ..MokListTrusted
7FBF0255  00                                               .
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 29 [0x7FBF0256] ====
RTMR              : 1
Type              : 0x80000003 (EV_EFI_BOOT_SERVICES_APPLICATION)
Length            : 154
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  C0 51 99 15 23 EA 08 3F 46 6F 13 C2 A2 D1 1D 77  .Q..#..?Fo.....w
00000010  25 4F 61 10 BC 8A E3 71 4F 34 5C EF 8F 33 CD E2  %Oa....qO4\..3..
00000020  60 82 B4 9D DA 0F 56 EF 32 4A 62 A1 0B 55 6D 1E  `.....V.2Jb..Um.
RAW DATA: ----------------------------------------------
7FBF0256  02 00 00 00 03 00 00 80 01 00 00 00 0C 00 C0 51  ...............Q
7FBF0266  99 15 23 EA 08 3F 46 6F 13 C2 A2 D1 1D 77 25 4F  ..#..?Fo.....w%O
7FBF0276  61 10 BC 8A E3 71 4F 34 5C EF 8F 33 CD E2 60 82  a....qO4\..3..`.
7FBF0286  B4 9D DA 0F 56 EF 32 4A 62 A1 0B 55 6D 1E 58 00  ....V.2Jb..Um.X.
7FBF0296  00 00 18 B0 49 7D 00 00 00 00 88 87 28 00 00 00  ....I}......(...
7FBF02A6  00 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00  ..........8.....
7FBF02B6  00 00 04 04 34 00 5C 00 45 00 46 00 49 00 5C 00  ....4.\.E.F.I.\.
7FBF02C6  75 00 62 00 75 00 6E 00 74 00 75 00 5C 00 67 00  u.b.u.n.t.u.\.g.
7FBF02D6  72 00 75 00 62 00 78 00 36 00 34 00 2E 00 65 00  r.u.b.x.6.4...e.
7FBF02E6  66 00 69 00 00 00 7F FF 04 00                    f.i.......
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 30 [0x7FBF02F0] ====
RTMR              : 2
Type              : 0x6 (EV_EVENT_TAG)
Length            : 100
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  E2 58 3B DC 58 2C 61 98 7B 19 79 7A A8 C7 A1 F7  .X;.X,a.{.yz....
00000010  66 3F C8 A3 63 43 C2 AC FA 4C 47 3B FD 88 15 18  f?..cC...LG;....
00000020  E2 99 A2 89 E6 DF 11 26 FB EB 0A 35 CF D9 10 22  .......&...5..."
RAW DATA: ----------------------------------------------
7FBF02F0  03 00 00 00 06 00 00 00 01 00 00 00 0C 00 E2 58  ...............X
7FBF0300  3B DC 58 2C 61 98 7B 19 79 7A A8 C7 A1 F7 66 3F  ;.X,a.{.yz....f?
7FBF0310  C8 A3 63 43 C2 AC FA 4C 47 3B FD 88 15 18 E2 99  ..cC...LG;......
7FBF0320  A2 89 E6 DF 11 26 FB EB 0A 35 CF D9 10 22 22 00  .....&...5..."".
7FBF0330  00 00 ED 22 3B 8F 1A 00 00 00 4C 4F 41 44 45 44  ...";.....LOADED
7FBF0340  5F 49 4D 41 47 45 3A 3A 4C 6F 61 64 4F 70 74 69  _IMAGE::LoadOpti
7FBF0350  6F 6E 73 00                                      ons.
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 31 [0x7FBF0354] ====
RTMR              : 2
Type              : 0x6 (EV_EVENT_TAG)
Length            : 87
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  86 EE 1F 17 28 B3 B4 C6 36 EB 85 99 A3 BE 7F 6E  ....(...6......n
00000010  5D 6C 3F 3F 3B 1F A0 A9 DE 80 59 F7 6C 67 83 B3  ]l??;.....Y.lg..
00000020  EF CC F3 CD 14 6B FC EF FE 9B 0D 22 F9 FF 4A 1B  .....k....."..J.
RAW DATA: ----------------------------------------------
7FBF0354  03 00 00 00 06 00 00 00 01 00 00 00 0C 00 86 EE  ................
7FBF0364  1F 17 28 B3 B4 C6 36 EB 85 99 A3 BE 7F 6E 5D 6C  ..(...6......n]l
7FBF0374  3F 3F 3B 1F A0 A9 DE 80 59 F7 6C 67 83 B3 EF CC  ??;.....Y.lg....
7FBF0384  F3 CD 14 6B FC EF FE 9B 0D 22 F9 FF 4A 1B 15 00  ...k....."..J...
7FBF0394  00 00 EC 22 3B 8F 0D 00 00 00 4C 69 6E 75 78 20  ...";.....Linux
7FBF03A4  69 6E 69 74 72 64 00                             initrd.
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 32 [0x7FBF03AB] ====
RTMR              : 1
Type              : 0x80000007 (EV_EFI_ACTION)
Length            : 95
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  21 4B 0B EF 13 79 75 60 11 34 48 77 74 3F DC 2A  !K...yu`.4Hwt?.*
00000010  53 82 BA C6 E7 03 62 D6 24 CC F3 F6 54 40 7C 1B  S.....b.$...T@|.
00000020  4B AD F7 D8 F9 29 5D D3 DA BD EF 65 B2 76 77 E0  K....)]....e.vw.
RAW DATA: ----------------------------------------------
7FBF03AB  02 00 00 00 07 00 00 80 01 00 00 00 0C 00 21 4B  ..............!K
7FBF03BB  0B EF 13 79 75 60 11 34 48 77 74 3F DC 2A 53 82  ...yu`.4Hwt?.*S.
7FBF03CB  BA C6 E7 03 62 D6 24 CC F3 F6 54 40 7C 1B 4B AD  ....b.$...T@|.K.
7FBF03DB  F7 D8 F9 29 5D D3 DA BD EF 65 B2 76 77 E0 1D 00  ...)]....e.vw...
7FBF03EB  00 00 45 78 69 74 20 42 6F 6F 74 20 53 65 72 76  ..Exit Boot Serv
7FBF03FB  69 63 65 73 20 49 6E 76 6F 63 61 74 69 6F 6E     ices Invocation
RAW DATA: ----------------------------------------------

