From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 by mx.groups.io with SMTP id smtpd.web11.5225.1572525022600146608
 for <devel@edk2.groups.io>;
 Thu, 31 Oct 2019 05:30:22 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: jiewen.yao@intel.com)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga001.jf.intel.com ([10.7.209.18])
  by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 31 Oct 2019 05:30:22 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.68,250,1569308400"; 
   d="scan'208";a="283875107"
Received: from jyao1-mobl2.ccr.corp.intel.com ([10.254.211.198])
  by orsmga001.jf.intel.com with ESMTP; 31 Oct 2019 05:30:21 -0700
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: devel@edk2.groups.io
Subject: [PATCH V2 0/4] Add SPDM device security
Date: Thu, 31 Oct 2019 20:30:08 +0800
Message-Id: <20191031123012.16020-1-jiewen.yao@intel.com>
X-Mailer: git-send-email 2.19.2.windows.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2303

This patch series add support for device security based
upon the DMTF SPDM specification.
https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_0.95a.zip

We did design review at 18 Oct, 2019.
https://edk2.groups.io/g/devel/files/Designs/2019/1018
And the feedback from the meeting is addressed.
https://edk2.groups.io/g/devel/files/Designs/2019/1018/EDKII-Device%20Firmware%20Security%20v2.pdf

We add the Device security protocol in EDKII repo.
PCI bus driver consumes the interface.
If there is no producer, the PCI bus driver keeps current behavior.

So far, we only provide the producer what follows Intel
PCI security spec.
https://www.intel.com/content/www/us/en/io/pci-express/pcie-device-security-enhancements-spec.html
The implementation is put to EDKII platform repo.

The EDKII repo update is at https://github.com/jyao1/edk2/tree/DeviceSecurityMasterV2
The EDKII platform repo update is at https://github.com/jyao1/edk2-platforms/tree/DeviceSecurityMasterV2

The validation has been done on a Intel internal platform.
The device measurement can be shown in TCG event log.

signed-off-by: Jiewen Yao <jiewen.yao@intel.com>

Jiewen Yao (4):
  MdePkg/Include: Add DMTF SPDM definition.
  MdeModulePkg/Include: Add DeviceSecurity.h
  MdeModulePkg/dec: Add EdkiiDeviceSecurityProtocolGuid.
  MdeModulePkg/Pci: Add DeviceSecurity support.

 MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.c       |  12 +-
 MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.h       |   1 +
 MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf  |   4 +-
 .../Bus/Pci/PciBusDxe/PciEnumeratorSupport.c  |  63 +++++-
 MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c       |   4 +-
 .../Include/Protocol/DeviceSecurity.h         | 162 ++++++++++++++
 MdeModulePkg/MdeModulePkg.dec                 |   5 +
 MdePkg/Include/IndustryStandard/Spdm.h        | 203 ++++++++++++++++++
 8 files changed, 447 insertions(+), 7 deletions(-)
 create mode 100644 MdeModulePkg/Include/Protocol/DeviceSecurity.h
 create mode 100644 MdePkg/Include/IndustryStandard/Spdm.h

-- 
2.19.2.windows.1