Skip to content

add firmware for Intel TDX with secure boot capability

Hector Cao requested to merge hectorcao/edk2:dev-add-ovmf-for-inteltdx into debian/latest

Ubuntu LP: #2125123

This MP aims to build the OVMF firmware files for Intel TDX As we recently did for AMD-SEV

Rationale:

  • As of now, Intel Confidential VM can be run with the default OVMF.fd however, this firmware has some security limitations and edk2 upstream maintains a more feature complete profile for Intel TDX, as they do for AMD-SEV Since Intel TDX made it ways upstream recently (kernel 6.16 and QEMU 10.1), it is useful to complete the support story for EDK2.

    2 OVMF files are built for Intel TDX:

    • OVMF.inteltdx.fd
    • OVMF.inteltdx.secboot.fd : has additional support for secure boot

Merge request reports