==== TDX Event Log Entry - 33 [0x7FBF040A] ====
RTMR              : 1
Type              : 0x80000007 (EV_EFI_ACTION)
Length            : 106
Algorithms ID     : 12 (TPM_ALG_SHA384)
Digest[0] :
00000000  0A 2E 01 C8 5D EA E7 18 A5 30 AD 8C 6D 20 A8 40  ....]....0..m .@
00000010  09 BA BE 6C 89 89 26 9E 95 0D 8C F4 40 C6 E9 97  ...l..&.....@...
00000020  69 5E 64 D4 55 C4 17 4A 65 2C D0 80 F6 23 0B 74  i^d.U..Je,...#.t
RAW DATA: ----------------------------------------------
7FBF040A  02 00 00 00 07 00 00 80 01 00 00 00 0C 00 0A 2E  ................
7FBF041A  01 C8 5D EA E7 18 A5 30 AD 8C 6D 20 A8 40 09 BA  ..]....0..m .@..
7FBF042A  BE 6C 89 89 26 9E 95 0D 8C F4 40 C6 E9 97 69 5E  .l..&[email protected]^
7FBF043A  64 D4 55 C4 17 4A 65 2C D0 80 F6 23 0B 74 28 00  d.U..Je,...#.t(.
7FBF044A  00 00 45 78 69 74 20 42 6F 6F 74 20 53 65 72 76  ..Exit Boot Serv
7FBF045A  69 63 65 73 20 52 65 74 75 72 6E 65 64 20 77 69  ices Returned wi
7FBF046A  74 68 20 53 75 63 63 65 73 73                    th Success
RAW DATA: ----------------------------------------------


=> Replay Rolling Hash - RTMR
==== RTMR[0] ====
00000000  18 86 0D 43 EB 03 D2 8B 27 EF 29 B7 6A 04 11 05  ...C....'.).j...
00000010  A8 04 50 A5 99 AF 92 59 07 D6 61 03 6C D0 36 B7  ..P....Y..a.l.6.
00000020  53 45 30 5B 70 2B C8 5A 3E 49 E4 00 B6 EE 9D 5B  SE0[p+.Z>I.....[

==== RTMR[1] ====
00000000  54 5F AC 7A E3 59 74 B0 DA 29 79 16 75 A8 83 4B  T_.z.Yt..)y.u..K
00000010  7E 94 C1 8C 7D 60 F0 63 41 DB 34 82 FB BA 05 50  ~...}`.cA.4....P
00000020  03 66 84 3F E3 E9 DE FF E8 FB 5D 80 67 50 88 5E  .f.?......].gP.^

==== RTMR[2] ====
00000000  54 02 1E F3 4A 70 A1 43 D9 D0 00 97 26 6E 98 E5  T...Jp.C....&n..
00000010  70 D6 1A 9E 81 CD 05 AC 50 05 D8 0C 87 80 4F 3F  p.......P.....O?
00000020  83 DE 72 0F F6 C1 7D 90 D7 89 CF DB 94 F6 90 5D  ..r...}........]

==== RTMR[3] ====
00000000  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000010  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

ameba23 · 2025-01-06T09:03:02Z

The best description i have found for how the measurements are made is in: https://www.intel.com/content/www/us/en/content-details/783067/whitepaper-linux-stacks-for-intel-trust-domain-extension-1-0.html

But i am still not sure how we can get our binary measured without it being part of the kernal or initrd.

ameba23 · 2025-01-06T12:40:37Z

From reading intel's docs, i had understood that initramfs was not included in measurements.

But this post from Flashbots says:

All the mentioned dependencies and binaries are added to the final CVM’s initramfs. Thus, any modification of the layers or dependencies results in a completely different measurement for TDX attestation.

If thats true, we need to create an initramfs for our image, and include the entropy-tss binary there.

ameba23 mentioned this issue Dec 3, 2024

DCAP attestation feature design entropyxyz/entropy-core#982

Open

ameba23 changed the title ~~Ensuring the MRTD register value corresponds to an enclave running the entropy-tss binary~~ Ensuring the measurement register value(s) corresponds to an enclave running the entropy-tss binary Jan 6, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Ensuring the measurement register value(s) corresponds to an enclave running the entropy-tss binary #6

Ensuring the measurement register value(s) corresponds to an enclave running the entropy-tss binary #6

ameba23 commented Nov 29, 2024 •

edited

Loading

ameba23 commented Dec 10, 2024

ameba23 commented Jan 6, 2025 •

edited

Loading

ameba23 commented Jan 6, 2025

ameba23 commented Jan 6, 2025

Ensuring the measurement register value(s) corresponds to an enclave running the entropy-tss binary #6

Ensuring the measurement register value(s) corresponds to an enclave running the entropy-tss binary #6

Comments

ameba23 commented Nov 29, 2024 • edited Loading

ameba23 commented Dec 10, 2024

ameba23 commented Jan 6, 2025 • edited Loading

ameba23 commented Jan 6, 2025

ameba23 commented Jan 6, 2025

ameba23 commented Nov 29, 2024 •

edited

Loading

ameba23 commented Jan 6, 2025 •

edited

Loading