From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web11.5225.1572525022600146608 for ; Thu, 31 Oct 2019 05:30:22 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: jiewen.yao@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 31 Oct 2019 05:30:22 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,250,1569308400"; d="scan'208";a="283875107" Received: from jyao1-mobl2.ccr.corp.intel.com ([10.254.211.198]) by orsmga001.jf.intel.com with ESMTP; 31 Oct 2019 05:30:21 -0700 From: "Yao, Jiewen" To: devel@edk2.groups.io Subject: [PATCH V2 0/4] Add SPDM device security Date: Thu, 31 Oct 2019 20:30:08 +0800 Message-Id: <20191031123012.16020-1-jiewen.yao@intel.com> X-Mailer: git-send-email 2.19.2.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2303 This patch series add support for device security based upon the DMTF SPDM specification. https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_0.95a.zip We did design review at 18 Oct, 2019. https://edk2.groups.io/g/devel/files/Designs/2019/1018 And the feedback from the meeting is addressed. https://edk2.groups.io/g/devel/files/Designs/2019/1018/EDKII-Device%20Firmware%20Security%20v2.pdf We add the Device security protocol in EDKII repo. PCI bus driver consumes the interface. If there is no producer, the PCI bus driver keeps current behavior. So far, we only provide the producer what follows Intel PCI security spec. https://www.intel.com/content/www/us/en/io/pci-express/pcie-device-security-enhancements-spec.html The implementation is put to EDKII platform repo. The EDKII repo update is at https://github.com/jyao1/edk2/tree/DeviceSecurityMasterV2 The EDKII platform repo update is at https://github.com/jyao1/edk2-platforms/tree/DeviceSecurityMasterV2 The validation has been done on a Intel internal platform. The device measurement can be shown in TCG event log. signed-off-by: Jiewen Yao Jiewen Yao (4): MdePkg/Include: Add DMTF SPDM definition. MdeModulePkg/Include: Add DeviceSecurity.h MdeModulePkg/dec: Add EdkiiDeviceSecurityProtocolGuid. MdeModulePkg/Pci: Add DeviceSecurity support. MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.c | 12 +- MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.h | 1 + MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf | 4 +- .../Bus/Pci/PciBusDxe/PciEnumeratorSupport.c | 63 +++++- MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c | 4 +- .../Include/Protocol/DeviceSecurity.h | 162 ++++++++++++++ MdeModulePkg/MdeModulePkg.dec | 5 + MdePkg/Include/IndustryStandard/Spdm.h | 203 ++++++++++++++++++ 8 files changed, 447 insertions(+), 7 deletions(-) create mode 100644 MdeModulePkg/Include/Protocol/DeviceSecurity.h create mode 100644 MdePkg/Include/IndustryStandard/Spdm.h -- 2.19.2.windows.1